Domain Pointing / Stealing Via DNS On DigitalOcean Side

September 16, 2014 4.1k views
tonyli.lives
By:
tonyli.lives

I am just a bit confused as to how DNS works in terms of when it is assigned to DigitalOcean’s nameservers.

My domain from Namecheap is pointed at NS1/2/3.DIGITALOCEAN.COM. and I added the domain under DNS in DO to point to the droplet IP. My question is, wouldn’t someone else using DO be able to do the same thing and assign a domain in their own DNS panel and point the record to their own droplet IP?

AKA: how does DO know what domain should point to what account’s DNS?

Regards.

1 comment
  • natelegakis November 10, 2016

    The domain record has an ip address and a domain name. Can this happen if someone destroys a droplet but doesn’t delete the domain record for that droplet? Can that ip address be assigned to someone else creating a droplet?

Log In to Comment
2 Answers
TonyTsang September 16, 2014

You should google how a domain name is resolved or how DNS works.

Process of a DNS request from my knowledge

  1. client send a request to a name server
  2. name server search it’s cache for answer (ip) if it have cache return the result to the client > query ended successfully if not, it will query the root name server, and the root will return the authoritative name servers which you specified for your domain to answer the query. After getting an answer from the authoritative name server, the name server cache the result for later query and return the result to the client > query ended successfully.

The TTL field of a dns record is to tell other name server how long it can keep the cache before requerying.

Anyone can setup a name server for any domain, but only the authoritative name servers is responsible for all unanswered dns query.

How does DO know what domain should point to what account's DNS?

The answer is DO don’t know what domain should point to what account’s DNS?
Only the authoritative name servers you set at your registrar matters.

Reply
  • TonyTsang September 16, 2014

    If you are getting a message saying: Name has already been taken, when adding domain name to DO’s name server.

    That means someone has already defined the records for that domain at DO’s name servers.

    This maybe the domain name stealing you are talking about.

    I think this can be easily resolved by contacting DO’s support to prove the ownership.

    If you are interested, you can try the following commands to see what answer you get.

    nslookup test.com ns1.digitalocean.com

nslookup test.com 8.8.8.8

    Someone already defined test.com’s records on DO’s name server but since test.com’s authoritative name servers is not nsX.digitalocean.com.
    No one will get 127.0.0.1 for normal query unless he/she is querying nsX.digitalocean.com.

  • tonyli.lives September 16, 2014

    Your second answer is what I’m looking for. I know about the authoritative ns but my question was with what happens after that on DO’s side. I guess contacting DO is the only way to solve that issue.

    Thanks.

cinghaman February 22, 2018

I know this is a very old question but I just had someone steal my DNS/IP and point their domain name to my IP hosted on DO, did you find out what steps DO took? or you took?
I have already send DMCA notice to Google and to the Registrar with which the domain was booked and I am waiting on DO’s support to respond.

Reply
Have another answer? Share your knowledge.