Take control over your domain(s)

After reading two great articles https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/index.html and https://thehackerblog.com/the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/index.html about hacking a TLD I got inspired to write something about having control over your own domains.

Some years ago a panicking customer called us at Interlan and said their web and mail was not working. A quick dig with the dig tool told me that the domain was delegated to two authoritative DNS-servers which the server owner had shut down and they would not enable them again.
It was a .se domain and delegating it to other authoritative DNS-servers would involve www.iis.se, telephone, fax, the customers owners signature who was on vacation etc. so we could not help them the normal way.

But! We were lucky here since the technical contact was delegated to an e-mail address with a non-registered domain. So, we registered that domain, created the mailbox and restored the password.

We had now control over the customer’s domain and could delegate it to Interlan’s authoritative DNS-servers.

And that’s what I want you to read and understand about your domain(s).
Do you have control over the holder, administrative and technical contacts so no one can delegate the domain to other servers and for example receive all your mail or publish a fake web?

Let’s take a look at interlan.se

state:            active
domain:           interlan.se
holder:           tlmqpu1701-17159
admin-c:          lgbqfc1208-19312
tech-c:           gvviwo1204-66115
billing-c:        zbhbgo1208-83141
created:          1997-09-10
modified:         2017-01-03
expires:          2018-12-31
transferred:      2009-03-06
nserver:          ns3.interlan.se 2a02:750:7:3305::204 2001:19f0:5001:160::53 2a02:7aa0:1619::6574:7a2f
nserver:          ns.interlan.se 2001:67c:2448:10::151
dnssec:           signed delegation
status:           ok
registrar:        Frobbit AB

Here we can see that interlan.se have three different contacts who have the right to make changes for the domain. If I check interlan.se’s contacts at https://www.iis.se/domaner/free/whois/ I can see that all contacts are under my own control. And no one can steal my domain without our login credentials at our registrar Frobbit.

Often domain holders delegate the technical contact to other enterprises/consults and I think 99.99% is never thinking about the danger and problem that comes with not removing them from the domain after the work is done.

If you have an .se domain and your registrar supports registry lock , https://www.iis.se/english/domains/se/registry-lock/ , you can protect the domain from being kidnapped because the registry must confirm the changes to the domain.
Contact your registrar is they support it and for the yearly fee.

Of course, there are millions of other ways to steal a domain but if you have control over your contacts it’s a start and a cheap life insurance.

WOW! It is more than 20 years since I registred interlan.se. I’m getting old! 🙂

Dela inlägget

Dela på facebook
Dela på twitter
Dela på linkedin
Dela på print
Dela på email

Lämna en kommentar

Din e-postadress kommer inte publiceras. Obligatoriska fält är märkta *

Denna webbplats använder Akismet för att minska skräppost. Lär dig hur din kommentardata bearbetas.