0xpr4bin
commented
1 year ago But can't we match the nameservers on hit and trial basis,deleting and creating zone until one of the ns matches
Open ghost opened 3 years ago
0xpr4bin
commented
1 year ago But can't we match the nameservers on hit and trial basis,deleting and creating zone until one of the ns matches
indianajson
commented
1 year ago @0xpr4bin This was patched for the most part where AWS won't serve the previously assigned NS pairs. It can happen in a very limited number of scenarios but as far as we are aware this is effectively patched.
schniggie
commented
10 months ago Have received a couple of successful NS takeovers over the last week. So I would recommend setting the label back to vulnerable.
ertygiq
commented
6 months ago @schniggie can you describe what steps you took?
viszsec
commented
5 months ago Have received a couple of successful NS takeovers over the last week. So I would recommend setting the label back to vulnerable.
Could you please show us proof of your claims? Stating baseless claims without facts or proof is merely a fallacy.
ServiceAWS Route 53StatusNot VulnerableNameserversns-****.awsdns-**.org ns-****.awsdns-**.co.uk ns-***.awsdns-**.com ns-***.awsdns-**.net
ExplanationAWS Route 53 is no longer vulnerable to DNS takeovers even when SERVFAIL errors are returned due to changes by the team that stops takeovers via newly created zones. This has been independently verified.