DNS & DDoS – What is the Vulnerability of DNS Servers to DDoS Attacks?
2014-12-29 16:14
561 查看
NOVEMBER 1, 2013
by Donald, Technical Sales Engineer
Although Domain
Name System (DNS) plays a big role in consumers’ day-to-day Internet usage and is a critical factor when it comes to DDoS, DNS is rarely mentioned when distributed denial-of-service (DDoS) attacks are discussed. The following is a discussion
of three ways your DNS can have an impact on DDoS attacks.
Impact Point #1 – Standalone DNS Servers Are Vulnerable To DDoS Attack
Many regular users may not even realize it, but DNS is one of the critical aspects of the Internet. DNS is known as the “phone book” to the Internet for a reason. DNS is essentially a worldwide repository of names that point to IP addresses where informationgets served up to users. DNS allows users to type easy-to-remember names (“neustar.biz” or “neustar.com”) in their Web browsers to get to the Website or services they need.
While there are DNS standards and protocols that have been established to ensure uniform communication across the Internet, how each company chooses to implement their DNS is another story.
Many companies implement DNS by setting up several individual, stand-alone name servers (usually between two and four). For example, a company can set up two DNS servers (named “ns1.example.com” and “ns2.example.com”). Each name is mapped on a one-to-one
basis to a physical server.
Unfortunately one-to-one setups lack redundancy, which means that if both DNS servers go down, customers would not be able to access the Website or any services that are hosted by those servers. Attackers are aware of this weakness, and can take advantage
of the situation by launching DDoS attacks that target DNS servers. If attackers can successfully take down a company’s DNS servers, they have effectively taken down a company’s Website, email and other services.
It is worth noting that Internet
service providers (ISP) frequently use this “one-to-one” approach with their DNS servers. If an attacker were to attack an ISP’s DNS server, the damage could potentially affect ALL customers who use the ISP to host their DNS.
Customers have different options to improve on this structure to improve redundancy, including adding more DNS servers to their network or outsourcing to a third party cloud DNS
provider.
For more on how your DNS can have an impact on DDoS attacks, read the next two posts in this series:
Impact Point #2: DNS
Can Be Used To Launch DDoS Attacks
Impact Point #3: DNS
Can Be A Hinderance To Fast DDoS Protection
相关文章推荐
- How can I set the background of UITableView (the tableview style is "Grouped") to use an image?
- The stack 'CSTACK' is filled to 92% (368 bytes used out of 400). The warning threshold is set to 90.%
- 执行 maven 命令 报错Unable to add module to the current project as it is not of packaging type 'pom'
- Q:Is there any way to define what the "Open Resource" dialog in Eclipse should show?
- 'Operation is not valid due to the current state of the object' error during postback
- What is the Execution Context & Stack in JavaScript? -- To understand scope chain
- What is the easiest way of getting OpenLayers to configure itself for printing?
- What is the use of "?
- 错误整理:Unable to add module to the current project as it is not of packaging type 'pom'
- Unable to get value of the property '2': object is null or undefined
- [Quora] What is the most elegant line of code you've seen?
- what is the mean of "GPRINT Type" in cacti
- what is the difference of select single and select up to one row in abap
- 欧拉项目 Problem 12 of What is the value of the first triangle number to have over five hundred divisors
- What is the name of the “-->” operator?(Stackoverflow)
- What is the ARGB int encoding of pixels in Java's AWT?
- What's the effect of hashCode() & equals() when adding object to List/Set/Map
- CentOS6.0 安装VMWare tools遇到到问题“What is the location of the directory..."
- The stack 'CSTACK' is filled to 100% (4096 bytes used out of 4096) 错误解决
- bug:"Operation is not valid due to the current state of the object."