Lightboard Lessons: DNSSEC

Great questions...and thanks for asking! My intent during the "bad guy" discussion was to highlight the fact that an attacker could take control of a DNS server and change the IP address to something other than the real IP address. You are correct that this can be done by flooding a Local DNS server with incorrect responses faster than the correct response can arrive. Then, the Local DNS server will have the incorrect IP address for the duration of the Time to Live (TTL). The attacker could set up a website (potentially one that looks just like the real one) at that IP address and then the client would connect to the wrong site. This is all due to the fact that the DNS response wasn't validated as being correct. And, it's all because the attacker was able to exploit the DNS server by taking advantage of any number of potential open vulnerabilities on that server. Here's a little more info in case you want to dig a little further: http://www.howtogeek.com/161808/htg-explains-what-is-dns-cache-poisoning/