NXNS

TIME_WAIT and Sockstress don’t translate directly to UDP DNS, but DNS has its own state surface. Recursive-client tables, pending-query slots, TCP/853 (DoT) and TCP/443 (DoH) sockets, delegation chains, and DNSSEC validation state are all exhaustible. This post covers water torture, NXNS, TsuNAME, NRDelegation, and the operational defaults that make DNS a softer target than HTTP.