Want to control over 270,000 websites? That’ll be $96 and a handover cockup, please
Late Friday, Matthew Bryant noticed an unusual response to some test code he was using to map top-level domains: several of the .io authoritative name servers were available to register.
Out of interest, he tried to buy them and was amazed to find the registration went through – leaving him potentially in control of hundreds of thousands of websites.
These crucial name servers – specifically, a0.nic.io, b0.nic.io, c0.nic.io, ns-a1.io, ns-a2.io, ns-a3.io, and ns-a4.io – are like the telephone directories of the .io space. If your web browser wants to connect to, say, github.io, it may have to go out to one of these authoritative name servers to convert github.io into a public IP address to connect to.
Those nic.io and ns-aX.io addresses should be owned and maintained by .io’s operators. But Bryant was able to purchase and register ns-a1.io, ns-a2.io, ns-a3.io, and ns-a4.io, and point them at his own DNS servers, allowing him to, if he wanted, potentially redirect connections to any .io domain to a server of his choosing.
.io registry is sticking it’s head in the sand. oops.