When you browse the internet, you don’t write IP addresses to go to the pages you want; you just write the domain. In the “backstage”, every request that you do, passes through a DNS query. It first goes to your internet provider’s recursive DNS server. If it can’t find in the cache, the information needed, it will continue to other recursive servers until it gets to an authoritative DNS server who can give the IP address of the required domain. Basically, it is a name server, that is a middle-man between you, the user, and the authoritative DNS server.
Tasks of the recursive DNS server:
1. Checks if the IP address is stored in the cache memory. There is a certain period of time, pre-defined by the domain’s owner called Time to Live or TTL. It says for how long the recursive server can hold the information. If it is still there, it will return the answer fast and won’t take further actions. 2. Searches for the IP address elsewhere. If it is not in the cache, it will continue the searching process until it gets to an authoritative server which has the information.
DDoS attacks are getting stronger, and they happen more often every year. With the technology advance, there are many more connected devices out there. Billions of mobile phones and many “smart” connected gadgets are easily hackable. As IoT (internet of things) is getting more popular, but not secure enough, this danger will keep rising.
These attacks usually use the UDP protocol. It is a simple connectionless communication model with a minimum of protocol mechanism. This means that one of the sides in the communication can send large amount to the other without restrictions. Without any confirmation and it doesn’t matter if the second side receive the data.
Due to the way the UDP protocol works, cyber-criminals use it to generate DDoS amplification attacks. The attacker sends a small UDP request with a spoofed IP address of the victim to public services.
The UDP protocol doesn’t require a connection verification between the parties. This is why the public services reply with the requested data to the IP address of the victim. As bigger is the data returned by exploited public service, bigger is the DDoS amplification factor.
DNS is the backbone of the internet. It connects all the users to the content they need. It is a constant exchange of information, but sometimes the DNS fails and this cause downtime. A blackout period that can be evaded by using a backup DNS.
Backup DNS, also known as Secondary DNS or alternative DNS is a system of one or more DNS servers, who have a copy of the zone data (DNS records) of the Master (Primary) DNS server. It adds resilience, reduce the outage periods by answering requests even if the Master is down.
It is easy to set up, and it can save you tons of problems. If your Master DNS got damaged and lost the information, you would still have a copy in your Backup DNS.
What is the worst that can happen? Dyn DNS attack of 2016