After reading two great articles https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/index.html and https://thehackerblog.com/the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/index.html about hacking a TLD I got inspired to write something about having control over your own domains.
Some years ago a panicking customer called us at Interlan and said their web and mail was not working. A quick dig with the dig tool told me that the domain was delegated to two authoritative DNS-servers which the server owner had shut down and they would not enable them again.
It was a .se domain and delegating it to other authoritative DNS-servers would involve www.iis.se, telephone, fax, the customers owners signature who was on vacation etc. so we could not help them the normal way.
But! We were lucky here since the technical contact was delegated to an e-mail address with a non-registered domain. So, we registered that domain, created the mailbox and restored the password.
We had now control over the customers domain and could delegate it to Interlans authoritative DNS-servers.
And thats what I want you to read and understand about your domain(s).
Do you have control over the holder, administrative and technical contacts so no one can delegate the domain to other servers and for example receive all your mail or publish a fake web?
Lets take a look at interlan.se
state: active domain: interlan.se holder: tlmqpu1701-17159 admin-c: lgbqfc1208-19312 tech-c: gvviwo1204-66115 billing-c: zbhbgo1208-83141 created: 1997-09-10 modified: 2017-01-03 expires: 2018-12-31 transferred: 2009-03-06 nserver: ns3.interlan.se 22.214.171.124 2a02:750:7:3305::204 126.96.36.199 2001:19f0:5001:160::53 188.8.131.52 2a02:7aa0:1619::6574:7a2f nserver: ns.interlan.se 184.108.40.206 2001:67c:2448:10::151 dnssec: signed delegation status: ok registrar: Frobbit AB
Here we can see that interlan.se have three different contacts who have the right to make changes for the domain. If I check interlan.ses contacts at https://www.iis.se/domaner/free/whois/ I can see that all contacts are under my own control. And no one can steal my domain without our login credentials at our registrar Frobbit.
Often domain holders delegate the technical contact to other enterprises/consults and I think 99.99% is never thinking about the danger and problem that comes with not removing them from the domain after the work is done.
If you have an .se domain and your registrar supports registry lock , https://www.iis.se/english/domains/se/registry-lock/ , you can protect the domain from being kidnapped because the registry must confirm the changes to the domain.
Contact your registrar is they support it and for the yearly fee.
Of course, there are millions of other ways to steal a domain but if you have control over your contacts its a start and a cheap life insurance.
WOW! It is more than 20 years since I registred interlan.se. Im getting old! 🙂