Support dangling ns records

[graemefoster]

So that we can stop entire sub-domain takeovers As a network administrator I would like to be notified of ns records in a dns zone where I don't have a corresponding dns zone for the subdomain.

Describe the solution you'd like I'd like a new resource type, ns-record, to be added to the list of entries detected as dangling.

Describe alternatives you have considered Nope - for large dns deployments ns records are routinely used to simplify management.

Additional context ns-records point to generic azure dns name-servers. If I

• own mydomain.com and have Azure DNS managing it.
• create another Azure DNS record to manage sub.mydomain.com
• create an ns record set against mydomain.com pointing to the name servers controlling sub,mydomain.com (an Azure generic dns server such as "ns1-09.azure-dns.com")
• delete the sub-domain without deleting the ns record.

Someone else can now create a dns zone for sub.mydomain.com and has a chance of getting it on the same ns1-09.azure-dns.com Azure dns servers. When they do then they've effectively taken over an entire subdomain.

Happy to submit a pull request to detect this!

[Arun-Mudiraj]

Sure @graemefoster would be happy to integrate your pull request.

[2021H1030039G]

Can I contribute to the above issue?

[Arun-Mudiraj]

Can I contribute to the above issue?

Sure, you are welcome

[tobystic]

Contribution merged . Closing