Understanding and Attacking DNS

Reading time: 2 – 2 minutes


The Domain Name System (DNS) is a distributed resource used by most every network application. DNS data is generally trusted implicitly; false data therefore can jeopardize the integrity of network traffic and allow attackers to play manin- the-middle with all traffic. DNS security depends on the client, server, and their respective trust relationship. Securing the trust relationship and building a reliable server can create a reliable and secure DNS structure for the system administrator behind your corporate and private communication requirements. Security of a DNS server varies according to its active role and name resolution requirements. Server responsibilities can be classified as one of three types. Depending on the need of the server, one specific role should be chosen; in particular situations, multiple roles can be supported simultaneously on one physical server. In this shared configuration, authoritative and resolver servers are generally together. Running an individual server for each DNS role is ideal, specifically in a large production environment. After understanding the individual roles and mechanics between each server and experiencing problems individually, an administrator can securely and reliably maintain multiple DNS roles on a single system. DNS security is custom for each type of server, each type of communication, and each common software distribution, all of which will be explained in this article via an in-depth walkthrough.