Over 1.4 million .VN domains leaked on the internet
On Aug 31, 2017 at approximately 4:14AM PDT (earliest known detection), one of Vietnam’s top level nameservers was accidentally configured to allow global DNS zone transfers. This allows anyone who performs an AXFR (zone transfer) request to the country’s f.dns-servers.vn nameserver to get a copy of the nation’s top level DNS data. This was detected by the TLDR Project – an effort to attempt zone transfers against all top level domain (TLD) nameservers every three hours and keep a running Github repo with the resulting data. The size of this leak is fairly big so this repository is meant to give a better overview of all the DNS data that is now available. It appears that previously these zone files have even been sold for profit, so we are happy to give this data out to the public to enjoy/use in their research.
Note: As of the time of this writing Vietnam has again disabled zone transfers for its f.dns-servers.vn nameserver. This Github serves as a historical archive of the snapshot of Vietnam’s DNS.
Number of Domain Names Leaked:
.vn: 947,222 entries.
.com.vn: 358,877 entries.
.edu.vn: 43,972 entries.
.net.vn: 21,947 entries.
.name.vn: 17,329 entries.
.org.vn: 7,064 entries.
.gov.vn: 4,108 entries.
others: 2,898 entries. (All entries of others domains managed by ccTLD f.dns-servers.vn nameserver)
.info.vn: 2,123 entries.
.pro.vn: 1,257 entries.
.biz.vn: 929 entries.
.ac.vn: 308 entries.
.int.vn: 59 entries.
Total entries: 1,408,093
Here is repo was public on github:
As we can see, there are many sensitive domain leaked included domain name and their DNS server. Specially, goverment’s domains, education’s domains leaked.
Dive into techincal details
Top level domain
A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet. The top-level domain names are installed in the root zone of the name space. For all domains in lower levels, it is the last part of the domain name, that is, the last label of a fully qualified domain name. For example, in the domain name www.example.com, the top-level domain is com.
Most top level domains fall into two categories: country code TLDs or generic TLDs. A few are test domains that are no longer used. However a very small number don’t really fall into any of the previous categories.
DNS zone transfer zone
DNS zone transfer, also sometimes known by the inducing DNS query type AXFR, is a type of DNS transaction. It is one of the many mechanisms available for administrators to replicate DNS databases across a set of DNS servers.
A zone transfer uses the Transmission Control Protocol (TCP) for transport, and takes the form of a client–server transaction. The client requesting a zone transfer may be a slave server or secondary server, requesting data from a master server, sometimes called a primary server. The portion of the database that is replicated is a zone.
More about Zone Transfers for Roots and TLDs
Allowing global zone transfers is sometimes considered a security vulnerability due to this functionality giving attackers the ability to easily enumerate all DNS zone data for a specific domain. This is often seen as an issue for system administrators who want to make enumeration of sub-domains and other DNS data hard for malicious actors.
However, when it comes to TLDs and the root nameservers, zone transfers are shown in a different light. Zone transfers at this level can be benificial as they are an easy way for a TLD to be transparent about its DNS changes.
DNS enumeration is the process of locating all the DNS servers and their corresponding records for an organization. A company may have both internal and external DNS servers that can yield information such as usernames, computer names, and IP addresses of potential target systems. There are a lot of tools that can be used to gain information for performing DNS enumeration. The examples of tool that can be used for DNS enumeration are NSlookup, DNSstuff, American Registry for Internet Numbers (ARIN), and Whois. To enumerate DNS, you must have understanding about DNS and how it works.
You must have knowledge about DNS records. The list of DNS record provides an overview of types of resource records (database records) stored in the zone files of the Domain Name System (DNS). The DNS implements a distributed, hierarchical, and redundant database for information associated with Internet domain names and addresses.
In this senario I mentioned AXFR so what is this:
It’s a type of dns record(dns query). Authoritative Zone Transfer, Transfer entire zone file from the master name server to secondary name servers. DNS Zone Transfer is typically used to replicate DNS data across a number of DNS servers, or to back up DNS files. A user or server will perform a specific zone transfer request from a ―name server.‖ If the name server allows zone transfers to occur, all the DNS names and IP addresses hosted by the name server will be returned in human-readable ASCII text.
For more about dns record types you can reference here
DNS zone tranfer data is kind of sensitive information, it’s can lead your website reveal real ip and dns nameserver. But if you are not system administrators of top level nameservers let’s protect your real IP by using a proxy or other ways you can. Hope it helpful for you guys. Cheers !