The original DNS protocol (RFC 1035, 1987) includes no authentication or integrity verification. - **It uses UDP** — Most DNS queries use UDP, which is trivially spoofable since there is no handshake. - **It is hierarchical** — Compromising a single DNS server can affect all clients that rely on it.