DNS Abuse Techniques Matrix

Tuesday, February 28th, 2023

The DNS Abuse SIG is very pleased to announce the publication of the DNS Abuse Techniques Matrix, the work of many months and a great number of people from various parts of the security and DNS worlds.

The aim of the document is to assist those who are experiencing DNS abuse, particularly incident responders and security teams. To quote from the document itself:

The advice currently takes the form of a matrix indicating whether a specific stakeholder can directly help with a specific technique. By “help”, we mean whether the stakeholder is in a position to detect, mitigate, or prevent the abuse technique. We have organized this information under three spreadsheets covering these incident response actions. For example, during an incident involving DNS cache poisoning, the team can go to the mitigation tab and look at the row for DNS cache poisoning, to find which stakeholders they might be able to contact to help mitigate the incident.

The DNS ecosystem is complex, with many stakeholders and operating models. Some of the techniques listed may have benign uses, so it's not as simple as “these techniques should never be allowed”. However, in the context of incident response, the assumption is that an incident is occurring, so therefore whatever techniques the adversary used to initiate or maintain that incident are malicious or are against the security policy of the organization, or both. Incident responders should adhere to responsible collection within their jurisdictional boundaries. The DNS Abuse SIG is agnostic as to whether any of the listed techniques are abusive of the DNS in general. This report is composed from the point of view of assuming that a technique is used maliciously in the particular incident, and therefore bringing light as to who can take action by detecting, mitigating, or preventing.

You can find a link on our homepage here:

or download it directly here:

Thanks to everyone who’s contributed - it’s the result of collaboration between a ton of people and we greatly appreciate all the hard work that’s gone into this.