Abstract
The Domain Name System (DNS) is a critical fundamental service of the Internet that provides mapping between domain names and IP addresses. In the past few years, distributed denial of service (DDoS) attacks aimed at core DNS servers have caused huge losses. In this paper, we present a simple, practical scheme that can significantly reduce the extent of the DNS DDoS attacks. Firstly, we support that DNS servers should not clean-up TTL-expired domain-name records in the cache when they detected that relevant DNS servers are unavailable. Secondly, according to the data of 7-day DNS trace collected from three different DNS servers on the Internet, it shows that the DNS can still work well during DDoS attacks with a simple modification of the caching behavior.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
