• Krebs On Security Post and Interest: A recent post about a Mastercard nameserver mistake led the author to think. Accessing the .com zone file, they grep for similar mistakes. An awsdns-06.ne registered earlier sparked interest as AWS uses many domains for DNS infrastructure.
• Grep Search and Results: Downloaded the .com zone file and ran a grep for domains with .ne nameservers. After processing 22GB of data, 1820 potential sites of interest were found.
• A Record Lookup and Script: Wrote a Python script using dnspython to iterate through the zone file, extract impacted domains and nameservers, and attempt to resolve A records. 858 unique invalid .ne nameservers were found, with 285 awsdns based nameservers and 64 unique apex domains.
• Fallout and Impacted Domains: The list of unique domains includes various types like law firms, etc. A surprising number of small tech and cybersecurity services are also impacted. The author won't make the lists available due to the high number of results and unknown impact.
• Prevention and Challenges: 1820 impacted domains out of 150 million + in the .com zone is not a huge deal. Registrars or TLD operators could fix the issue, but there are many and logistical challenges exist. What would happen if they take action is unknown.
• Outro: Philippe Caturegli's find on a Mastercard domain is significant but just a small part of invalid DNS configurations. The author is working on tooling through Room 641A to enable and enrich such research.