Let’s take a quick glance at how client & server communication starts. When you browse any websites & you type a human-readable domain name (i.e followcybersecurity.com) but behind the scene, Two computers (i.e client & server) do not understand the domain. They communicate by IP (Internet protocol) & MAC (Medium access control) address. DNS Service is used to find out the IP address of your domain, and once the browser finds the destination (i.e server) address, it starts communicating.
What is the concern in DNS Service?
When a device makes DNS request to find out the IP address of some domain, DNS request is made in plain text & that is readable over the network. There is no encryption used in DNS request or response. This plain text communication is vulnerable & dangerous as well. The most common attack in DNS service is DNS spoofing attack.
Traditional DNS queries and responses are sent over UDP or TCP without encryption. This is vulnerable to eavesdropping and spoofing (including DNS-based Internet filtering). Responses from recursive resolvers to clients are the most vulnerable to undesired or malicious changes, while communications between recursive resolvers and authoritative name servers often incorporate additional protection.– Google
So, What is Spoofing Attacks?
A spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware or bypass access controls. There are several different types of spoofing attacks that malicious parties can use to accomplish this.
Take a look below references for more details on spoofing attacks & DNS TLS security.
- DNS-over-TLS Document https://developers.google.com/speed/public-dns/docs/dns-over-tls
- All about Spoofing attack https://www.veracode.com/security/spoofing-attack