Closed anshumanbh closed 6 years ago
Yes, it does. We pass each domain to authorityReturnRefusedOrServfail()
, which iterates over the domain's authoritative nameservers and tries to resolve the domain using them on by one. If at least one of them returns SERVFAIL
/REFUSED
, the domain is considered vulnerable.
Reference: https://0xpatrik.com/subdomain-takeover-ns/