Domain Name System (DNS)¶

The Domain Name System (DNS) serves as the fundamental phonebook of the internet, translating human-readable domain names into machine-readable IP addresses. This critical yet often trust-based infrastructure presents a vast and complex attack surface. From its core protocol mechanics to modern encrypted iterations (DoH, DoT, DoQ) and its deep integration with cloud and supply chain ecosystems, DNS is a prime target for exploitation.

Weaponising the internet's phonebook for infiltration and disruption.

Overview attacks on DNS

Disclaimer¶

An attack tree is structural, not operational. It exists in the comfortable world of pure logic, where things either work or they don’t, gates either open or stay closed, and time is merely a dimension I/you/we draw an arrow along.

It’s comprehensive. It has branches for sub-prefix hijacking, exact-prefix hijacking, squatting attacks, path manipulation, and several dozen other variations. Each node connects logically to its children. The structure is clean.

Until someone takes a tree seriously enough to ask but what would this actually *look* like?