Add a module for dealing with dangling cname records. This can allow for service based takeovers. For example:
-domain.com is a thing
-blog.domain.com has ns record that defer to a service, like wordpress.com
-wordpress is now responsible for issuing the SOA for that subdomain. Effectively, control of the domain (but for just that subdomain) belongs to them.
-domain.com doesn't pay wordpress, wordpress closes their account
-SOA record goes away
-This is an indication that registration at wordpress might be able to abuse the ns records still pointing to it
liquidsec
commented
1 year ago
Add a module for dealing with dangling cname records. This can allow for service based takeovers. For example:
-domain.com is a thing -blog.domain.com has ns record that defer to a service, like wordpress.com -wordpress is now responsible for issuing the SOA for that subdomain. Effectively, control of the domain (but for just that subdomain) belongs to them. -domain.com doesn't pay wordpress, wordpress closes their account -SOA record goes away -This is an indication that registration at wordpress might be able to abuse the ns records still pointing to it