|
|
|
|
|
|
by cft
2982 days ago
|
|
|
Wait: in example.com say .com registrar sets a 5min TTL on NS record for example.com that resolves to 1.2.3.4. That means that your DNS server is at 1.2.3.4, serving your A and MX records. An attacker BGP hijacks 1.2.3.4. You change NS record in your .com registrar settings to 5.6.7.8 that is not compromised. Notice I am not talking about your A or MX records that you controlled on a compromised IP, but of NS record that a .com registrar controls. So after 5 min the browsers contact a non-compromised nameserver at 5.6.7.8 to get your A records. I think unless a TLD registrar gets hijacked that mitigates the attack on your own DNS after the NS TTL |
|
|
Here though, people using area53 for DNS probably can't move away from it as they are stuck on amazon.