It appears some TLDs have a MNAME (primary server) field in the SOA record which does not exist *and* is in a registrable SLD. A bad guy can buy the SLD and then receive the traffic aimed to the MNAME.
This is mostly Dynamic Update traffic for Windows machines. If you like big data, you will get a lot of information, specially from Active Directory, sometimes personal (name of the PC = name of the person). This excellent article describes in detail the problem and its exploitation for .gt: https://thehackerblog.com/hacking-guatemalas-dns-spying-on-active-directory-users-by-exploiting-a-tld-misconfiguration/ _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-operations mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-operations
