Skip to content

What is DNS Flood Attack?

DNS Flood is a form of distributed denial-of-service attack (DDoS), whereby an attacker tries to disrupt a particular DNS server and the services it supports, either a recursive or an authoritative one. This disruption enables the DNS flood attack to compromise a vast variety of Internet services, including website, streaming service, voice over IP or any web application’s capability to receive legitimate traffic.

DNS flood attacks mimic legitimate traffic, making them difficult to distinguish from normal heavy traffic which often comes from a multitude of unique locations, querying for real records on the domain.

How do DNS Flood Attacks work?

The objective of the DNS (Domain Name System) is to translate easy-to-remember names (e.g. efficientip.com) to hard-to-remember addresses of website servers (e.g. 192.168.0.1). Any successful attack on DNS infrastructure therefore makes the Internet unusable for the majority of persons. With the increase in high bandwidth IoT (Internet of Things) botnets such as Mirai, new types of DNS-based attack have proliferated, with DNS flood attacks being one of them. By making use of the high bandwidth connections of IoT devices like IP cameras, DVR boxes, DNS Flood Attacks are able to impact the DNS servers of major providers. Due to the huge volume of requests from the combined devices, the DNS provider’s services are overwhelmed, resulting in legitimate users being unable to access the DNS servers of the provider.

DNS flood attacks do have some similarities to DNS amplification attacks, which reflect and amplify traffic off unsecured DNS servers so as to hide the attack’s origin while increasing its effectiveness

How can you mitigate a DNS Flood Attack?

Compared to traditional amplification-based attack methods, DNS floods present a new challenge. Using high bandwidth botnets which are easily accessible, cybercriminals are now able to target large organizations. Any compromised IoT device needs to be updated or replaced, but until that happens the only way to withstand DNS flood attacks is by using a highly distributed DNS system capable of monitoring, absorbing, and blocking in real-time the attack traffic by analyzing client behavior to filter good from bad requests.