Skip to content
Log in

Fast-flux

Definition

An evasion technique in which a domain's A records cycle through a large pool of IP addresses with very short TTL values. Double-flux additionally rotates the NS records. Both techniques make takedown significantly harder.

Related terms

A record
A DNS resource record that maps a domain name to an IPv4 address. The primary attribution record in most investigations. An AAAA...
DNS tunnelling
Encoding data inside DNS queries and responses to exfiltrate information or carry command-and-control traffic through a network that permits DNS but blocks...
Domain generation algorithm (DGA)
Code embedded in malware that produces a large set of pseudo-random domain names on a scheduled basis. The malware tries each until...
Passive DNS
A historical database of DNS resolutions collected by sensors at recursive resolvers or network taps. Passive DNS shows which IP addresses a...
WHOIS
A query protocol that returns registration data for a domain, including registrant name, organisation, email, nameservers, and registration and expiry dates. Since...

Explained in

  • DNS and Domain InvestigationAn evasion technique in which a domain's A records cycle through a large pool of IP addresses with very short TTL values. Double-flux additionally rotates the...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account