can-i-take-over-dns icon indicating copy to clipboard operation
can-i-take-over-dns copied to clipboard

Published 20 hours ago verified publisher icon indianajson

Digital Ocean

Open indianajson opened this issue 3 years ago • 2 comments

Service Digital Ocean

Status Vulnerable

Nameserver

ns1.digitalocean.com ns2.digitalocean.com ns3.digitalocean.com

Explanation

To perform a takeover create a new account on Digital Ocean and follow the DNS quick start guide. In short, once inside the Dashboard click on the big green Create button and select Domains/DNS. Enter the vulnerable domain in the form field labeled Enter domain. If the page allows you to create the zone the takeover was successful.

Digital Ocean's vulnerability to DNS takeovers was discussed in detail by Matthew Bryant in 2016 and they are still vulnerable today.

indianajson avatar Jun 11 '21 15:06 indianajson

For anyone wondering, this is still vulnerable in 2023.

FalcoXYZ avatar Feb 13 '23 20:02 FalcoXYZ

And in 2024, Digital Ocean is still vulnerable.

dend avatar Mar 19 '24 21:03 dend