Why monitoring DNS client service?

Defense+ has the possibility to monitor (and then allow/block) usage of Microsoft DNS client service.
To my knowledge, this service allows to cache the domain-name / IP-address matching table provided by the DNS server itself.

Let’s assume a malware is running on my computer.
This malware uses DNS client service. So what?
Anyway useful (from malware standpoint) internet access will be blocked/allowed by the firewall part of Comodo.

Is there any risk to allow any process to use DNS client service?
Is there any need for Defense+ to monitor DNS client service access? ???

So no one knows why the Comodo developers spent time to code this feature?

He’s what CIS’s Help says about this setting…

[li]DNS/RPC Client Service - This setting alerts you if an application attempts to access the ‘Windows DNS service’ - possibly in order to launch a DNS recursion attack. A DNS recursion attack is a type of Distributed Denial of Service attack whereby an malicious entity sends several thousand spoofed requests to a DNS server. The requests are spoofed in that they appear to come from the target or ‘victim’ server but in fact come from different sources - often a network of ‘zombie’ PC’s which are sending out these requests without the owners knowledge. The DNS servers are tricked into sending all their replies to the victim server - overwhelming it with requests and causing it to crash. Leaving this setting enabled prevents malware from using the DNS Client Service to launch such an attack (Default = Enabled).


Does this answer you question?

Very clear. Thanks.
Sorry for not having read help. My fault.

There is no need to apologise, there’s a lot of information in CIS’s help.