You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
The Domain Name System (DNS) translates human-readable domain names into IP addresses. It is one of the most critical — and most targeted — components of network infrastructure. A compromised DNS can redirect users to malicious sites, intercept communications, and disrupt entire organisations.
1. User types "example.com" in browser
│
2. Check local cache → Not found
│
3. Query recursive resolver (ISP or corporate DNS)
│
4. Resolver queries root nameserver → Refers to .com TLD
│
5. Query .com TLD nameserver → Refers to example.com authoritative NS
│
6. Query authoritative nameserver → Returns IP: 93.184.216.34
│
7. Resolver caches result and returns to client
│
8. Browser connects to 93.184.216.34
| Record | Purpose | Example |
|---|---|---|
| A | Maps domain to IPv4 address | example.com → 93.184.216.34 |
| AAAA | Maps domain to IPv6 address | example.com → 2606:2800:220:1:... |
| CNAME | Alias for another domain | www.example.com → example.com |
| MX | Mail exchange server | example.com → mail.example.com |
| TXT | Text records (SPF, DKIM, DMARC) | Used for email authentication |
| NS | Authoritative nameserver | example.com → ns1.example.com |
| SOA | Start of Authority — zone metadata | Primary NS, serial number, refresh |
| PTR | Reverse DNS — IP to domain | 34.216.184.93 → example.com |
| Attack | Description | Impact |
|---|---|---|
| DNS Spoofing / Cache Poisoning | Injecting false records into a resolver's cache | Users redirected to malicious sites |
| DNS Hijacking | Compromising DNS settings on the client, router, or registrar | Traffic redirected to attacker-controlled servers |
| DNS Tunnelling | Encoding data in DNS queries to exfiltrate data or bypass controls | Data theft, command-and-control communication |
| DNS Amplification DDoS | Using open resolvers to amplify DDoS traffic | Target overwhelmed with traffic |
| Domain Hijacking | Gaining control of a domain through registrar compromise | Full control of the domain |
| NXDOMAIN Attack | Flooding a resolver with queries for non-existent domains | Resolver resource exhaustion |
| Typosquatting | Registering domains similar to legitimate ones | Phishing, credential theft |
1. Attacker sends many forged DNS responses to the resolver
2. If a forged response arrives before the legitimate one:
→ Resolver caches the WRONG IP address
3. All users querying that domain get the WRONG IP
→ Redirected to attacker's server
DNSSEC adds cryptographic signatures to DNS records, allowing resolvers to verify that responses have not been tampered with.
| Component | Purpose |
|---|---|
| RRSIG (Resource Record Signature) | Digital signature for each DNS record set |
| DNSKEY | Public key used to verify RRSIG signatures |
| DS (Delegation Signer) | Hash of the child zone's DNSKEY, stored in the parent zone |
| NSEC / NSEC3 | Proves that a domain does NOT exist (prevents cache poisoning of non-existent domains) |
Root Zone (signed)
│ DS record
▼
.com TLD (signed)
│ DS record
▼
example.com (signed)
│ RRSIG
▼
A record: 93.184.216.34 ← Verified!
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.