DNS attacks – A simple way to gauge the extent of the danger posed by DNS vulnerability is to look at the sheer number of attack types currently being launched. This is not all of them and new ones are emerging.
Direct DNS amplication attacks congest DNS server outbound bandwidth by sending a large number of DNS queries that provoke a response up to 70 times the size of the request.
Reflection attacks use a third-party DNS server to send queries that include the victim’s IP address as the source IP in the query, so responses flood the victim’s address, bringing down the site.
Distributed reflection DoS (DrDoS) attacks combine reflection and amplification to significantly increase the size of the response to the initial queries—and the likelihood that the victim’s server will be overwhelmed.
TCP/UDP/ICMP flood attacks are volumetric attacks with massive numbers of packets that consume a network’s bandwidth and resources.
DNS-based exploits make use of software bugs in protocol parsing and processing implementation to exploit vulnerabilities in DNS server software.
DNS cache poisoning consists of inserting a false address record into the DNS query, so that subsequent requests for the address of the domain are answered with the address of a server controlled by the attacker.
Protocol anomalies send malformed DNS packets, including unexpected header and payload values, to the targeted server, making it stop responding or crash by causing an infinite loop in server threads.
Reconnaissance consists of attempts to get information on the network environment before launching a large DDoS or other type of attack.
DNS tunneling involves tunneling another protocol through DNS port 53 – which is allowed if the firewall is configured to carry non-DNS traffic — for the purposes of data exfiltration.