Can someone poison the DNS records?

  • Posted on January 14, 2015
  • cmioAsked by cmio

So I’ve pointed my domain name from my registrar to DigitalOcean’s name servers. Since there is no authentication on DigitalOcean to ensure I own the domain before I make DNS records for it, surely its possible that someone could create records for it and hijack it (albeit briefly) to go to where ever they want?

I presume there is some system in place to stop the duplication of records for a particular domain name but propose they made the records before you. Also, I understand that I could narrow the window of attack by setting up my DNS records first before I point to the name servers. I’m just interested in seeing if it was possible.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

The DNS system will allow you to create a zone for any domain for which three is not already one in the system. Since our DNS servers are not used directly as resolvers this would not allow poisoning of records unless the domain were already pointed to our nameservers but the user had not set up DNS themselves. We recommend creating your zone before re-pointing your DNS. The primary reason for this is that it reduces downtime.