Client adds a domain with the same name as an existing nameserver

[daniel ferr]

Today I had a problem with a domain being unreachable through email. After some investigation, I found out a client added the following domain to his account: ns12.wixdns.net (likely not on purpose), which happens to be the nameserver of many wix hosted websites. So sending emails to those domains failed for every server on our network.

Did I just stumble on a vulnerability? I was wondering what could be done to avoid this happening again.

 

[cPanelAnthony]

Hello! This does not sound like a vulnerability. It sounds like an incorrect nameserver was just added somehow. It could have happened due to a variety of reasons that we cannot verify without access, and likely wouldn't be able to investigate too well since the issue is resolved.

When you say he added that nameserver to the account, in what way? Did the DNS zones have their nameservers replaced with the nameserver? What interface was this added in that caused email to stop working?