DNS system security
Authoritative Name Server:
- The source of truth for part of the hierarchy (root(.), org, undeadly.org)
- knows the answer (NOERROR)
- knows that there is no answer (NXDOMAIN)
-- florian@OpenBSD.org, unwind(8) presenter, openbsd.org
Our DNS is Under Attack is not something anyone wants to hear. DNS's critical role is a threat attacker. Taking out DNS is easier than trying to take down a web site. Smart miscreants have a playbook of offensive DNS attack techniques that they can use against any organization.
– John Rattray, https://www.youtube.com/watch?v=SibkqOvUnEI