Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for detecting domain name takeover vulnerability

A detection method and vulnerability detection technology, applied in the Internet field, can solve problems such as DNS resolution authority takeover and domain name takeover vulnerabilities.

Active Publication Date: 2022-07-08
WUHAN GREENET INFORMATION SERVICE
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When using a third-party DNS resolution service, DNS records will be stored on the third-party platform, and these DNS records form a record file, which is called a DNS Zone file; when the user no longer uses the third-party DNS resolution service, the third-party The platform will delete the DNS Zone file corresponding to this domain name. If the NS record of the target domain name is not updated in time at this time, a domain name takeover vulnerability will occur, resulting in the DNS resolution authority of the entire domain of the target domain name being taken over.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting domain name takeover vulnerability
  • Method and device for detecting domain name takeover vulnerability
  • Method and device for detecting domain name takeover vulnerability

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0060] Embodiment 1 of the present invention provides a method for detecting a domain name takeover vulnerability, such as figure 2 shown, including:

[0061] In step 201, the recursive resolution server is queried for the DNS A record of the target domain name.

[0062] In step 202, a response message of the DNS is obtained, and when it is checked that the DNS response status code is SERVFAIL, the DNS A record of the target domain name is queried from the NS server.

[0063] Wherein, the status code is SERVFAIL, indicating that the recursive resolution server cannot be connected to the Internet, the DNSSEC check fails, the NS server is unreachable, and there is no DNS ZONE file corresponding to the domain name on the NS server.

[0064] In step 203, the result of querying the DNS A record of the target domain name returned by the first NS server is obtained, and the first NS server is denoted as NS_1; the domain in charge of the NS_1 server is denoted as DOMAIN_1; The NS s...

Embodiment 2

[0080] Based on the solution proposed in Embodiment 1, the embodiment of the present invention collects several possible domain name takeover vulnerabilities from a relatively complete analysis logic into a complete analysis logic for presentation, such as image 3 shown, including the following steps:

[0081] Step S101, query the DNS A record of the target domain name from the recursive resolution server;

[0082] The recursive resolution server here refers to the DNS resolver, such as the public 114.114.114.114, Google's 8.8.8.8, or the default DNS resolution server provided by major operators.

[0083] The concepts and terms need to be clarified here. Although the DNS server that we usually configure for the computer on the Internet is also called "DNS server", strictly speaking, this name is wrong. According to the DNS specification, it should be called a recursive resolution server ( Or called DNS Resolver), and the authoritative domain name server in the DNS system is ...

Embodiment 3

[0111] like Figure 5 As shown, it is a schematic structural diagram of an apparatus for detecting a domain name takeover vulnerability according to an embodiment of the present invention. The apparatus for detecting a domain name takeover vulnerability in this embodiment includes one or more processors 21 and a memory 22 . in, Figure 5 Take one processor 21 as an example.

[0112] The processor 21 and the memory 22 can be connected by a bus or in other ways, Figure 5 Take the connection through the bus as an example.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the field of Internet technology, and provides a method and device for detecting a domain name takeover vulnerability. The method includes querying the recursive resolution server for the DNS A record of the target domain name; obtaining a response message from the DNS, checking that when the DNS response status code is SERVFAIL, querying the NS server for the DNS A record of the target domain name; querying the NS_1 server for the DNS NS record of DOMAIN_1, And compare the obtained DNS NS records with NS_1, if they do not match, it is determined that there is a domain name takeover vulnerability. The present invention analyzes the problem of domain name takeover loopholes under the condition that the target domain name DNS A record fails to parse through the data maintenance characteristics of the current-level NS server and its upper-level NS server.

Description

【Technical field】 [0001] The present invention relates to the field of Internet technologies, and in particular, to a method and device for detecting a domain name takeover vulnerability. 【Background technique】 [0002] With the continuous development and maturity of cloud computing technology, various network facilities are gradually migrating to the cloud, and the traditional network architecture has undergone tremendous changes. Under the traditional technical framework, if a company wants to deploy a website, it often needs to purchase a domain name, configure DNS resolution, and purchase IP addresses or network space services. If the website needs data storage, it needs to build a database service by itself. A large number of concurrent accesses require a load balancing or CDN network. Now with the development of virtualization technology, cloud computing companies provide a variety of services, covering almost all application scenarios. For example, Amazon cloud compu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L61/4511
CPCH04L63/1433H04L61/4511
Inventor 侯贺明
Owner WUHAN GREENET INFORMATION SERVICE