Recent analysis of DNS data revealed some interesting pictures. Drilling down into detailed data for a single resolver showed one of the DDoS attacks that occur every day. In this case a small domain, 888fy.com, representing a gaming site in China (a common category of targets) was attacked. The graph below shows 2 different attacks, each lasting several hours.
A new variant of DNS amplification attack relies on home gateways with open DNS proxies to forward DNS queries to ISP resolvers. To launch this exploit attackers can deploy their exploit code anywhere on the Internet that allows address spoofing, a compromised server in a hosting facility for example. From there DNS queries can be targeted at any network with open home gateways. These queries enter ISP networks at border routers.
For network operators, recursive (caching) DNS is a critical service. Without good, fast DNS service, the Internet service appears slow and unresponsive. Caching DNS systems must also be capable of absorbing “spikes” in traffic which can occur for a multitude of reasons – peak loads, Internet events, DoS etc.