Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UltraDNS #29

Open
indianajson opened this issue Jun 17, 2021 · 7 comments
Open

UltraDNS #29

indianajson opened this issue Jun 17, 2021 · 7 comments
Labels
Not Vulnerable This service is not vulnerable to takeover.

Comments

@indianajson
Copy link
Owner

indianajson commented Jun 17, 2021
edited
Loading

Service UltraDNS

Status Not Vulnerable

Nameserver

pdns***.ultradns.com
udns***.ultradns.com
sdns***.ultradns.com

All DNS nameservers under ultradns.com run off the same list of zones, thus a zone with NS udns34.ultradns.com will still get resolved by pdns148.ultradns.com.

Explanation

While accounts start at $30 per month and can be created by adding a service to your cart via this page UltraDNS has built internal detection to limit/stop DNS takeovers using their service.

Credit

Special thanks to @m0chan for investigating this and getting us an answer!
@indianajson indianajson added the Investigation Needed Further investigation is needed to confirm vulnerability label Jun 17, 2021
@m0chan
Copy link

m0chan commented Jun 22, 2021
edited
Loading

This is no longer possible, UltraDNS patched the issue & built internal detection.

@indianajson
Copy link
Owner Author

Thanks for sharing, @m0chan! I'll update this right away.

@indianajson indianajson added Not Vulnerable This service is not vulnerable to takeover. and removed Investigation Needed Further investigation is needed to confirm vulnerability labels Jun 22, 2021
@indianajson
Copy link
Owner Author

@m0chan Do we know what kind of built-in protection is being used?

@0xdipak
Copy link

0xdipak commented Apr 8, 2023

edns83.ultradns.net.
edns83.ultradns.com.
edns83.ultradns.org.
edns83.ultradns.biz.
what about this fingerprint?

@indianajson
Copy link
Owner Author

edns83.ultradns.net.

edns83.ultradns.com.

edns83.ultradns.org.

edns83.ultradns.biz.

what about this fingerprint?

Good question. I haven't been able to get an account to test double check this as of yet.

@aravindb26
Copy link

So we can't takeover ultradns nameservers?

@indianajson
Copy link
Owner Author

@aravindb26 As far as I am aware, no, however, feel free to open a paid account and test it yourself. If you find you are able to perform a takeover I'll definitely update this thread.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Not Vulnerable This service is not vulnerable to takeover.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@indianajson @m0chan @aravindb26 @0xdipak