DNS is a popular target for attackers due to its strategic role on the Internet. What type of attack uses recursive queries to poison the cache of a DNS server?

A.
DNS spoofing

B.
Manipulation of the hosts file

C.
Social engineering

D.
Domain litigation

Explanation:
A: DNS plays a strategic role in the transmission of traffic on the Internet. The DNS directs traffic to the appropriate address by mapping domain names to their corresponding
IP addresses. DNS queries can be classified as either recursive or iterative. In a recursive query the DNS server often forwards the query to another server and returns the
inquirer the proper response. In an iterative query, the DNS server responds with an address for another DNS server that might be able to answer the question, and the client
then proceeds to ask the new DNS server. Attackers use recursive queries to poison the cache of a DNS server. In this manner, attackers can point systems to a Web site that
they control and that contains malware or some other form of attack. Here’s how it works: An attacker sends a recursive query to a victim DNS server asking for the IP address of
the domain www.logicalsecurity.com. The DNS server forwards the query to another DNS server. However, before the other DNS server responds, the attacker injects his own
IP address. The victim server accepts the IP address and stores it in its cache for a specific period of time. The next time a system queries the server to resolve
www.logicalsecurity.com to its IP address, the server will direct users to the attacker’s IP address. This is called DNS spoofing or DNS poisoning.
B is incorrect because manipulating the hosts file does not use recursive queries to poison the cache of a DNS server. A client first queries a hosts file before issuing a
request to a DNS server. Some viruses add invalid IP addresses of antivirus vendors to the hosts file in order to prevent the download of virus definitions and prevent detection.
This is an example of manipulating the hosts file.
C is incorrect because social engineering does not involve querying a DNS server. Social engineering refers to the manipulation of individuals for the purpose of gaining
unauthorized access or information. Social engineering takes advantage of people’s desire to be helpful and/or trusting. It is a nontechnical attack that may use technology in its
execution. For example, an attacker might pose as a user’s manager and send him a spoofed e-mail asking for the password to an application. The user, wanting to help and
keep his manager’s favor, is likely to provide the password.
D is incorrect because domain litigation does not involve poisoning a DNS server’s cache. Domain names are subject to trademark risks, including the temporary unavailability
or permanent loss of an established domain name. A victim company could lose its entire Internet presence as a result of domain litigation. Organizations concerned over the
possibility of trademark disputes related to their domain name(s) should establish contingency plans. For example, a company may establish a second, unrelated domain that
can still represent the company’s name.