[dns-operations] solutions for DDoS mitigation of DNS
klaus.mailinglists at pernau.at
Thu Apr 2 10:43:16 UTC 2020
Am 02.04.2020 um 05:51 schrieb Tessa Plum:
> Hello Paul
> We were under some attack like UDP flood to the authority servers, there
> were a lot of UDP requests flooding to the servers. The traffic size was
> about 20Gbps last time as I have said in last message. The clients seem
> using spoofed IP addresses.
Was it a) just some DNS traffic filling the upstream bandwidth, or was
it b) legitim DNS requests to existing domains (or ie random subdomains)?
For a) you can use any DDoS Mitigation used for any service.
For b) you need some advanced techniques, ie. filtering with dnsdist, or
if you can detect some pattern to identify the DDoS packets, you can use
BPF filter to filter out such traffic bevor hitting your name server.
So what was the bottleneck? I.e. if you use PowerDNS with DB backend you
quite early hit the limit with random subdomains, which are not a
problem if you use NSD for example. To mitigation such traffic patterns
for example we use dnsdist with 2 backends, PowerDNS for nomarl zones
and NSD for zones which are quite often under attack.
More information about the dns-operations