Can I Take Over Dns Save

"Can I take over DNS?" — a list of DNS providers and how to claim (sub)domains via missing hosted zones

Project README

Can I Take Over DNS?
A list of DNS providers and whether their zones are vulnerable to DNS takeover!
Maintained by  

Inspired by the popular Can I Take Over XYZ? project by @EdOverflow this project is uniquely oriented towards DNS takeovers. While dangling DNS records pose a high threat to companies and warrant high bounties, DNS takeovers pose even greater risks and are sometimes even easier to find. We are trying to make this list comprehensive, so please contribute!

DNS Providers

These companies provide DNS nameserver services to the general public. In this list you will find out whether domains pointing to these nameservers are vulnerable to DNS takeover and where you can learn more about them.

Provider Status Fingerprint Takeover Instructions
000Domains Vulnerable (w/ purchase)
Issue #19
AWS Route 53 Not Vulnerable ns-****.awsdns-**.org
Issue #1
Azure (Microsoft) Edge Case ns1-**
Issue #5
Bizland Vulnerable
Issue #3
Cloudflare Edge Case * Issue #10
Digital Ocean Vulnerable
Issue #22
DNSMadeEasy Vulnerable ns** Issue #6
DNSimple Vulnerable
Issue #16 Vulnerable (w/ purchase)
Issue #17
DomainPeople Not Vulnerable
Issue #14
Dotster Vulnerable (w/ purchase)
Issue #18
EasyDNS Vulnerable
Issue #9 Not Vulnerable
Google Cloud Vulnerable ns-cloud-** Issue #2
Hostinger (old NS) Not Vulnerable
Hover Not Vulnerable
Issue #21
Hurricane Electric Vulnerable
Issue #25
Linode Vulnerable
Issue #26
MediaTemple (mt) Not Vulnerable
Issue #23
MyDomain Vulnerable (w/ purchase)
Issue #4 Vulnerable (w/ purchase) ns1***
Issue #8
namecheap Not Vulnerable *
Network Solutions Not Vulnerable ns** Issue #15
NS1 Vulnerable dns1.p**
Issue #7
TierraNet Vulnerable
Issue #24 Vulnerable (w/ purchase)
Issue #28
UltraDNS Not Vulnerable pdns***
Issue #29
Yahoo Small Business Vulnerable (w/ purchase)
Issue #20

Private DNS

These are private nameservers operated by various companies. The general public cannot create zones on these nameservers and thus takeovers are not possible. Knowning nameservers that are not vulnerable can be helpful to eliminate false positives from your testing.

Owner Status Fingerprint
Activision Not Vulnerable ns*
Adobe Not Vulnerable adobe-dns-0*
Apple Not Vulnerable
Automattic Not Vulnerable ns*
Capital One Not Vulnerable ns*
Disney Not Vulnerable ns*
Google Not Vulnerable ns*
Lowe's Not Vulnerable authns*
T-Mobile Not Vulnerable

What is a DNS takeover?

DNS takeover vulnerabilities occur when a subdomain ( or domain has its authoritative nameserver set to a provider (e.g. AWS Route 53, Akamai, Microsoft Azure, etc.) but the hosted zone has been removed or deleted. Consequently, when making a request for DNS records the server responds with a SERVFAIL error. This allows an attacker to create the missing hosted zone on the service that was being used and thus control all DNS records for that (sub)domain.

You can read more at:


We welcome contributions!

We need new DNS providers added with information of their vulernability status. You can submit new services here! We have a list of DNS providers that need to be investigated here.

We also need to identify as many DNS providers as possible. We have compiled and begun to organize a list of DNS servers. If you want to help read more about it here.

Open Source Agenda is not affiliated with "Can I Take Over Dns" Project. README Source: indianajson/can-i-take-over-dns

Open Source Agenda Badge

Open Source Agenda Rating