Anyone who knows more about tor than me care to explain how DNS works on onion sites?
I assumed that it would be distributed in some sort of way that prevented this sort of thing from happening? Or does transferring ownership require the owner's credentials to be compromized?
You seize the server running the tor software serving as entry-point for your hidden service and grab the private keypair in order to impersonate the hidden service.
The .onion address is iirc a hash of the public key.
The first one. In an ideal world (tm) you have two physical servers srv0/1, both with full-disk encryption and some form of remote KVM. srv0 is connected to the internet on eth0 and to srv1 on eth1.
Then you set up networking in a way that the only thing aside from absolute required services running on srv0 is your tor gateway, and no traffic from eth1 may pass through to eth0.
On srv1 you set up the usual services, e.g. mysql, lighttpd and whatever you need hosted.
Ideally, you keep srv0 and srv1 in different datacenters, if not even different countries.
I assumed that it would be distributed in some sort of way that prevented this sort of thing from happening? Or does transferring ownership require the owner's credentials to be compromized?