The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean – The Hacker Blog

The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean – The Hacker Blog



在TLD配置了二级权威，且未在二级权威上继续配置的域名。如果正好是云权威，那么该云权威的其他用户有可能不需验证就直接配置接管该域名的解析。问题在于解析方没有注册方的验证信息





又找到了俩非洲兄弟Angola＆Namibia的cctld类似问题，根源在于开启多个服务端口+backup权威配置用户校验缺失:
https://thehackerblog.com/the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/