What Does Domain Name Server Amplification Attack Mean?
A domain name server amplification attack (DNS amplification attack) is a sophisticated type of distributed denial-of-service attack (DDoS) that involves sending massive amounts of incoming data to a server. Through spikes in network traffic, the intent is to make a system unavailable to legitimate users.
Techopedia Explains Domain Name Server Amplification Attack
Experts characterize DNS amplification attacks as techniques that use specific kinds of DNS query protocols and available hardware setups to plague a system with unnecessary incoming queries. Earlier and more primitive DNS amplification attacks sent individual requests to central network resources. Due to a lack of handshake authentication, these nodes would distribute requests to other network system devices. These kinds of attacks have largely been prevented through modern network administration.
Newer types of DNS amplification attacks involve DNS servers known as open resolvers. The idea is that Internet service providers (ISP) typically assign clients these DNS servers, which help hand out IP address information. A common DNS amplification attack technique involves forging packet headers and otherwise tricking DNS servers into catching up with a large volume of illegal IP traffic and serving queries that are not authentic but intended as part of the DDoS attack.
Attackers also can send specific types of queries that require a more substantial response from DNS servers. For example, a query may ask for a large collection of DNS records. Experts also have noted that these “open resolvers” are set up incorrectly and should not be set up to answer queries indiscriminately. By closing these kinds of security loopholes, a network can protect itself against common types of DNS amplification attacks and similar DDoS attacks.
