Many Hijacked Subdomains

[TPS]

Prerequisites

• [X] I checked the documentation and found no answer;
• [X] I checked to make sure that this issue has not already been filed;
• [X] This is not an ad/bug report.

Problem description

N.B.: Reposting https://github.com/AdguardTeam/AdGuardSDNSFilter/issues/572 from 3ya (!) for increased visibility.

According to another in a long-term series of articles, various subdomains of a number of Microsoft-owned domains have been hijacked.

Seizing subdomains. How I took over Microsoft subdomains and how to perform such attacks → https://github.com/EdOverflow/can-i-take-over-xyz has quite a lot of details re: & especially combatting this. Some of the problem involves CNAME hacking.

Hard lists of such seem difficult to find, but https://www.google.com/search?q=hijacked%20microsoft%20domains seems to give more pieces to the puzzle. (Perhaps whenever DNSSEC is widely deployed this'll no longer be an issue.)

Proposed solution

🤷🏾‍♂️ I'm hoping you experts can come up w/ a good solution.

Additional information

Thanks to @DandelionSprout for reminding me to followup on this.

[Alex-302]

Do you have examples?

[TPS]

The "Proofs" @ https://github.com/EdOverflow/can-i-take-over-xyz/issues are the best I can point to. As those issues state, it's quite difficult to list or mitigate such domains.

[Alex-302]

It describes a domain hijacking scenario. How should a DNS server prevent this from happening?

[TPS]

Prevent, no. Detect & block such hijacked domains from access, maybe?

[Alex-302]

In any case, it's the wrong repository. Better write here https://github.com/AdguardTeam/AdGuardDNS/issues

[TPS]

@Alex-302 Would you mind having this issue moved there, please?