.MOI

How a private individual did accidentally take control of 4 of the 7 authoritative Names Servers of .IO

July 17, 2017

Popular among startups, the .io TLD designates Indian Ocean British Territories. As for all TLDs, the .io has authoritative Name Servers (Authoritative NS) which notably index the Authoritative NS for all second-level .io domains (eg. sitespeed.io). There are seven Authoritative NS for .io (source: iana.org):

ns-a3.io 74.116.178.1 ns-a2.io 194.0.2.1 2001:678:5:0:0:0:0:1 ns-a4.io 74.116.179.1 ns-a1.io 194.0.1.1 2001:678:4:0:0:0:0:1 a0.nic.io 65.22.160.17 2a01:8840:9e:0:0:0:0:17 c0.nic.io 65.22.162.17 2a01:8840:a0:0:0:0:0:17 b0.nic.io 65.22.161.17 2a01:8840:9f:0:0:0:0:17

In early July 2017, a security engineer named Matthew Bryant received an unusual notification from a tool he was using to “map” DNS delegations for certain TLDs, one of which was .io . The tool indicated that the domain names ns-a1.io, ns-a2.io, ns-a3.io, and ns-a4.io were available for registration. Matthew Bryant ordered the registration of those four domain names out of interest and was surprised to see that the registrations were validated. As a result, this person took control of 4 of the 7 .io authoritative NS. He immediately contacted the relevant registry operator in order to draw his attention to the situation.

How could this have happened? This situation apparently originated from an error during the registry operations management transfer from .IO TLD to Afilias: the 4 domain names concerned by the transfer were not locked-down by Afilias, resulting in their availability for registration for several days before the above-mentioned registrations took place.

Things returned to normal as this article was being written. Had the registration been performed by ill-intentioned individuals, the authoritative NS takeover described above could have affected thousands of domain names registered under the .io TLD, by redirecting internet users requests to fraudulent websites for example.

A detailed article has been written by Matthew Bryant himself on thehackerblog.com

A lire également :

Les raisons du refus du .AMAZON ne coulent pas de source →

21/7/2017 La société Amazon EU S. a. r. l. (...)
.MOI
ICANN ACCREDITED REGISTRAR TMCH OFFICIAL AGENT VERISIGN ACCREDITED REGISTRAR RESTENA (.LU) ACCREDITED REGISTRAR CENTRANIC ACCREDITED REGISTRAR AFNIC ACCREDITED REGISTRAR EURID ACCREDITED REGISTRAR NOMINET ACCREDITED REGISTRAR FICORA ACCREDITED REGISTRAR RIGHTSIDE ACCREDITED REGISTRAR DONUTS ACCREDITED REGISTRAR ZA CENTRAL REGISTRY ACCREDITED REGISTRAR ZA CENTRAL REGISTRY : .AFRICA ACCREDITED REGISTRAR

Droits des détenteurs (ICANN)
Politique de suppression de domaine expirés
Conditions de service proxy
Conditions Générales de Vente
Conditions Particulières Noms de domaine
Réclamations