1. Open the Google Cloud Console (https://console.cloud.google.com) and log in to your GCP account.
2. Navigate to the “Cloud DNS” page by clicking on the navigation menu and selecting “Networking” > “Cloud DNS”.
3. On the Cloud DNS page, you will see a list of your DNS zones. Select the zone that contains the subdomain with the NS delegation vulnerability.
4. In the zone details, you will see a list of DNS records. Look for the NS (Name Server) records related to the vulnerable subdomain. These records specify the authoritative name servers for the subdomain.
5. Click on the checkbox next to each NS record related to the vulnerable subdomain to select them.
6. Once the NS records are selected, click on the “Delete” button at the top of the page to remove them.
7. A confirmation dialog will appear. Review the selected records and click on the “Delete” button to confirm the deletion.
8. After deleting the NS records, the subdomain will no longer have any NS delegation. The DNS resolution for the subdomain will now be handled by the parent domain’s name servers.
9. Verify the changes by performing a DNS lookup for the subdomain using a tool like “dig” or “nslookup”. Ensure that the NS records for the subdomain no longer exist.

​

1. Install and set up the GCP CLI:
   • Download and install the GCP CLI from the official documentation: https://cloud.google.com/sdk/docs/install
   • Run gcloud init to authenticate and set up the CLI with your GCP account.
2. Identify the vulnerable subdomain:
   • Identify the subdomain that has NS delegations pointing to external DNS servers. This can be done by reviewing your DNS records or by using a DNS enumeration tool.
3. Update the NS records:
   • Open your terminal or command prompt and run the following command to update the NS records for the vulnerable subdomain:
     Copy

     Ask AI

     gcloud dns record-sets transaction start --zone=[ZONE_NAME]
     gcloud dns record-sets transaction remove --zone=[ZONE_NAME] --name=[SUBDOMAIN_NAME] --type=NS [EXTERNAL_DNS_SERVER_1]
     gcloud dns record-sets transaction remove --zone=[ZONE_NAME] --name=[SUBDOMAIN_NAME] --type=NS [EXTERNAL_DNS_SERVER_2]
     gcloud dns record-sets transaction add --zone=[ZONE_NAME] --name=[SUBDOMAIN_NAME] --type=NS --ttl=[TTL] [GCP_DNS_SERVER_1]
     gcloud dns record-sets transaction add --zone=[ZONE_NAME] --name=[SUBDOMAIN_NAME] --type=NS --ttl=[TTL] [GCP_DNS_SERVER_2]
     gcloud dns record-sets transaction execute --zone=[ZONE_NAME]
     

     Replace the placeholders in the above commands with the following values:
     • [ZONE_NAME]: The name of the DNS zone where the subdomain exists.
     • [SUBDOMAIN_NAME]: The name of the vulnerable subdomain.
     • [EXTERNAL_DNS_SERVER_1], [EXTERNAL_DNS_SERVER_2]: The external DNS server addresses that need to be removed.
     • [GCP_DNS_SERVER_1], [GCP_DNS_SERVER_2]: The GCP DNS server addresses that need to be added.
     • [TTL]: The Time To Live value for the NS records (e.g., 300).
4. Verify the changes:
   • After executing the transaction, wait for a few minutes to allow the changes to propagate.
   • Use the following command to verify the NS records for the subdomain:
     Copy

     Ask AI

     gcloud dns record-sets list --zone=[ZONE_NAME] --name=[SUBDOMAIN_NAME] --type=NS
     

     Ensure that only the GCP DNS server addresses are listed.

1. Install the required libraries:
   • Install the google-cloud-dns library by running the command pip install google-cloud-dns in your Python environment.
2. Authenticate with GCP:
   • Generate a service account key for your project in GCP.
   • Download the JSON key file for the service account.
   • Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of the JSON key file.
3. Retrieve the list of managed zones:
   • Import the necessary modules in your Python script:
     Copy

     Ask AI

     from google.cloud import dns
     

   • Create a DNS client instance:
     Copy

     Ask AI

     client = dns.Client()
     

   • List all the managed zones in your project:
     Copy

     Ask AI

     zones = client.list_zones()
     

4. Identify vulnerable subdomains:
   • Iterate through the list of managed zones and check for subdomains with NS delegations:
     Copy

     Ask AI

     for zone in zones:
         subdomains = zone.list_resource_record_sets()
         for subdomain in subdomains:
             if subdomain.record_type == 'NS':
                 # Check if NS records are pointing to external nameservers
                 if subdomain.rrdatas != ['ns-cloud-d1.googledomains.com.', 'ns-cloud-d2.googledomains.com.',
                                          'ns-cloud-d3.googledomains.com.', 'ns-cloud-d4.googledomains.com.']:
                     print(f"Vulnerable subdomain: {subdomain.name}")
     

5. Remediate the vulnerable subdomains:
   • For each vulnerable subdomain, update the NS records to point to the correct Google Cloud DNS nameservers:
     Copy

     Ask AI

     for zone in zones:
         subdomains = zone.list_resource_record_sets()
         for subdomain in subdomains:
             if subdomain.record_type == 'NS' and subdomain.name == 'vulnerable-subdomain.example.com.':
                 # Update the NS records to use the correct Google Cloud DNS nameservers
                 subdomain.rrdatas = ['ns-cloud-d1.googledomains.com.', 'ns-cloud-d2.googledomains.com.',
                                      'ns-cloud-d3.googledomains.com.', 'ns-cloud-d4.googledomains.com.']
                 # Update the changes
                 zone.changes().create(additions=[subdomain]).commit()
                 print(f"Remediated subdomain: {subdomain.name}")
     

6. Run the script:
   • Save the Python script and run it using python script_name.py.
   • The script will identify and remediate the vulnerable subdomains by updating the NS records to use the correct Google Cloud DNS nameservers.