I believe this is done using IP rerolling. Basically; a DNS record is created by the domain’s owners to an IP address to verify its ownership. However over time, there might be reasons where the original servers loses the initial IP they were given. This is typically not a problem as long as the IP in the DNS records is updated. However if the subdomain stops being used via official means and people behind it does not delete their subdomain records from the DNS; A malicious actor could reroll their IP until they get the desired IP; and they can control that subdomain if they do.
In this day and age you need to be very careful abandoning anything in the cloud. My employer regularly contracts with HackerOne to test the security of our websites. On at least one occasion they demonstrated an exploit by creating an AWS S3 bucket with the same name as a bucket we stopped using years ago. We still had an old DNS record pointing to that old bucket if I recall correctly…
I believe this is done using IP rerolling. Basically; a DNS record is created by the domain’s owners to an IP address to verify its ownership. However over time, there might be reasons where the original servers loses the initial IP they were given. This is typically not a problem as long as the IP in the DNS records is updated. However if the subdomain stops being used via official means and people behind it does not delete their subdomain records from the DNS; A malicious actor could reroll their IP until they get the desired IP; and they can control that subdomain if they do.
Btw, slightly related: never abandon your old email adress.
In this day and age you need to be very careful abandoning anything in the cloud. My employer regularly contracts with HackerOne to test the security of our websites. On at least one occasion they demonstrated an exploit by creating an AWS S3 bucket with the same name as a bucket we stopped using years ago. We still had an old DNS record pointing to that old bucket if I recall correctly…