* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Ignite](https://www.paloaltonetworks.com/blog/category/ignite/)
* Ignite 2017 Open Seats: D...

# Ignite 2017 Open Seats: Deconstructing DNS: How Bad Guys Abuse DNS To Avoid Detection

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F05%2Fignite-2017-open-seats-deconstructing-dns-bad-guys-abuse-dns-avoid-detection%2F)  
[](https://twitter.com/share?text=Ignite+2017+Open+Seats%3A+Deconstructing+DNS%3A+How+Bad+Guys+Abuse+DNS+To+Avoid+Detection&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F05%2Fignite-2017-open-seats-deconstructing-dns-bad-guys-abuse-dns-avoid-detection%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2017%2F05%2Fignite-2017-open-seats-deconstructing-dns-bad-guys-abuse-dns-avoid-detection%2F&title=Ignite+2017+Open+Seats%3A+Deconstructing+DNS%3A+How+Bad+Guys+Abuse+DNS+To+Avoid+Detection&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2017/05/ignite-2017-open-seats-deconstructing-dns-bad-guys-abuse-dns-avoid-detection/&ts=markdown)  
\[\](mailto:?subject=Ignite 2017 Open Seats: Deconstructing DNS: How Bad Guys Abuse DNS To Avoid Detection)  
Link copied  
By [Anna Lough](https://www.paloaltonetworks.com/blog/author/anna-lough/?ts=markdown "Posts by Anna Lough")  
May 04, 2017  
2 minutes  
[Ignite](https://www.paloaltonetworks.com/blog/category/ignite/?ts=markdown)  
[DNS](https://www.paloaltonetworks.com/blog/tag/dns/?ts=markdown)  
[Ignite 2017](https://www.paloaltonetworks.com/blog/tag/ignite-2017/?ts=markdown)

Ignite '17 Security Conference is right around the corner. To get you ready for the premier security conference of the year, we'll be spotlighting our top session each day on the blog. [Register now](http://go.paloaltonetworks.com/ignite2017), seats fill up quickly!

To hide or reduce their digital trail, cybercriminals constantly buy and discard cheap domain names to use as part of their attack infrastructure. To stay ahead, brand management companies monitor daily zone files for potentially infringing base domain names. Yet the bad guys adapt and have learned to abuse DNS in new ways to avoid detection.

In this session, Internet pioneer and Farsight Security CEO and Cofounder Dr. Paul Vixie will examine the less-well monitored "dark corner" of the Internet where infringing names live created at the hostname (or "fully qualified domain name") level. By shifting the infringing mark from the base domain to the hostname, the bad guys can still efficiently attract potential visitors via search engines, but they can avoid getting flagged during daily zone file scans. From there, bad actors can use these infringing domains to lure unsuspecting users to fake websites to sell counterfeit goods, commit phishing attacks to secure entry into networks and more.

Dr. Vixie will discuss how passive DNS sheds light on these shady DNS cyberattack techniques. He will also discuss the challenges of monitoring the Internet's domain names on a per-host level, and illustrate solutions that are relevant to any brand owner or brand management consultancy.

*** ** * ** ***

[**Register for Ignite '17 Security Conference**](http://go.paloaltonetworks.com/ignite2017)  
*Vancouver, BC June 12--15, 2017*

Ignite '17 Security Conference is a live, four-day conference designed for today's security professionals. Hear from innovators and experts, gain real-world skills through hands-on sessions and interactive workshops, and find out how breach prevention is changing the security industry. Visit the [Ignite website](http://www.paloaltonetworksignite.com/) for more information on tracks, workshops and marquee sessions.

*** ** * ** ***

## Related Blogs

### [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Ignite](https://www.paloaltonetworks.com/blog/category/ignite/?ts=markdown)

[#### Ignite 2017 Is a Wrap!](https://www.paloaltonetworks.com/blog/2017/06/ignite-2017-wrap/)

### [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Ignite](https://www.paloaltonetworks.com/blog/category/ignite/?ts=markdown)

[#### Ignite 2017: Application Framework, Diversity Panel and More from Day 2](https://www.paloaltonetworks.com/blog/2017/06/ignite-2017-application-framework-diversity-panel-day-2/)

### [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Ignite](https://www.paloaltonetworks.com/blog/category/ignite/?ts=markdown)

[#### Welcome to Ignite 2017 Security Conference!](https://www.paloaltonetworks.com/blog/2017/06/welcome-ignite-2017-security-conference/)

### [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Ignite](https://www.paloaltonetworks.com/blog/category/ignite/?ts=markdown)

[#### Ignite Security Guardians Welcome You to Vancouver](https://www.paloaltonetworks.com/blog/2017/06/ignite-security-guardians-welcome-vancouver/)

### [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Ignite](https://www.paloaltonetworks.com/blog/category/ignite/?ts=markdown)

[#### Ignite 2017: Know Before You Go](https://www.paloaltonetworks.com/blog/2017/06/ignite-2017-know-go/)

### [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Ignite](https://www.paloaltonetworks.com/blog/category/ignite/?ts=markdown)

[#### Ignite 2017 PSA: Let Your Guardian Show You the Way](https://www.paloaltonetworks.com/blog/2017/06/ignite-2017-psa-let-guardian-show-way/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language