MoinQ:

1. 対策

https://www.netscout.com/what-is-ddos/dns-nxdomain-flood

1.1. NETSCOUT

How to Mitigate and Prevent a DNS NXDOMAIN Flood DDoS Attack

Conducting regular DNS audits is crucial for mitigating such attacks.

Monitoring DNS servers and traffic, can deter malicious attacks against the network.

Additional steps include: (一見対策に見えるが、どうなのか。-- ToshinoriMaeno 2023-05-12 07:41:55)

    Automatically blackhole suspect domains and servers
    Implement DNS Response Rate Limiting
    Examine the behavior of a client. 
      If a client generates a high rate of NXDOMAIN, NXRRset, or SRVFAIL responses, 
      block requests from that client’s IP address for a configurable period of time.
    Be sure that cache refresh takes place, ensuring continuous service
    Lower the timeout for recursive name lookup to free up resources in the DNS resolver, 
      thus preventing simultaneous outstanding DNS queries from maxing out
    Increase the TTL on existing records as this will ensure records are kept longer
     in external DNS caches, making it less likely that those records will have to be updated
    Apply rate limiting on traffic to overwhelmed servers

1.2. HC3: Sector Alert

Mitigations and Recommended Actions

HC3 encourages organizations to remain cautious when blocking IPs, because this could result in legitimate users being prevented from accessing public services. According to NETSCOUT, there are several mitigations available for DNS NXDOMAIN Flood DDoS Attacks:

• Blackhole routing/filtering suspected domains and servers
• Implement DNS Response Rate Limiting
• Block requests from the client’s IP address for a configurable period of time
• Be sure that cache refresh takes place, ensuring continuous service
• Lower the timeout for recursive name lookup to free up resources in the DNS resolver
• Increase the time-to-live (TTL) on existing records
• Apply rate limiting on traffic to overwhelmed servers


CategoryDns CategoryWatch CategoryTemplate

MoinQ: DDoS/対策/netscout (last edited 2023-05-12 07:42:45 by ToshinoriMaeno)