Indiana JSON

@Sn0wd3nn You definitely want a POC, but you don't need to host a website. For DNS takeover POCs, you should add a TXT record to the hosted zone, something like...

If you want to DM me on [Twitter](https://twitter.com/indianajson) with the details I'll try to tell you what exactly is going on with it. @Sn0wd3nn

Hi @UN1337KN0WN - If the subdomain is vulnerable and you added it to DNSMadeEasy the takeover should work and you should not need to purchase any domains. To clarify though...

@UN1337KN0WN - That sounds like the nameservers for the domain aren't actually pointing to DNSMadeEasy. Go run a trace on the domain using [this tool](https://digwebinterface.com/?hostnames=&type=&trace=on&ns=resolver&useresolver=8.8.4.4&nameservers=) (enter the affected subdomain and...

@emerzon - I just tested Hurricane Electric and it is still vulnerable. In your case, if you had run ```dig example.com @ns1.he.net``` it would not have returned a ```REFUSED``` error...

@emerzon - As I said, I think the domain already exists on Hurricane Electric and your process for determining vulnerability returned a false positive. I can look further into this,...

@emerzon - According to the dig requests, ```chita.com.br``` is pointed to Hurricane Electric's DNS services and returns a status ```NOERROR```, which means it is not vulnerable to takeover... so you...

@emerzon - I'm confused as to what you mean, but the way all DNS providers work is that if a domain already exists in the zone (in an account) it...

Thanks for letting us know. Would you be willing to share a screenshot showing the interface requiring the TXT record? I'm just a bit surprised given the documentation just says...

Thank you, @eur0pa! I have updated the list accordingly. 👍