NOVEMBER 1, 2013
Although Domain Name System (DNS) plays a big role in consumers’ day-to-day Internet usage and is a critical factor when it comes to DDoS, DNS is rarely mentioned when distributed denial-of-service (DDoS) attacks are discussed. The following is a discussion of three ways your DNS can have an impact on DDoS attacks.
Impact Point #1 – Standalone DNS Servers Are Vulnerable To DDoS Attack
Many regular users may not even realize it, but DNS is one of the critical aspects of the Internet. DNS is known as the “phone book” to the Internet for a reason. DNS is essentially a worldwide repository of names that point to IP addresses where information gets served up to users. DNS allows users to type easy-to-remember names (“neustar.biz” or “neustar.com”) in their Web browsers to get to the Website or services they need.
While there are DNS standards and protocols that have been established to ensure uniform communication across the Internet, how each company chooses to implement their DNS is another story.
Many companies implement DNS by setting up several individual, stand-alone name servers (usually between two and four). For example, a company can set up two DNS servers (named “ns1.example.com” and “ns2.example.com”). Each name is mapped on a one-to-one basis to a physical server.
Unfortunately one-to-one setups lack redundancy, which means that if both DNS servers go down, customers would not be able to access the Website or any services that are hosted by those servers. Attackers are aware of this weakness, and can take advantage of the situation by launching DDoS attacks that target DNS servers. If attackers can successfully take down a company’s DNS servers, they have effectively taken down a company’s Website, email and other services.
It is worth noting that Internet service providers (ISP) frequently use this “one-to-one” approach with their DNS servers. If an attacker were to attack an ISP’s DNS server, the damage could potentially affect ALL customers who use the ISP to host their DNS.
Customers have different options to improve on this structure to improve redundancy, including adding more DNS servers to their network or outsourcing to a third party cloud DNS provider.
For more on how your DNS can have an impact on DDoS attacks, read the next two posts in this series:
- Impact Point #2: DNS Can Be Used To Launch DDoS Attacks
- Impact Point #3: DNS Can Be A Hinderance To Fast DDoS Protection