DNS lookup rules ?

  1. 3 months ago

    Tony B

    Sep 16 Pre-Release Testers, Xojo Pro Sydney, Australia

    Greetings All,

    I have a question that relates to DNS rules and security. I have posted this on Stack Overflow but am not confident of any answers, as I have not participated there before.

    Let us say Person A owns the site https://www.example.com

    A different person, Person B, not associated with A, attempts to register https://sub.example.com
    with the local registry. Will the registry allow this ? Or is there an implicit understanding that these domain names are linked, and can't be obtained by third parties ?

    The reason I ask is that my university https://www.sydney.edu.au
    supposedly sent me a link in an email, authored by notifications@instructure.com, which directs me to
    https://canvas.sydney.edu.au/ ...

    This looks bad to me. But maybe dns rules only allow sydney.edu.au to have the associated domain of canvas.sydney.edu.au

    Otherwise, if any person (e.g. a Bad Person) can register https://badsite.sydney.edu.au and dns lets it go through ... then there is just one more hole in the dns world that is waiting to be exploited.

    Regards, Tony B.

  2. José M

    Sep 17 Pre-Release Testers, Xojo Pro Spain

    No, you register a domain under a TLD, in your example domain is example and TLD is .com

    Then what you call subdomain is a host or service name, and only can be "registered" or resolved by the DNS(s) that runs the domain (example.com ), so sub.example.com is not registered, only configured under the example.com DNS server(s).

  3. Tony B

    Sep 17 Pre-Release Testers, Xojo Pro Sydney, Australia

    Thank you Jose. Much appreciated. My concern that https://canvas.sydney.edu.au might be a badsite is without foundation.

    Regards, Tony Barry

  4. José M

    Sep 17 Pre-Release Testers, Xojo Pro Spain
    Edited 3 months ago

    You're welcome.

    There are attacks vs DNS/Bind, etc... but that “subdomain” must be configured by sidney.edu.au admin (if dns not hijacked).

    Also, i se this Isis a redirection to another machine, and is https, even the certificate does not verify the issuer is sidney.edu.au , you can verify you are in one of that domain’s machine.

    Also, if you ping sydney.edu.au you get IP 129.78.5.8
    If you ping sts.sydney.edu.au (where canvas. redirects) you get 129.78.5.45

    If you do a whois to any of there you can see them belongs to "University of Sydney - network administrator"

    whois 129.78.5.8
    
    [TRIMMED]
    
    % [whois.apnic.net]
    % Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html
    
    % Information related to '129.78.0.0 - 129.78.255.255'
    
    % Abuse contact for '129.78.0.0 - 129.78.255.255' is 'abuse@sydney.edu.au'
    
    inetnum:        129.78.0.0 - 129.78.255.255
    netname:        UNISYD-AU
    descr:          University of Sydney
    country:        AU
    admin-c:        UOSN1-AP
    tech-c:         UOSN1-AP
    status:         ALLOCATED PORTABLE
    remarks:        This object was transferred from ARIN database
    remarks:        on 11 December 2002
    mnt-by:         APNIC-HM
    mnt-routes:     MAINT-AU-UNIVERSITYOFSYDNEY
    mnt-lower:      MAINT-AU-UNIVERSITYOFSYDNEY
    mnt-irt:        IRT-UNIVERSITYOFSYDNEY-AU
    last-modified:  2012-09-07T01:02:42Z
    source:         APNIC
    
    irt:            IRT-UNIVERSITYOFSYDNEY-AU
    address:        Building G17, 316 Abercrombie Street,
    address:        Darlington, NSW 2006
    address:        AU
    phone:          +61286277898
    e-mail:         krishnan.rajendran@sydney.edu.au
    abuse-mailbox:  abuse@sydney.edu.au
    admin-c:        UOSN1-AP
    tech-c:         UOSN1-AP
    auth:           # Filtered
    irt-nfy:        krishnan.rajendran@sydney.edu.au
    mnt-by:         MAINT-AU-UNIVERSITYOFSYDNEY
    last-modified:  2014-04-30T04:14:26Z
    source:         APNIC
    
    role:           University of Sydney - network administrator
    address:        Building G17, 316 Abercrombie Street,
    address:        Darlington, NSW 2006
    country:        AU
    phone:          +61286277898
    fax-no:         +61286277899
    e-mail:         krishnan.rajendran@sydney.edu.au
    admin-c:        UOSN1-AP
    tech-c:         UOSN1-AP
    nic-hdl:        UOSN1-AP
    mnt-by:         MAINT-AU-UNIVERSITYOFSYDNEY
    last-modified:  2012-09-06T01:40:10Z
    source:         APNIC
    
    % This query was served by the APNIC Whois Service version 1.88.15-46 (WHOIS-UK3)
  5. Greg O

    Sep 17 Xojo Inc

    Tony, see this line in the Whois response?

    % Abuse contact for '129.78.0.0 - 129.78.255.255' is 'abuse@sydney.edu.au'

    You could email them and ask about it. Also, I would expect that the domain is controlled by the university IT department. You could probably ask them about canvas.sydney.edu.au and bring up your concerns. If they don’t know about the registration, I’m sure they’ll go find out!

  6. Cliff A

    Sep 17 Pre-Release Testers, Xojo Pro Charlotte, NC, USA

    Canvas is a pretty common learning management system (LMS) used by a lot of schools (here in the US at least). Both of my kids have used it in high school and now into college.

  7. Tim P

    Sep 17 Pre-Release Testers feedback://46303

    Instructure.com seems to be the people who make the software https://www.instructure.com/about :)

  8. Tony B

    Sep 17 Pre-Release Testers, Xojo Pro Sydney, Australia

    A very big thank you to all who replied. My knowledge increases ...

    Regards,
    Tony B

or Sign Up to reply!