DNS amplification DoS attack
A (Domain Name System) DNS amplification attack exploits open DNS resolvers by performing a spoofed query of all record types for a given domain. The effectiveness of this attack can be increased by employing a DDoS component as well by sending requests to multiple open resolvers simultaneously.
Getting ready
To simulate a DNS amplification attack, you will need to either have a local name server or know the IP address of an open and publically accessible name server. In the examples provided, an installation of Ubuntu is used as a scan target. For more information on setting up Ubuntu, please refer to the Installing Windows Server recipe in Chapter 1, Getting Started.
How to do it…
In order to understand how DNS amplification works, one can use a basic DNS query utility such as host, dig, or nslookup. By performing a request for all record types associated with a well-established domain, you will notice that some return a fairly sizable response:
root@KaliLinux...
