DNS amplification DoS attack
A (Domain Name System) DNS amplification attack exploits open DNS resolvers by performing a spoofed query of all record types for a given domain. The effectiveness of this attack can be increased by employing a DDoS component as well by sending requests to multiple open resolvers simultaneously.
Getting ready
To simulate a DNS amplification attack, you will need to either have a local name server or know the IP address of an open and publically accessible name server. In the examples provided, an installation of Ubuntu is used as a scan target. For more information on setting up Ubuntu, please refer to the Installing Windows Server recipe in Chapter 1, Getting Started.
How to do itβ¦
In order to understand how DNS amplification works, one can use a basic DNS query utility such as host, dig, or nslookup. By performing a request for all record types associated with a well-established domain, you will notice that some return a fairly sizable response:
root@KaliLinux...
