- howdns.works
- A warm welcome to DNS
- 35C3 - Domain Name System - Hannes Mehnert
- Let's hand write DNS messages | James Routley
- DNS Wars
- DKIM demystified
- DNS for Rocket Scientists
- An interview with Paul Mockapetris, the creator of the DNS
- Why updating DNS takes time
- (All) DNS Resource Records - netmeister.org
- How to use dig
- Mess with DNS
- Life of a DNS query
- The multiple meanings of "nameserver" and "DNS resolver"
- NsLookup.io - Learning Center
- Build your own DNS server
- zonemaster
- dnssec-monitor
- dnstwist
- octodns
- opendnssec
- DNSCurve: Usable security for DNS
- denominator
- nmap dns-fuzz
- Yeti DNS
- NicTool
- cullum/dank-selfhosted
- atomiadns
- dnsjava
- dog
- deSEC
- The GNU Name System
- DNS query/response logging with dnstap - Jan-Piet Mens
- How Cloudflare analyzes 1M DNS queries per second
- On the surprising connection between the magic HyperLoglog and DNSSEC NSEC3
- The Domain Abuse Activity Reporting System
- ISC Passive DNS Architecture
- Farsight DNSDB API Documentation
- Passive observations of a large DNS service - Wouter de Vries
- Passive DNS Replication - enyo.de
- Alternatives to Passive DNS Replication - enyo.de
- Passive DNS Replication WHOIS Server - enyo.de
- Exposure: a Passive DNS Analysis Service to Detect and Report malicious Domains
- Building a local passive DNS capability for malware incident response
- Automatic provisioning of slave DNS servers - Jan-Piet Mens
- How the AXFR protocol works
- Managing DNS Zones Using Git - Ondřej Caletka
- Posh Security: Managing DNS with DNSControl, CloudFlare, DNSimple, Github, VSTS, Key Vault, and Docker!
- How Knot-DNS simplifies adding member zones to a catalog zone
- DomainChroma: Building actionable threat intelligence from malicious domain names
- The Modality of Mortality in Domain Names
- Esoteric sub-domain enumeration techniques
- OpenBSD as an authoritative DNS nameserver
- Bitsquatting: DNS Hijacking without Exploitation - Artem Dinaburg
- Observations on checksum errors in DNS queries to verisign's name servers - Duane Wessels
- DNS Response Policy Zones
- DNS over TLS: Encrypting DNS end-to-end - Facebook Code
- Posh Security: Advice on Mitigating DNS Infrastructure Tampering
- DNS Security: Threat Modeling DNSSEC, DoT, and DoH
- New Adventures in DNSSEC and DANE
- Bitsquatting: DNS Hijacking without exploitation
- Hijacking of abandoned subdomains part 2
- A security researcher commandeered a country’s expired top-level domain to save it from hackers
- Bitsquatting microsoft.com
- The Duct Tape Holding the Internet Together
- Sinkholed
- The Hijacking of perl.com
- How MarkMonitor left > 60,000 domains for the taking
- Deep inside a DNS amplification DDOS Attack
- DNS Cache Poisoning Attack: Resurrections with Side Channels
- Does Your Domain Have a Registry Lock?
- A Deep Dive on the Recent Widespread DNS Hijacking Attacks
- I figured out how DMARC works, and it almost broke me
- Email Authenticity 101: DKIM, DMARC, and SPF
- What can you learn from an IP address?
- The life cycle of phishing pages
- DNS settings to avoid spoofing and phishing for unused domain
- The Sender Policy Framework (SPF) - netmeister.org
- IDN is crazy
- can I speak to your manager? hacking root EPP servers to take control of zones
- Exploiting DNS response parsing on the Wii U
- OpenDNSSEC Lab & Training
- How To Set Up DNSSEC on an NSD Nameserver on Ubuntu 14.04
- DNSSEC Signer Migration
- Resilient OpenDNSSEC
- Against DNSSEC - Quarrelsome
- DNSSEC-bis for complete beginners (like me)
- The role of DNS and DNSSEC in information security
- DNSSEC - The Good The Bad and The Very Bad
- 14 DNS Nerds Don't Control The Internet - Quarrelsome
- Parents, children, CDS/CDNSKEY records, and dnssec-cds
- DNSSEC provisioning automation with CDS/CDNSKEY in the real world - Jan-Piet Mens
- For DNSSEC - easyDNS
- Major DNSSEC Outages and Validation Failures
- Red means Kaputt: when DNSSEC turns into a treasure hunt
- DNSSEC and Zone Transfers: What You Need to Know
- The .io Error - Taking Control of All .io Domains With a Targeted Registration | The Hacker Blog
- The Journey to Hijacking a Country's TLD - The Hidden Risks of Domain Extensions | The Hacker Blog
- Hacking Guatemala’s DNS – Spying on Active Directory Users By Exploiting a TLD Misconfiguration | The Hacker Blog
- Respect My Authority – Hijacking Broken Nameservers to Compromise Your Target | The Hacker Blog
- Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System | The Hacker Blog
- The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean | The Hacker Blog
- The International Incident – Gaining Control of a .int Domain Name With DNS Trickery | The Hacker Blog
- Microsoft Azure data deleted because of DNS outage
- DNSpionage Campaign Targets Middle East - Talos
- A Deep Dive on the Recent Widespread DNS Hijacking Attacks - Krebs on Security
- Buying a single character domain – and 3 character FQDN – for £15
- DNSSEC issues take Fiji domains offline
- A lock with many keys: Spoofing DNSSEC-signed domains in 8.8.8.8
- Detecting DNS Root Manipulation
- Measuring Encrypted-DNS Censorship Using OONI Probe
- NameCheap's email hacked to send Metamask, DHL phishing emails
- “The DNS Camel”, or, the rise in DNS complexity - Bert Hubert
- How we made our DNS stack 3x faster
- Why We Built Our Own DNS Infrastructure - Replit
- Please do not put IP addresses into DNS MX records
- The Perils of an .xyz Domain
- Tackling Email Spoofing and Phishing
- Understanding How Facebook Disappeared from the Internet
- What's in a hostname?
- DNS Openness - RIPE Labs
- Fun with the DNS SOA expire field
- What happens to TLDs when their country stops existing?
- DNS Esoterica - Why you can't dig Switzerland
- Breaking DKIM - on Purpose and by Chance
- TLDs -- Putting the '.fun' in the top of the DNS
- DNS Response Size
- Stop using ridiculously low DNS TTLs
- International domain names: where does https://meßagefactory.ca lead you?
- Who reads your email?
- Finding the services companies use via their TXT records
- Use of HTTPS Resource Records
- Infection Method: Domain Takeover
- That time Verisign typo-squatted all of .com and .net
- DEF CON 16 - Dan Kaminsky: Black Ops 2008
- High-speed high-security cryptography: encrypting and authenticating the whole Internet - Daniel J. Bernstein
- Bert Hubert “DNS is the Gateway to Good & Bad: How OX helps to secure the Internet”
- Bert Hubert "HyperLogLog inspired three-minute scan of DNSSEC delegations worldwide"
- Detecting and Preventing Malicious Domain Registrations in the .eu TLD - Lieven Desmet
- Paul Vixie talks about DNS over HTTPS
- 36C3 - Email authentication for penetration testers
- #rC3 - Encrypted DNS, Episode II
- You have No Idea Who Sent that Email: 18 Attacks on Email Sender Authentication
- gpn20 - Breaking things with emoji
- Bizarre and Unusual Uses of DNS
- Learning DNS by Julia Evans
- DNS Security: In-depth Vulnerability Analysis and Mitigation Solutions
- DNSSEC Mastery: Securing the Domain Name Service with BIND
- Managing Mission - Critical Domains and DNS
- DNSViz
- Dig web interface - online dns lookup tool
- Nameserver Predelegation Check Webinterface
- DNS Toys
- Federated Domain Name Service Using DNS Metazones - Paul Vixie
- Secure Domain Name System (DNS) Deployment Guide
- Passive Observations of a Large DNS Service: 2.5 Years in the Life of Google
- Nameserver Predelegation Check (German) - denic
- Beobachtungsmöglichkeiten im Domain Name System: Angriffe auf die Privatsphäre und Techniken zum Selbstdatenschutz - Dominik Herrmann (German)
- DNSSEC HOWTO - Olaf Kolkman
- Erkennung von Angriffsmustern in Passiv-DNS-Daten - Bachelorarbeit Nick Diedrich
- Counterfighting Counterfeit: detecting andtaking down fraudulent webshops at a ccTLD
- Development of the Domain Name System - Paul V. Mockapetris, Kevin J. Dunlap
- Now You See It, Now You Don't: A Large-scale Analysis of Early Domain Deletions
- Measuring DNS over TCP in the Era of Increasing DNS Response Sizes: A View from the Edge