Security
Common Threats to Authoritative DNS
Definition
- Authoritative DNS: DNS that holds actual domain name information
- DNS resolvers: DNS server that receives DNS request and asks a Authoritative DNS for resolution.
Threats
- DISTRIBUTED DENIAL OF SERVICE (DDOS): Attackers use botnets to flood DNS servers with massive amounts of traffic.
- DNS SPOOFING AND CACHE POISONING: Attackers send a series of requests + fake responses to the domain resolvers. If a fake response gets accepted by the resolver before a response from a legitimate authoritative server gets to that resolver, that fake information is cached (poisoning the resolver cache).
Protections
- AnyCast Network architecture
- DNS Replication
- Domain Name System Security Extensions (DNSSEC)
No comments:
Post a Comment