Security

Common Threats to Authoritative DNS 

Definition 

  • Authoritative DNS: DNS that holds actual domain name information 
  • DNS resolvers: DNS server that receives DNS request and asks a Authoritative DNS for resolution. 

Threats 

  • DISTRIBUTED DENIAL OF SERVICE (DDOS): Attackers use botnets to flood DNS servers with massive amounts of traffic. 
  • DNS SPOOFING AND CACHE POISONING: Attackers send a series of requests + fake responses to the domain resolvers. If a fake response gets accepted by the resolver before a response from a legitimate authoritative server gets to that resolver, that fake information is cached (poisoning the resolver cache).
Protections
  • AnyCast Network architecture
  • DNS Replication
  • Domain Name System Security Extensions (DNSSEC)
 

No comments: