I recall that subdomains are their own record inside a DNS, which would imply that anyone can claim that their server is a non-existent subdomain of the real domain
I recall that subdomains are their own record inside a DNS, which would imply that anyone can claim that their server is a non-existent subdomain of the real domain
The way DNS works, each dot is authoritative.
So if you want the IPv4 for scam.legitco.com, your computer contacts the authoritative DNS for “com” and asks it for the address for legitco’s DNS. You then contact legitco.com and ask it for scam’s IP. Which it won’t have.
This is simplified, because in reality there’s DNS caching and pooling, but that wouldn’t affect your scenario. Although, cache poisoning IS a thing, as is BGP hijacking where the IP of the DNS itself may get redirected to a different machine.