Security

Common Threats to Authoritative DNS 

Definition 

• Authoritative DNS: DNS that holds actual domain name information 
• DNS resolvers: DNS server that receives DNS request and asks a Authoritative DNS for resolution. 

Threats 

• DISTRIBUTED DENIAL OF SERVICE (DDOS): Attackers use botnets to flood DNS servers with massive amounts of traffic. 
• DNS SPOOFING AND CACHE POISONING: Attackers send a series of requests + fake responses to the domain resolvers. If a fake response gets accepted by the resolver before a response from a legitimate authoritative server gets to that resolver, that fake information is cached (poisoning the resolver cache).

Protections

• AnyCast Network architecture
• DNS Replication
• Domain Name System Security Extensions (DNSSEC)