search

indianajson / can-i-take-over-dns

"Can I take over DNS?" — a list of DNS providers and how to claim (sub)domains via missing hosted zones
758 stars 78 forks source link

Digital Ocean #22

Open indianajson opened 3 years ago

indianajson commented 3 years ago

Service Digital Ocean

Status Vulnerable

Nameserver

ns1.digitalocean.com ns2.digitalocean.com ns3.digitalocean.com

Explanation

To perform a takeover create a new account on Digital Ocean and follow the DNS quick start guide. In short, once inside the Dashboard click on the big green Create button and select Domains/DNS. Enter the vulnerable domain in the form field labeled Enter domain. If the page allows you to create the zone the takeover was successful.

Digital Ocean's vulnerability to DNS takeovers was discussed in detail by Matthew Bryant in 2016 and they are still vulnerable today.

FalcoXYZ commented 1 year ago

For anyone wondering, this is still vulnerable in 2023.

dend commented 3 months ago

And in 2024, Digital Ocean is still vulnerable.

fa1c0n1 commented 1 month ago

But now, I found Digital Ocean uses Cloudflare as their NS: kim.ns.cloudflare.com. walt.ns.cloudflare.com.

So, does it mean Digital Ocean is not vulnerable anymore?

indianajson commented 1 month ago

@fa1c0n1 Possibly, yes. I'm surprised they moved to Cloudflare but I will need to test.