How DNS Works (And Why Hackers Love It)

DNS is the phone book of the internet—and one of the most abused protocols in cybersecurity. Every time you type a URL, DNS is doing invisible work behind the scenes. And every time an attacker wants to exfiltrate data, establish command-and-control, or redirect traffic without triggering alarms, DNS is often the tool they reach for first. This session breaks down exactly how DNS works at the packet level and then flips the lens to show why it’s become one of hackers’ most reliable attack vectors—and what defenders can do about it.

What You’ll Learn

DNS seems simple on the surface—your computer asks for an IP address and gets one back. But the full resolution process involves recursive resolvers, authoritative name servers, caching, TTLs, and a chain of trust that attackers know how to abuse at every link. This session walks through the entire DNS resolution process step by step, then uses that foundation to explain exactly how DNS-based attacks work and why they’re so hard to detect.

You’ll learn how recursive and iterative DNS queries work and where the difference matters, what DNS tunneling is and how attackers use it to smuggle data past firewalls, how DNS cache poisoning and spoofing attacks are executed, and how DNSSEC works and why it’s still not universally adopted. We’ll also cover what defenders should be monitoring in DNS logs and which tools and techniques analysts use to catch DNS-based threats in the wild.

Who Should Attend

This session is designed for IT professionals and security practitioners who want to move beyond surface-level knowledge of DNS and understand it well enough to both explain and defend against DNS-based attacks. It’s particularly valuable for Network+ and CCNA candidates who encounter DNS on their exams but want to see how it plays out in real security contexts, as well as SOC analysts, network administrators, and anyone studying for Security+, CySA+, or CEH who wants to see protocol fundamentals applied to real-world attack scenarios.

Exclusive Benefits for Attendees

✦ Full recording of the session for future reference

✦ DNS attack reference guide covering tunneling, spoofing, and cache poisoning

✦ DNS monitoring and detection checklist for defenders

✦ Live Q&A with a certified networking and security instructor

✦ Certificate of Attendance for your professional records

“If you know the enemy and know yourself, you need not fear the result of a hundred battles.”

— Sun Tzu

Ready to Take the Next Step?

Build on what you learn in this session with Training Camp’s networking and cybersecurity certification programs—covering everything from foundational protocols to advanced threat detection.