Abstract: The Domain Name Service (DNS) infrastructure is a global distributed database that links human readable domain names with the Internet Protocol (IP) addresses of the resources that power the internet. With the explosion of cloud computing over the past decade, increasing proportions of organizations\' computing services have moved from on-premise solutions to cloud providers. These services range from complete DNS management to singular services such as E-mail or a payroll application. Each of these outsourced services requires a trust delegation, that is, the owning organization needs to advertise to the world, often by DNS records, that another organization can act authoritatively on its behalf. What occurs when these trust delegations are misused? In this work, I explore the methods that can be used to exploit DNS trust delegation and then examine the top 1% of the most popular domains in the world for the presence of these exploitable vulnerabilities. Finally, I conclude with methods of defense against such attacks and the publishing of a novel tool to detect these vulnerabilities.
Keywords: DNS management,Domain Name System,Subdomain,Trust delegation,Cloud computing,Global distributed database,Internet Protocol , IP address