Squarespace #39
Comments
|
Thanks for the post. Although Squarespace took over Google Domains, these nameservers can still be obtained from Google Cloud per this article. For now, it looks like they are still vulnerable. And since this really relates to Google DNS Cloud (as Squarespace has it's own nameservers) I'm going to close this issue. |
indianajson
removed
the
Not Vulnerable
|
It took me a good bit of digging through issues here and Sqarespace docs to look for Squarespace's vulnerability, as finding the nameservers listed above on Squarespace's site was not simple and given my relatively small DNS knowledge I was still uncertain, thus the above. It at least seems worth including a mention in the README referring to the Google issue with a note, but given that Squarespace may change these defaults in the future I would argue for keeping this open but with an edit to note that this only true for those domains created with Google and then transferred. |
|
I do understand your point and appreciate the time you spent researching this issue. That said, the DNS server is controlled and managed by Google Cloud not Squarespace. Also, new DNS zones (domains) cannot be added to Squarespace, but can be added to Google Cloud. So it doesn't make sense to have two issues with the same nameservers when the affected service is Google Cloud. Squarespace just happens to use them at the moment. |
I might be misunderstanding this, but Squarespace is now acting as a general domain registrar and running their own nameservers for those newly registered on https://domains.squarespace.com/ I didn't see that as I only had google transferred domains. I grabbed a domain I'd wanted fresh from them and was able to get their nameservers: That definitely seems to make it worth re-opening this, but also removes my little bit of familiarity with the issue and I don't think I'm able to move it any further forward. I'm fine with someone else editing this issue or just leaving this and someone who knows what they're doing making a fresh one. |
|
Sorry for the delay. I want to briefly follow up and clarify my reasoning for you. The crux of the issue is Squarespace is a domain registrar, not a DNS provider (they don't allow users to add external DNS zones). This means there's no scenario where domains registered with them (and using their nameservers) are vulnerable to this type of cybersecurity threat. There are thousands of domain registrars, but only a percentage are DNS providers (for example, Bizland.com is both a registrar and DNS provider, thus they are included on the list). Since Squarespace is not a DNS provider it doesn't make sense to include them. Hope that helps clear things up! |
ServiceSquarespaceVulnerabilityUncertainNameserverns-cloud-d1.googledomains.com
ns-cloud-d2.googledomains.com
ns-cloud-d3.googledomains.com
ns-cloud-d4.googledomains.com
(By default, see below)
ExplanationSquarespace took over domains registered using Google Domains when the latter closed down about a year ago, though transfers to management through the former have occurred gradually for a variety of reasons. While Squarespace allows a user to set custom nameservers per-domain, the defaults are still all recorded as vulnerable in #2
I'm guessing there is a way I could check vulnerability, but my disability makes that very difficult. DNS is very much not my wheelhouse.
The text was updated successfully, but these errors were encountered: