One thing that could threaten your online presence are DNS DDoS attacks. DNS is a critical component of the Internet that translates domain names into IP addresses. Without DNS, it would be impossible to access websites using domain names. A DNS DDoS (distributed denial-of-service) attack is a type of cyber attack that works by overwhelming an organization’s authoritative DNS server with a flood of requests, rendering the server unable to respond to legitimate requests. This surge can cause websites to slow down or even become unavailable, resulting in disruption of services to end users, and lost revenue and reputation damage for the business.
We all still remember the Dyn attack of 2016, where the Internet infrastructure company that hosted authoritative DNS for several Internet domains was impacted by a DDoS attack, affecting availability of many popular websites and online services. Well, DNS DDoS attacks have been on the rise again recently. According to this Fast Company article, there has been a 243% increase in sophisticated DNS attacks since 2019.
Types of DNS DDoS Attacks
All DNS DDoS attacks are not created equal. Each type of attack has a different technique and can cause varying degrees of impact.
- DNS reflection/DDoS attacks—These volumetric attacks use third-party DNS servers (open resolvers) to propagate a DoS or DDoS attack.
- DNS amplification—This uses a specially crafted query to create an amplified response to flood the victim with traffic.
- TCP/UDP/ICMP floods—These are denial-of-service attacks on layer 3 to bring a network or service down by flooding it with large amounts of traffic.
- NXDOMAIN—These attacks flood the DNS server with requests for non-existent domains, causing cache saturation and slower response times.
- Random sub-domain (slow drip attacks)/domain lock-up attacks/phantom domain attacks—These low-volume stealth attacks flood the DNS server with requests for phantom or misbehaving domains that are set up as part of the attack, causing resource exhaustion, cache saturation, outbound query limit exhaustion, and degraded performance.
- DNS-based exploits—These are attacks that exploit vulnerabilities in the DNS software.
- DNS cache poisoning—These attacks corrupt the DNS cache data with a rogue address.
- Protocol anomalies—These attacks cause the server to crash by sending malformed packets and queries.
- Reconnaissance—These are attempts by hackers to get information on the network environment before launching a large DDoS or other type of attack.
- DNS hijacking—These attacks override domain registration information to point to a rogue DNS server.
- Data exfiltration (using known tunnels)—These attacks involve tunneling another protocol through DNS port 53 to exfiltrate data.
Protecting Uptime With Built-In DNS DDoS Defense
If you are hosting your own authoritative DNS, use DNS infrastructure that has built-in DDoS mitigation to stay resilient even when there is an attack. The solution should block against not only volumetric attacks but also DNS specific exploits and DNS hijacking to cover all aspects of protection.
Infoblox Advanced DNS Protection is a DNS DDoS mitigation solution available on Infoblox DNS servers, that effectively shields you from the widest range of DNS attacks, such as volumetric attacks, NXDOMAIN, exploits and more. Instead of just relying on infrastructure overprovisioning or simple rate-response limiting, the solution intelligently detects and mitigates DNS attacks using signature based methods and constantly updated threat intelligence, without the need to apply security patches. In addition, it provides easy-to-access reporting on the attacks, so that the admin knows the type and impact of the attacks.
Using Hybrid External DNS
If your authoritative DNS is hosted by a third party provider, it’s not a good idea to solely rely on that hosting provider for your external DNS presence. Employ a hybrid external DNS approach, where on-premises DNS appliances are used in combination with the DNS hosting provider to support external authoritative service. This approach helps ensure that if the hosting provider’s DNS service goes down, you still have the on-premises DNS servers as a fallback to minimize any disruptions. A hybrid approach enables organizations to retain control of their DNS and provides redundancy.
Don’t leave your online presence to chance. Bolster your DNS defenses for maximum uptime everytime.