DNS security
The Domain Name System is foundational internet infrastructure and a frequent target for attackers. Learn how DNS works, common DNS-based attacks, and the security mechanisms that protect domain resolution.
Start with essential reading for a fast overview, then move into deep dives and reference material as you need it.
Start with essentialsEssential reading
DNS records explained
DNS record types define how domain names resolve to addresses, route mail, delegate authority, and verify ownership. This reference covers A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, SRV, and CAA records along with their security implications.
What is DNS abuse?
DNS abuse is any harmful activity that exploits domain names or the DNS protocol, but defining exactly what qualifies, who should act, and how to respond without causing collateral damage has been one of the most divisive questions in internet governance. This guide covers the competing definitions, the key distinctions that determine appropriate response, and the governance framework that has emerged.
What is DNS security?
DNS security encompasses protecting DNS infrastructure from attacks and using DNS as a control point for threat detection. This guide covers integrity protections like DNSSEC, confidentiality protocols like DoH and DoT, availability defenses, and the role of DNS logging in security operations.
What is DNS?
The Domain Name System translates human-readable domain names into IP addresses through a hierarchical resolution process. This guide covers how DNS queries flow from stub resolvers through recursive and authoritative servers, along with caching, transport protocols, and core record types.
What is DNSSEC?
DNSSEC adds cryptographic signatures to DNS responses, allowing resolvers to verify that data is authentic and unmodified. This guide explains the chain of trust, key record types, what DNSSEC does and does not protect against, and why adoption remains incomplete.
Deep dives
DNS cache poisoning
DNS cache poisoning injects forged responses into a resolver's cache, silently redirecting users to attacker-controlled servers. This guide covers the classic attack, the Kaminsky technique, UDP vulnerabilities, and modern mitigations including DNSSEC and source port randomization.
DNS hijacking
DNS hijacking is the unauthorized modification of DNS resolution, redirecting traffic by compromising registrar accounts, rogue servers, or local resolver settings. This guide covers the major hijacking methods, how they differ from cache poisoning, and detection strategies.
DNS tunneling
DNS tunneling encodes data within DNS queries and responses to bypass network controls, enabling command-and-control communication and data exfiltration. This guide covers the encoding mechanism, malicious and legitimate uses, and detection signals.
Subdomain takeover
Subdomain takeover occurs when a DNS record points to a deprovisioned external service, allowing an attacker to claim the endpoint and serve content under the victim's subdomain. This guide covers the dangling CNAME mechanism, common vulnerable services, impact, and prevention.
What are MX records?
MX records are DNS records that specify which mail servers receive email for a domain, using priority values to determine delivery order. This guide covers how MX records work, redundancy through multiple records, null MX for non-mail domains, and the security implications of MX configuration.
What are name servers?
Name servers are the authoritative DNS servers that hold zone data and respond to queries for a domain. This guide covers the delegation model, NS records, glue records, the distinction between authoritative and recursive servers, and why NS record security is critical.
What are TXT records?
TXT records are flexible DNS records used for email authentication (SPF, DKIM, DMARC), domain verification, and certificate issuance challenges. This guide covers their major uses, structure, security considerations, and enumeration risks.
What is DNS filtering?
DNS filtering blocks access to malicious or unwanted domains by intercepting queries at the resolver level. This guide covers how filtering works, common use cases from malware protection to compliance, and the limitations introduced by encrypted DNS protocols.
Put what you learn into practice
Monitor typosquats, investigate infrastructure, and move from reading to detection with continuous domain coverage built for security teams.