Abstract
The Domain Name System (DNS) is a critical fundamental service of the Internet that provides mapping between domain names and IP addresses. In the past few years, distributed denial of service (DDoS) attacks aimed at core DNS servers have caused huge losses. In this paper, we present a simple, practical scheme that can significantly reduce the extent of the DNS DDoS attacks. Firstly, we support that DNS servers should not clean-up TTL-expired domain-name records in the cache when they detected that relevant DNS servers are unavailable. Secondly, according to the data of 7-day DNS trace collected from three different DNS servers on the Internet, it shows that the DNS can still work well during DDoS attacks with a simple modification of the caching behavior.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
