Amazon Route 53
      Back to home
      1. CNS Policies
      2. AWS Knowledge Base
      3. Amazon Route 53

      Domain Transfer Lock Not Enabled

      Risk Level: Medium

      Description

      This plugin ensures domains have the transfer lock feature enabled. Transfer Lock Feature (TLDs) locks your domain, preventing other users, who have access to the domain, from transferring the domain to another registrar without your permission. Unless you are actively transferring domains, it is recommended to enable TLDs to lock your domain. NOTE: In order to transfer a domain, user would still need to request an authorization code(except for .co.za, .es, .jp, .ru, .uk, .co.uk, .me.uk, and .org.uk domains).

      About the Service

      Amazon Route 53 is a cloud Domain Name System (DNS) web service that is highly accessible and scalable. It is intended to provide developers and businesses with a highly dependable and cost-effective method of routing end users to Internet applications.

      Amazon Route 53 connects user requests to AWS infrastructure such as Amazon EC2 instances, Elastic Load Balancing load balancers, and Amazon S3 buckets, as well as equipment outside of AWS. 

      Impact

      In the absence of this feature, domains can be transferred to another registrar by others without your permission. Enabling this feature will ensure the full control of the domain is with you.  To ensure if the registry for your domain lets you lock the domain, see Domains that you can register with Amazon Route 53.

      Steps to reproduce

      1. Sign in to your AWS console.
      2. Navigate to Route 53 dashboard at: https://console.aws.amazon.com/route53/
      3. Click Registered Domains on the left navigation window, under Domains.
         
      4. Select the domain you want to examine.
      5. Check the Transfer-Lock status. If it is set to Disabled, the vulnerability exists.
      6. Repeat the steps for each domain name currently registered with AWS Route 53.

      Steps for remediation :

      Enable the transfer lock feature for the domain:

      1. Sign in to your AWS console.
      2. Navigate to Route 53 dashboard at: https://console.aws.amazon.com/route53/
      3. Click Registered Domains on the left navigation window, under Domains.
         
      4. Select the vulnerable domain.
      5. Click Enable next to Transfer Lock.
      6. Repeat the steps for all vulnerable domain names currently registered with AWS Route 53.