top of page

Domain Name System

Acronym:

DNS

Full Name:

Domain Name System

RFC:

1035

Ports:

53 UDP/TCP

Level:

Protocol / Basic

domain name system- how it work, threats and mitigation

DNS Explanation

  • Domain Name System converts hostnames and internet domains to IP addresses and vice versa.

  • DNS works in a client-server model. The client accepts and receives responses from the DNS server.

  • The following are the two types of request:

    • Forward DNS lookup: Request containing names and resulting in an IP Address.

    • Reverse DNS lookup: Request containing IP address and resulting in names.

How DNS works

It consists of a database present on various computers. This database contains information relating to domains, host names, and IP addresses. The client, your web browser, sends a request to look up, for example, www.google.com. Then the DNS resolver determines the destination IP address using the DNS server. The DNS resolver then forwards the request to other DNS servers, in case it does not achieve the desired mapping from the requested DNS server.




Top DNS attacks used by malicious actors

Domain Hijacking/Redirection

  • Local DNS Hijacking.

  • Router DNS Hijacking.

  • Man In The MIddle DNS attacks.

  • Rogue DNS Server.


Distributed Reflection Denial of Service (DRDos)

  • Threat actos spoof source IP to generate massive number of responses to the target of the attack.


DNS Tunneling

  • Used to extiltrate data from organizations.


DNS Flood Attack

  • Threat actor target's one or more DNS servers to disrupt DNS service by sending numerous request.


Cache Poisoning

  • Attackers posiong DNS caches by impersonating a DNS name sever.


DNS Spoofing Attack

  • Can be achieved by DNS redirection.

  • Can be achieved by Cache Poisoning.


Phantom Domain Attack

  • Threat actor sets up a "Phantom" domain that does not respond to DNS queries.

  • Causes server to recursively spend resources waiting for querie answers.


Why Should you worry?

  • DNS servers are always open to the internet, meaning they are vulnerable to attacks and possible exploits.

  • Organizations can be impacted by several types of DNS attacks.

  • Valuable data can be stolen by the use of DNS tunneling.

What can you do?

  • Several mitigations can be applied depending on the case or vulnerability that needs to be mitigated.

  • Rate limit DNS request.

  • Block known threat actors proxy IPs.

  • Compare DNS requests against blacklist of identified malicious Domains.

bottom of page