Digital Ocean
indianajson opened this issue · 5 comments
Service
Digital Ocean
Status
Vulnerable
Nameserver
ns1.digitalocean.com
ns2.digitalocean.com
ns3.digitalocean.com
Explanation
To perform a takeover create a new account on Digital Ocean and follow the DNS quick start guide. In short, once inside the Dashboard click on the big green Create
button and select Domains/DNS
. Enter the vulnerable domain in the form field labeled Enter domain
. If the page allows you to create the zone the takeover was successful.
Digital Ocean's vulnerability to DNS takeovers was discussed in detail by Matthew Bryant in 2016 and they are still vulnerable today.
For anyone wondering, this is still vulnerable in 2023.
And in 2024, Digital Ocean is still vulnerable.
But now, I found Digital Ocean uses Cloudflare as their NS:
kim.ns.cloudflare.com.
walt.ns.cloudflare.com.
So, does it mean Digital Ocean is not vulnerable anymore?
@fa1c0n1 Possibly, yes. I'm surprised they moved to Cloudflare but I will need to test.
But now, I found Digital Ocean uses Cloudflare as their NS: kim.ns.cloudflare.com. walt.ns.cloudflare.com.
So, does it mean Digital Ocean is not vulnerable anymore?
While Digital Ocean uses Cloudflare to serve DNS for their own domain, the DNS services they provide are still vulnerable to takeover—everybody gets the same nameservers, and there is no verification of ownership.