Domain Name System covert channel attack(DNS covert channel attack)
A form of attack in which a cyberattacker uses the DNS channel to evade an organization’s network security systems. In an attack through the DNS channel, attackers use specially crafted DNS queries to download malware onto infected computers. They can also use this technique to extract sensitive information from infected computers inside one or more organizations.
Domain Name System Forum(DNS Forum)
A regional conference where individuals and groups that are key stakeholders in the DNS meet and discuss issues of relevance to their region. Regional and global Internet organizations sponsor DNS Forums in various regions around the world. Key to ICANN's regional outreach efforts, these forums raise awareness and foster collaboration among regional stakeholders and encourage involvement in ICANN’s multistakeholder process.
Domain Name System misuse(DNS misuse)
Any activity that uses the DNS protocol or the domain name registration process to carry out malicious or illegal activity. Misuse activities include hijacking domain names, registering domain names to sell counterfeit merchandise, using the DNS to distribute spam, and exploiting the DNS protocol to launch denial-of-service attacks.
Domain Name System query(DNS query)
A DNS query often contains a request for the Internet Protocol (IP) address of a specific host or domain name. For this type of query, the name server responds with either 1) the requested IP address, 2) the IP address of the next name server in the path of authority, or 3) an NXDOMAIN error code, which signals that the requested host or domain name does not exist.
Domain Name System reflection attack(DNS reflection attack)
A technique in which an attacker sends a request to a name server using a falsified (spoofed) source Internet Protocol (IP) address. The spoofed IP address not only conceals the location of the attacker, it also causes the name server to direct responses to the attacker’s intended target.
Attackers often use this technique in denial-of-service attacks to flood a targeted name server with query traffic.
Domain Name System resource exhaustion attack(DNS resource exhaustion attack)
An attack in which the attacker continuously queries a name server with the intent of depleting a resource that is essential to the server’s operation. In one type of exhaustion attack, the attacker continuously opens connections on a name server, but does not complete the connection process for any of them. The incomplete connections eventually consume available memory on the name server, preventing it from opening any legitimate connections.
Domain Name System response modification attack(DNS response modification attack)
An attack on the DNS in which the operator of a name server manipulates response messages to queries for nonexistent domain names. Instead of delivering the response message to the Internet user, the name server delivers a synthesized message that contains an Internet Protocol (IP) address selected by the operator.
Operators that manipulate DNS response messages in this way often redirect users to sites that provide a search engine or sites that display pay-per-click advertising.
Domain Name System Response Policy Zone(DNS RPZ)
A file that identifies domain names that are known (or suspected) to resolve to Internet Protocol (IP) addresses that host botnet command-and-control servers or other malicious content.
Zone administrators in the DNS deploy RPZs to create firewalls around their recursive resolvers. The resolvers check the RPZ when they receive requests to resolve domain names. If a requested domain appears in the RPZ, the resolver can return an error message or redirect the requestor to a web page that provides malware detection and remediation instructions.
Domain Name System Security Extensions(DNSSEC)
A technology that helps secure domain name lookups by incorporating a chain of digital signatures into the lookup process. Using DNSSEC, resolvers can determine whether the query responses they receive have been generated by authenticated DNS servers. By accepting only authenticated query results, resolvers can prevent attackers from hijacking the lookup process and directing Internet users to deceptive websites. Full deployment of DNSSEC ensures that users are connected to the Internet Protocol (IP) address that genuinely corresponds to the domain name specified in a uniform resource locator (URL).
Domain Name System traffic amplification attack(DNS traffic amplification attack)
A technique that attackers use to magnify the effect of a cyberattack on a name server or resolver. With this technique, attackers amplify DNS traffic by issuing queries that deliver huge response messages to the targeted name server or resolver.
Domain Name System vulnerability exploitation attack(DNS vulnerability exploitation attack)
An attack in which the attacker takes advantage of a vulnerability (e.g., a bug or a security hole) in the DNS server software. Some attackers use this form of attack to disable a name server. For example, they might craft an unorthodox DNS message to cause a targeted name server to fail. Other attackers exploit vulnerabilities that allow them to gain administrative control over a name server.
Domain Name System zone(DNS zone)
A segment of the DNS namespace to which administrative authority has been delegated. For example, when sections of the root zone are delegated as top-level domains (TLDs), each TLD becomes an independently administered DNS zone. Likewise, when a TLD divides its namespace into second-level domains, it generally delegates administrative authority to each of those domains, thus creating additional DNS zones.
A parent domain at any level in the DNS hierarchy can optionally delegate administrative authority to any or all its subdomains (children). A zone always starts at a domain boundary and includes a zone file identifies the host servers over which it has administrative authority. A zone ends at the boundary of another independently administered zone.