DNS & DDoS – What is the Vulnerability of DNS Servers to DDoS Attacks?

NOVEMBER 1, 2013
 by Donald, Technical Sales Engineer

Although Domain
Name System (DNS) plays a big role in consumers’ day-to-day Internet usage and is a critical factor when it comes to DDoS, DNS is rarely mentioned when distributed denial-of-service (DDoS) attacks are discussed.  The following is a discussion
of three ways your DNS can have an impact on DDoS attacks.

Impact Point #1 – Standalone DNS Servers Are Vulnerable To DDoS Attack

Many regular users may not even realize it, but DNS is one of the critical aspects of the Internet.  DNS is known as the “phone book” to the Internet for a reason. DNS is essentially a worldwide repository of names that point to IP addresses where information
gets served up to users. DNS allows users to type easy-to-remember names (“neustar.biz” or “neustar.com”) in their Web browsers to get to the Website or services they need.

While there are DNS standards and protocols that have been established to ensure uniform communication across the Internet, how each company chooses to implement their DNS is another story.

Many companies implement DNS by setting up several individual, stand-alone name servers (usually between two and four).  For example, a company can set up two DNS servers (named “ns1.example.com” and “ns2.example.com”).  Each name is mapped on a one-to-one
basis to a physical server.

Unfortunately one-to-one setups lack redundancy, which means that if both DNS servers go down, customers would not be able to access the Website or any services that are hosted by those servers.  Attackers are aware of this weakness, and can take advantage
of the situation by launching DDoS attacks that target DNS servers.  If attackers can successfully take down a company’s DNS servers, they have effectively taken down a company’s Website, email and other services.

It is worth noting that Internet
service providers (ISP) frequently use this “one-to-one” approach with their DNS servers.  If an attacker were to attack an ISP’s DNS server, the damage could potentially affect ALL customers who use the ISP to host their DNS.

Customers have different options to improve on this structure to improve redundancy, including adding more DNS servers to their network or outsourcing to a third party cloud DNS
provider.

For more on how your DNS can have an impact on DDoS attacks, read the next two posts in this series:

Impact Point #2: DNS
Can Be Used To Launch DDoS Attacks

Impact Point #3: DNS
Can Be A Hinderance To Fast DDoS Protection