[dns-operations] More detail on the EA/Origin "subdomain hijack"?

Daniel Stirnimann daniel.stirnimann at switch.ch
Thu Jun 27 07:00:44 UTC 2019

I did a little research on this in 2017 [1]. I have not seen any cloud provider trying to prevent this kind of attack. In my experience AWS is better then most others as they add a 10 digit random number to your hostname. However, if you delegate something to AWS and forget to remove your delegation after its use, then it is easy to reclaim that delegation by a third-party. Here is a nice one from Azure: mybrowser.microsoft.com


[1] https://securityblog.switch.ch/2017/11/14/subdomain-hijacking/

Von: dns-operations [dns-operations-bounces at dns-oarc.net]" im Auftrag von "Viktor Dukhovni [ietf-dane at dukhovni.org]
Gesendet: Donnerstag, 27. Juni 2019 02:11
An: dns-operations at dns-oarc.net
Betreff: [dns-operations] More detail on the EA/Origin "subdomain hijack"?

Anyone have more detail on:


It seems that it may be possible, with some cloud providers, for a
new customer to request to use the same cloud DNS name as a previous
customer?  If so, why?

dns-operations mailing list
dns-operations at lists.dns-oarc.net
dns-operations mailing list

More information about the dns-operations mailing list