I should clarify I wasn’t a upper level sys admin managing those servers, I just used them or maintained accounts being a rank and file technician
While I get the fundamental concept of DNS as a phonebook for your IPs. I am not sure why it is joked around if something goes haywire or someone breaks something.
Is it because if you get no DNS, people can’t log in through their AD accounts, browse the Internet?
Afaik DNS is a bit of a rabbit hole topic, maybe that’s why people joke about it due to DNS being this “No one really knows how this magic name matching box works”?
Please correct me, I’d genuinely like to know why this is prevalent from you guys.
Our web servers are locked down in such a way that you can’t copy data off of them using standard protocols like scp, ftp, and even http, etc. Our firewall blocks all such outbound traffic.
This hacker found a bug in a framework used on our web servers that let him execute commands remotely. When commands to copy data off the server failed using those more typical methods he switched to a more novel (and difficult) method of leveraging DNS instead. He discovered we weren’t locking DNS down the same way we were locking other protocols down and used that as a way to extract data from our server.
Ah, ok, that makes sense! So there was a separate bug in the framework that granted him limited remote access, but because the server had tight control over outbound connections he had to use a novel way of getting the data back out
Basically: He crawled in through the sewer and then robbed the bank one stack of bills at a time via pigeon courier.