Story Detail of id 42797099 | Liveview Hacker News

davchana1 week ago | on: Mastercard DNS error went unnoticed for years

> CNAME pointing to a Heroku/Shopify/GitHub

At least Gitlab (similar to Github pages, I never used Github Pages, always Gitlab Pages) gives you a verification TXT record in your Gitlab Account, which needs to stay in DNS as TXT. So if I used to host hi.example.com on Gitlab (& my own TXT record was hosted, and publicly visible), now I don't own example com, or gitlab account got deleted (but still left DNS CNAME records intact) and scammer gets the domain, when he grabs domain and adds hi.example.com to his Gitlab Account to scam people, his Gitlab Account will have his own TXT record. (now) His hi.example.com can never point to "my" gitlab project or page.

https://docs.gitlab.com/ee/user/project/pages/custom_domains...

alwa1 week ago | parent

I’m not sure he’d want to, it would seem like he might want to point to his own scam. But if he did, I imagine he could add back your TXT record after looking it up in any of a large number of historical DNS databases. I can’t vouch for the quality, but a casual Google suggests there are still many, primarily paid but some free-ish, in the mix. Examples:

https://dnshistory.org/

https://whoisfreaks.com/tools/dns/history/lookup

I really don’t think a TXT record is a good place to keep a secret… although it is a good place to prove you control a domain.

#visit	11809569
#session	46123
#live-session	0