emerzon
commented
3 years ago Seems to be not possible: "Domain already exists error". Solved, I believe?
Open indianajson opened 3 years ago
emerzon
commented
3 years ago Seems to be not possible: "Domain already exists error". Solved, I believe?
indianajson
commented
3 years ago @emerzon - I just tested Hurricane Electric and it is still vulnerable. In your case, if you had run dig example.com @ns1.he.net it would not have returned a REFUSED error because the domain already existed in Hurricane Electric's zone.
emerzon
commented
3 years ago Is it possible that this is a specific account issue rather than a global issue?
I am unable to reproduce. Attempting to add an already hosted domain to a new account fails with "Zone addition failed. The zone
indianajson
commented
3 years ago @emerzon - As I said, I think the domain already exists on Hurricane Electric and your process for determining vulnerability returned a false positive. I can look further into this, but I'd need the domain name, feel free to DM me on Twitter (@indianajson) if you'd like, but Hurricane Electric is still 100% vulnerable.
emerzon
commented
3 years ago Thanks! Please feel free to attempt it with my domain chita.com.br -> It's intended for such usages :)
indianajson
commented
3 years ago @emerzon - According to the dig requests, chita.com.br is pointed to Hurricane Electric's DNS services and returns a status NOERROR, which means it is not vulnerable to takeover... so you can't add it to another Hurricane Electric account, which is expected.
emerzon
commented
3 years ago @indianajson: Thank you for the explanation. So as I assumed, it seems that this is not a service-wide issue, but seems specific to some domains/accounts, correct? Makes me wonder what would trigger this condition.
indianajson
commented
3 years ago @emerzon - I'm confused as to what you mean, but the way all DNS providers work is that if a domain already exists in the zone (in an account) it cannot be added a second time in a different account. If you're asking what triggers a vulnerable domain, then that is when the domain's authoritative nameservers are Hurricane Electric, but no one added the domain to their Hurricane Electric account.
emerzon
commented
3 years ago Okay, I finally grasped the concept now. For me, it was obvious all along that if a domain points its authoritative nameservers to HE without owning an account there, the zone ownership would be up for grabs by anyone.
I personally don't see this as a vulnerability of the service - but as a mishandling of the domain itself.
My initial understanding was that HE would under some conditions allow a second user to transfer the ownership of another zone to his own account, even when there was already some accounting owning the zone - That would have been terribly ugly, but fortunately only a misunderstanding on my side.
Nevertheless thanks again for clearing this up.
Yes, you can perform DNS takeovers of domains pointing to Hurricane Electric's DNS service.
ServiceHurricane ElectricStatusVulnerableNameserverExplanationTo perform a takeover, simply create a free account on Hurricane Electric and head to the DNS manager. Click "Add a new domain" and enter the vulnerable domain. The zone will be created and the takeover successful.