Defending Against DNS DDoS Attacks
If you are a service provider or an enterprise whose business depends on its Internet presence, the DNS is mission-critical infrastructure. If the DNS is down, your web servers are down, your email servers are down and your customers are down. For these organizations, a highly available DNS is not a convenience, it is a necessity.
Unfortunately, the growing prevalence and size of DDoS attacks on the DNS threatens the availability of this critical networking service. Independent research shows that 45% of service providers experience between 1 and 10 DDoS attacks per month, while 47% experience between 10 and 500 attacks per month or more.
The weakest link for most of these organizations is not bandwidth, but service availability. In the same study, 85% of respondents indicated that attack volume did not exceed the available bandwidth during a DDoS attack. Unfortunately, network services like the DNS can be easily compromised by targeted, low bandwidth attacks.
The Need
Typical solutions to DNS DDoS mitigation include over-provisioning bandwidth and DNS servers. Unfortunately, over-provisioning bandwidth does nothing for DNS availability if the service itself can be taken offline with a low bandwidth attack, and over-provisioning DNS servers can be costly and time intensive.
The Solution
Secure64 DNS Authority and
DNS Cache are authoritative and caching DNS software appliances that detect and mitigate high volume DDoS attacks without the need to overprovision servers. Third party tests have shown that these products can withstand DDoS attacks up to the saturation point of a gigabit Ethernet line with no loss of DNS availability. Secure64 DNS products allow you to:
- Ensure the availability of your DNS even while under high volume DDoS attacks
- Eliminate the need to overprovision your DNS infrastructure
- Eliminate the need for dedicated network security equipment to protect the DNS