DNS Flood Attack – DNS servers are the roadmap of the internet that run a special-purpose networking software, feature a public IP address and contain a database of network names and addresses for Internet hosts. They communicate with each other using private network protocols and are organised in a hierarchy. In a DNS Flood type of a DDoS attack, an attacker targets one or more DNS servers and tries to overbear it with apparently valid traffic, overwhelming server resources and impeding the server’s ability to direct legitimate requests to zone resources (a DNS zone is a distinct portion of the domain name space in the Domain Name System).
DNS floods are symmetrical DDoS attacks that attempt to exhaust server-side assets (e.g., memory or CPU) with a flood of UDP requests, generated by scripts running on several compromised botnet machines. That’s why a DNS flood attack is sometimes referred to as a variant of a UDP flood attack. DNS servers rely on the UDP protocol for name resolution. To attack a DNS server with a DNS flood, the attacker runs a script, generally from multiple servers.
These scripts send malformed packets from spoofed IP addresses. Since these attacks require no response to be effective, the attacker can send packets that are neither accurate nor even correctly formatted. The attacker can spoof all packet information, including source IP and make it appear that the attack is coming from multiple sources.