Network Security

DNS Security

Risk: DNS poisoning and tunneling bypass security controls. Explore cache poisoning, tunneling, DoH/DoT, and DNSSEC protection.

NET-DNS-01Module ID
Hands-onLab Type
IntermediateLevel
Start Learning All Modules

Overview

Understand DNS trust, how poisoning works, tunneling techniques for exfiltration, and how modern protocols and DNSSEC mitigate risk.

Learning Outcomes

  • Explain recursive resolution and caching behavior
  • Demonstrate DNS cache poisoning scenarios
  • Detect and disrupt DNS tunneling patterns
  • Evaluate DoH/DoT visibility trade-offs
  • Validate zones and records with DNSSEC

Hands-on Labs

Run controlled poisoning attempts, generate tunneled traffic, test policy controls, and enable DNSSEC validation.

Defenses

Harden resolvers, restrict egress, monitor anomalies, and implement DNSSEC with alerting.

Launch OS3 Locally View on GitHub