Abstract
DDoS attacks have been a problem since 2000. In October 2016, there was a major DDoS attack against the service provider Dyn’s DNS service, which took the service down. This was one of the largest bandwidth DDoS attack ever documented, with attack bandwidth over 650 Gbps. By taking down just Dyn’s DNS service, clients could not obtain the IP addresses, of the organizations hosting their DNS with Dyn, such as Twitter. Our contribution is that we have found a way to mitigate the effect of DDoS attacks against DNS services. We only require some very small algorithm changes, in the DNS protocol. More specifically, we propose to add two additional timers. Even if the end DNS clients don’t support these timers, they will receive our new functionality via the DNS resolvers and recursive servers. In summary, our contributions give much more control to the organizations, as to under which specific conditions the DNS cache entries should be aged or used. This allows the organization to (1) much more quickly expire client DNS caches and (2) to mitigate the DDoS DNS attack effects. Our contributions are also helpful to organizations, even if there are no DDoS DNS attack.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
