NS Record Takeover

How do attackers leverage your NS records to perform a man-in-the-middle attack, and how can organizations protect themselves?

  • Recently a number of cyberattacks were performed on government agencies where changes were made to NS records. This allowed attackers to intercept any communication made for those zones while their victims were completely unaware. By leveraging their own DNS servers and general https certificates they managed to position them in between any user and the final resource in the victim’s domains. By using Infoblox’s NS record monitoring you can be alerted whenever an unauthorized change is made to your NS records at your registrar.
Back To Top