Domain Pointing / Stealing Via DNS On DigitalOcean Side

September 16, 2014 2.3k views

I am just a bit confused as to how DNS works in terms of when it is assigned to DigitalOcean's nameservers.

My domain from Namecheap is pointed at NS1/2/3.DIGITALOCEAN.COM. and I added the domain under DNS in DO to point to the droplet IP. My question is, wouldn't someone else using DO be able to do the same thing and assign a domain in their own DNS panel and point the record to their own droplet IP?

AKA: how does DO know what domain should point to what account's DNS?

Regards.

1 comment
  • The domain record has an ip address and a domain name. Can this happen if someone destroys a droplet but doesn't delete the domain record for that droplet? Can that ip address be assigned to someone else creating a droplet?

1 Answer

You should google how a domain name is resolved or how DNS works.

Process of a DNS request from my knowledge

  1. client send a request to a name server
  2. name server search it's cache for answer (ip) if it have cache return the result to the client > query ended successfully if not, it will query the root name server, and the root will return the authoritative name servers which you specified for your domain to answer the query. After getting an answer from the authoritative name server, the name server cache the result for later query and return the result to the client > query ended successfully.

The TTL field of a dns record is to tell other name server how long it can keep the cache before requerying.

Anyone can setup a name server for any domain, but only the authoritative name servers is responsible for all unanswered dns query.

How does DO know what domain should point to what account's DNS?

The answer is DO don't know what domain should point to what account's DNS?
Only the authoritative name servers you set at your registrar matters.

  • If you are getting a message saying: Name has already been taken, when adding domain name to DO's name server.

    That means someone has already defined the records for that domain at DO's name servers.

    This maybe the domain name stealing you are talking about.

    I think this can be easily resolved by contacting DO's support to prove the ownership.

    If you are interested, you can try the following commands to see what answer you get.

    nslookup test.com ns1.digitalocean.com
    
    nslookup test.com 8.8.8.8
    

    Someone already defined test.com's records on DO's name server but since test.com's authoritative name servers is not nsX.digitalocean.com.
    No one will get 127.0.0.1 for normal query unless he/she is querying nsX.digitalocean.com.

  • Your second answer is what I'm looking for. I know about the authoritative ns but my question was with what happens after that on DO's side. I guess contacting DO is the only way to solve that issue.

    Thanks.

Have another answer? Share your knowledge.