Open TPS opened 4 months ago
Do you have examples?
The "Proofs" @ https://github.com/EdOverflow/can-i-take-over-xyz/issues are the best I can point to. As those issues state, it's quite difficult to list or mitigate such domains.
It describes a domain hijacking scenario. How should a DNS server prevent this from happening?
Prevent, no. Detect & block such hijacked domains from access, maybe?
In any case, it's the wrong repository. Better write here https://github.com/AdguardTeam/AdGuardDNS/issues
@Alex-302 Would you mind having this issue moved there, please?
Prerequisites
Problem description
N.B.: Reposting https://github.com/AdguardTeam/AdGuardSDNSFilter/issues/572 from 3ya (!) for increased visibility.
According to another in a long-term series of articles, various subdomains of a number of Microsoft-owned domains have been hijacked.
Seizing subdomains. How I took over Microsoft subdomains and how to perform such attacks → https://github.com/EdOverflow/can-i-take-over-xyz has quite a lot of details re: & especially combatting this. Some of the problem involves CNAME hacking.
Hard lists of such seem difficult to find, but https://www.google.com/search?q=hijacked%20microsoft%20domains seems to give more pieces to the puzzle. (Perhaps whenever DNSSEC is widely deployed this'll no longer be an issue.)
Proposed solution
🤷🏾♂️ I'm hoping you experts can come up w/ a good solution.
Additional information
Thanks to @DandelionSprout for reminding me to followup on this.