Someone is using my domain

I recently found out that there is a site attached to my domain that is not mine. I found this out while visiting my domain as I was going to use it for a test project. This is my domain and been owning it since 2013.

When I look up the DNS records they are resolving in a bunch of different countries. Anyone ever seen this?

To provide more context. My domain is [carlosbaston.com](http://carlosbaston.com) which should not have any site attached to it. You can clearly see that it points to [185.200.241.126](http://185.200.241.126) which I do not own at all. When doing a DNS lookup on it it resolves in a bunch of countries but the USA which is where I’m from.

Can this be reported or blocked?

Thanks in advance.

To get a bit more context - do you currently manage this domain’s DNS using Cloudflare on an account you own?

Its in the middle of transferring from domain.com to Cloudflare. I have not changed anything on the cloudflare side as its still pending along with some other domains.

Nowhere within my DNS records in domain.com am I pointing it to 185.200.241.126 which is where its going.

It looks like your domain’s nameservers were previously configured to make use of Digitalocean for DNS. If you did not do that, I would recommend changing the password at your domain registrar and perhaps adding 2FA if not done yet.

Within ~24-48 hours the nameserver change for Cloudflare will be globally propagated and you should no longer see your domain going to that unknown server.

1 Like

Yes I did do that a while back as I was hosting a site via Digital Ocean. That part I understand just confused on how its resolving to something else.

I’m hoping the new nameservers will fix the issue.

Thanks for your help @arunesh90

Check your (old) DigitalOcean account, and see if there is DNS for your domain with them on that DigitalOcean account.

If there is, your DigitalOcean account may have been compromised, and the DNS made to point elsewhere.

If you can trust the SOA record on DigitalOcean, it could appear that the latest change made to the DNS on their servers was around 2022-04-25T07:36:58Z.

If you want to spend time on it, the stuff above would be the first place I would look.

The new nameservers should gradually be repairing the issue over the next few days following your change of them.

If you will make it even harder for people to play around with your things, including your domain(s):

  1. Add 2FA as mentioned above.

  2. Once your domain has successfully been transferred to Cloudflare, enable DNSSEC.
    https://dash.cloudflare.com/?to=/:account/:zone/dns/settings

Cloudflare should then be adding a DS record to the parent zone (e.g. the .com zone).

DNSSEC validating DNS resolvers will then verify whether the DNSSEC-signed zone is matching (verifying successfully) with the cryptographic hash from the DS record, and if not, return a failure due to a bogus response.

That said:

If the underlying issue is the failure to protect your accounts (e.g. similar to a compromised DigitalOcean account as mentioned above), DNSSEC alone won’t be of much assistance there.

So make sure you also do whatever you can in that direction, regarding securing the access to your account(s).