🇳🇪 .ne nameserver ― « it's just a drop in the bucket when it comes to these sorts of invalid #DNS configurations. » #niger #networks #threats [ https://0xda.de/blog/2025/01/invalid-niger-nameservers-in-the-com-zone/ ] #informatique
@gjherbiet @minus Many ccTLDs? But far from the majority. And in fact some did in the past do checks, and stopped, like `.fr`. Also, it would be hard in advance for a malicious server to know which zones will suddenly be requested out of it, and even if it does some kind of wildcard, any trivial checks - like on NS recordset consistency across nameservers - would spot it (because the malicious one can't know in advance which ones are the other nameservers).
@minus Thanks for that study, insightful! Makes me remember another "recent" but ongoing kind of typo on TLDs but appearing in another part of the ecosystem: https://www.ft.com/content/ab62af67-ed2a-42d0-87eb-c762ac163cf0
@minus Many (cc)TLDs do delegation validation checks to fight against this.
Of course, if there is already a malicious authoritative server configured for the domain the check will pass.
But at least, it may prevent lingering typos to become a later exploit without anybody but the attackers noticing.