A DNS Flood Attack is a type of Denial of Service (DoS) attack where an overwhelmingly large number of requests are sent to a DNS server in order to overload it, this ultimately prevents legitimate requests from being able to be processed which may make users unable to access the websites or services of the domain names managed by the target server.
This type of attack is typically performed by many thousands of compromised devices all over the world making up part of large botnets running on anything from personal computers, servers, as well as IoT devices like home security cameras. Due to the variety of attacking client locations, this type of attack can be particularly hard to prevent as the malicious requests are hard to distinguish from legitimate requests.
DNS Flood Attacks can affect network providers, website owners, as well as end-users & customers.
Network Providers - The network providers operating the DNS servers which are under attack are the first to be affected, they are the ones who need to process the incoming requests and determine which ones should be responded to or which ones should be blocked. Providers under attack need to have enough resources to withstand these attacks until they stop.
Website Owners - Website owners and service providers (like VoIP or gaming servers) which are either the target of the attack or using the same DNS provider which is under attack may have their services inaccessible to customers and users until the attacks have been mitigated. This could result in loss of sales and increased support for existing users unable to access their resources.
Users & Customers - End users and customers of websites or services may be unable to access these services until the attacks have been mitigated.
A DNS Flood is performed by sending normal DNS requests to a server in huge quantities all at once. This is hard to do from a single source as it can be easily detected and mitigated so typically occurs from launching a coordinated attack from a large botnet of compromised devices located all around the world.
Detecting a DNS Flood attack can be quite tricky to do as it is very hard to distinguish the difference between real and malicious requests. It could be easy to at first think that if requests spike above the ordinary then maybe a DNS flood attack is underway, but this could also just be the result of a viral marketing campaign taking place.
It can be very difficult to stop a DNS flood as it is hard to separate good requests from the bad. Ultimately, the DNS servers responsible for handling the traffic need to have enough resources to absorb all the traffic, monitor and analyze it for signs of abuse and block requests in real time.
