DNS name resolution services are required both to maintain an internet presence as well as to access online resources. The Domain Name System, or DNS, which serves as the Internet’s address book, maps human-friendly names into IP addresses so that devices, applications, and services know how to find one-another. It is one of the core Internet services enabling the communications we take for granted countless times each day.
However, both authoritative and recursive DNS servers are frequently the target of disruptive DDoS attacks, and undefended DNS servers can also be abused for reflection-amplification DDoS attacks against any organization on the Internet, including that of their owners and operators.
Protecting the availability of DNS is key for any organization providing services or content across the Internet. If the DNS infrastructure is unavailable or slow, services depending on it will be impacted. This is why DNS infrastructure DDoS protection and mitigation are imperative to keeping these services available.
Defending DNS with Adaptive DDoS Protection
NETSCOUT has visibility into 50+ percent of all Internet traffic, seeing tens of millions of attacks per year. This threat data is collected in our ATLAS Threat Intelligence system which currently tracks over 1.3 million bots and 500,000 known abusable reflection and amplification systems actively participating in DDoS attacks around the globe.
Knowing the active DDoS participants provides faster detection of attacks, including those that may be below detectable thresholds. This allows for more specific mitigation capabilities instead of the broad, uninformed mitigation used once an attack is detected.
As DDoS attacks transform either through alternating attacking infrastructure, or a shift in the vectors of an attack, this transformation is tracked and mitigation follows it, learning as it progresses.
The intelligence of knowing the threat landscape, informing detection and mitigation, and learning as attacks transform is Adaptive DDoS Protection, which is paramount in providing precise and effective DNS DDoS mitigation.
Detecting and Mitigating DNS Water Torture or NXDOMAIN DDoS Attacks
Learn how NETSCOUT Arbor Edge Defense and Arbor Enterprise Manager can detect and mitigate a DNS Water Torture or NXDOMAIN DDoS Attack, through machine learning, smart rate limiting, threat intelligen
DNS-Specific DDoS Mitigations
DNS zone validation
DNS authentication
DNS malformed traffic detection
DNS regex matching
DNS and NXDOMAIN rate limiting
Protecting the Service that Enables the Internet
NETSCOUT Arbor DDoS Solutions provide detection and mitigation capabilities for any organization at any scale. Protect your DNS services from all types of attacks before user experience can be impacted.
Adaptive DDoS Protection
Adaptive DDoS Protection uses machine learning combined with known DDoS attack participants, and pre-configured objects and mitigation templates to enable precise, effective isolation and mitigation of attacks.
Service Providers
Data center operators and network providers need a defense that is effective, cost-efficient and easily managed. Arbor Threat Mitigation System (TMS) is the acknowledged leader in DDoS protection. More Service Providers, Cloud Providers and large Enterprises use Arbor TMS as a DDoS mitigator than any other solution to protect DNS services.
Enterprise
NETSCOUT Arbor Edge Defense (AED) is uniquely positioned on the network edge to provide an inline, always-on, first and last line of defense. Using stateless packet processing, continuous global threat intelligence, decades of DDoS protection and mitigation expertise, and patented adaptive DDoS defense technology, AED can protect your organization’s DNS infrastructure and services.