Prevention : The entity has the capability to prevent the threat : The entity lacks the capability to prevent the threat Registrars Registries Authoritative Operators Domain name resellers Recursive Operators Network Operators Application Service Provider Hosting Provider Threat Intelligence Provider Device, OS, & Application Software Developers Domain Registrants End User Law Enforcement and Public Safety Authorities CSIRTs / ISACs Incident responder DGAs N/A Domain name compromise Lame delegations DNS cache poisoning DNS rebinding DNS server compromise Stub resolver hijacking Local recursive resolver hijacking On-path DNS attack DoS against the DNS DNS as a vector for DoS Dynamic DNS resolution (as obfuscation technique) Dynamic DNS resolution: Fast flux (as obfuscation technique) Infiltration and exfiltration via the DNS Malicious registration of (effective) second level domains N/A Creation of malicious subdomains under dynamic DNS providers N/A Compromise of a non-DNS server to conduct abuse Spoofing or otherwise using unregistered domain names Spoofing of a registered domain (for abuse) N/A DNS tunneling - tunneling another protocol over DNS DNS beacons - C2 communication