This paper substantiates a threat model for implementing attacking scenarios on the Domain Name System (DNS) network service, taking into account current vulnerabilities in order to develop measures to ensure information security of a controlled information and telecommunications network (ITCS), namely, timely response to computer information security incidents (IS). The data obtained allows us to more fully describe the profiles of network objects that use the DNS service to identify the states of the monitored infrastructure. The use of this model can expand the capabilities of tools for detecting and preventing intruder attack scenarios