Use of an unregistered domain
This is the use of a domain in a context where a domain name is expected (such as the From header in mail or a URL in a web page or message body), and providing an unregistered domain name.
An unregistered domain in this context is any domain which does not exist in the DNS. Registrars can “register” a domain, but still not publish it in the parent registry, however it is effectively the same.
It should be noted that use of an unregistered domain is not always technically “DNS Abuse”. However, due to this technique’s relation to and interaction with the DNS, it is considered useful to include advice as a category to aid incident responders and security teams in their work.
Abuse of this type also includes deliberately invalid queries to a DNS server to generate NXDOMAIN responses. This is also known as a “water torture attack”, where resources are expended as part of an attack. NSEC3 exacerbates this due to the increased resources needed for generating hashes.
Another use of unregistered domains is with DGA, where a piece of malware may generate a list of thousands of domains which are potentially their Command and Control server, but only one or a few are actually registered. See also: Domain Generation Algorithms.