This post is going to have a lot of DNS Gotcha's, I will try my best to link relevant articles to those keywords.

Approach

I was recursively following all the possible delegation paths for the GTLD and graphing the relationships between various nameservers along the way. This can be seen as in the following example for the TLD : net
The DNS Delegation Tree for .net TLD

Key Takeaways from the Graph:

  • White NS Nodes: These are nameservers which have delegated the query to another nameserver and have not responded authoritatively to the query.
  • Blue NS Nodes: These are nameservers which have answered authoritatively to the query.

There is no irregularity in the results obtained and that is how ideally NS records should be configured.

The Misconfigured GTLD

In my investigation using all existing public suffix domains, I found that one of the GTLD's was poorly configured. The GTLD is : ni
Have a look at the following DNS delegation tree for the GTLD:
The DNS Delegation Tree for .ni TLD

Key Findings:

  • Red NS Nodes: These are nameserves which were found to have no IP address associated with them. They are essentially dead-ends because the resolver has no way to send queries to them.
  • Yellow DNS Error Nodes: These are DNS errors which occured while recursing the chain.

Wow, so what it means is, someone configured the registry incorrectly for the GTLD!

Next Step:

Now that we know that the GTLD ni. points it's NS records to dns.cr. and ns.cr. we try to see if any of those domains are available for purchase.
alt alt

We are in luck! One of the non existent Nameservers is available for purchase, and only for $149.99!

Impact

If someone so chooses, they can purchase the domain ( available at the time of this writing ), and point the NS for the domain to their own Nameservers and potentially hijack all the traffic coming to .ni Domains. With this targetted domain registration, someone can effectively take over all Domains under this TLD. The possibilities are limitness, if someone so chooses.
To configure your own DNS Server : Go Here