can-i-take-over-dns icon indicating copy to clipboard operation
can-i-take-over-dns copied to clipboard

Published 20 hours ago verified publisher icon indianajson

DNSimple

Open indianajson opened this issue 3 years ago • 5 comments

Service DNSimple

Status Vulnerable

Nameserver

ns1.dnsimple.com ns2.dnsimple.com ns3.dnsimple.com ns4.dnsimple.com

Explanation

You can sign up for a free account on DNSimple. After creating your account go to Domains and click Add Domains. If you are able to create a zone for the vulnerable domain then takeover is possible. REMEMBER, the zone will not function until you start a 30-day trial with DNSimple, which requires a credit card on file.

False Positives

DNSimple can produce false positives because a domain can be in an account where the account owner's payment method has expired, thus the domain will not resolve (i.e. shows a DNS SERVFAIL error), but cannot be added to your account.

indianajson avatar Jun 09 '21 03:06 indianajson

I'm getting "*.example.com matches a reserved subdomain"

dadsgone0 avatar Nov 09 '23 02:11 dadsgone0

@dadsgone0 Please see the updated "False Positives" section of this issue. :)

indianajson avatar Nov 11 '23 17:11 indianajson

So their domain will not resolve because their payment method is bad, but it cannot be taken over? How is it a false positive then if it can't be taken over? Am i just having a total brain-fart?

dadsgone0 avatar Nov 11 '23 18:11 dadsgone0

@dadsgone0 It's a false positive because the way to identify vulnerable domains is if they return a SERVFAIL error. In this case, even though the domain returned the proper error code (indicating it was vulnerable) the domain is actually not vulnerable because it's already in someone's account, (i.e. we thought it was vulnerable but it was a "false positive").

indianajson avatar Nov 11 '23 18:11 indianajson

Okay, I understand now. Thank you.

On Sat, Nov 11, 2023, 12:39 PM Indiana JSON @.***> wrote:

@dadsgone0 https://github.com/dadsgone0 It's a false positive because the way to identify vulnerable domains is if they return a SERVFAIL error. In this case, even though the domain returned the proper error code (indicating it was vulnerable) the domain is actually not vulnerable because it's already in someone's account, (i.e. we thought it was vulnerable but it was a "false positive").

— Reply to this email directly, view it on GitHub https://github.com/indianajson/can-i-take-over-dns/issues/16#issuecomment-1806887912, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUDPSQ6MOONEDO6VSTD4QWTYD7A63AVCNFSM46LEUJZKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOBQGY4DQNZZGEZA . You are receiving this because you were mentioned.Message ID: @.***>

dadsgone0 avatar Nov 11 '23 19:11 dadsgone0