1 of 1 people found this helpful
It's a hash as you say (but not one we disclose the algorithm to though it is a derivative of something you'd recognize but with additional obfuscation), plus metadata as to the reason the hash is being queried. I agree if someone subverts your DNS they can override the result, but if you've lost control over DNS you have much bigger problems to deal with.
There are many ways to get to the GTI data - DNS is only one of them. Other methods have higher levels of authentication and security. The DNS method is really fast and lightweight though.