I examined a whole load of DNS Records (automatically) to check for this problem under DigitalOcean and Vultr a couple of months ago, but for "stray" name-servers rather than poorly assigned A records. There are more vulnerable domains than you might think.
You mean domains with NS records pointing to nameservers - but no existing records? Such that you can upload your own records, and essentially steal the domain?
I did something like that too, a while back. Particularly a problem for people who "retire" services without cleaning up, and who use DigitalOcean, CloudFlare, and similar services.
Yes, exactly. I found a few domains with "stray" nameservers... for instance, two nameservers for provider A, and another one (or two) for provider B -- where provider B was someone like DigitalOcean, with no associated records.
