False positives on the "Guatemala SOA MNAME" issue

[bortzmeyer]

In your paper you claim that this health report could be used to find TLDs with a vulnerability similar to the .gt one. Actually, there are several false positives because you just test if the MNAME in the SOA exists or not. You should also check if the SLD exists or not (if it exists, you cannot hijack it). Example: .fr is in the list. It is true the MNAME does not resolve but, because it is in an existing SLD, the attack is not possible.

[mandatoryprogrammer]

Yep, the scanner that I used did not have this feature. Perhaps my language was not clear but I meant to state that the health reports were good indicators of these issues - not hard "vulnerable"/"not vulnerable". Non-resolvable SOA MNAMEs are fine just so long as they can't be somehow re-registered.