Domain Name System Servers Withstand Massive Attack
December 15, 2015
Most of the world wouldn't have been aware of it, but in late November, unknown parties tried to break the Internet by overwhelming its root DNS (Domain Name System) servers.
While some aspects of DNS are located on millions of servers around the world, the root servers play a crucial overall role. There are in excess of 300 root servers scattered throughout the world; reachable via 13 unique numeric IP addresses.
The failure of an individual server is no biggie as queries can be answered by a different server responding to the same address. If a full cluster of servers on one IP address fails, then there are clusters of servers on 12 other IP's to take care of things.
Even if all 13 addresses failed to respond, DNS servers provided by a user's ISP respond to requests - and these are most often utilised in normal circumstances. However, these servers do need regular updating by the root servers to continue functioning entirely as they should.
The resilience of DNS was severely tested recently with a Distributed Denial of Service (DDOS) attack. In a DDoS, multiple compromised systems are used to target a single system by flooding the target with requests.
".. on the last day of November 2015, and the first day of December, that reached 5,000,000 bogus requests per second per root server letter," says Paul Ducklin's post on Sophos' Naked Security.
"The total attack time was just under four hours, so the DNS root servers would have experienced close to 1 trillion (1012) bogus requests during the two attack windows."
The DNS root server operators say the attacks didn't cause any serious damage, but just delays for some users in accessing online resources.
Chances of catching the perpetrators is small, but this real-world test provides some reassurance as to the stability of the Internet's Domain Name System.
"The DNS root name server system functioned as designed, demonstrating, overall robustness in the face of large-scale traffic floods observed at numerous DNS root name servers," reported Root Server Operators.
Have a web site or blog? Get our free domain news widget.
How to register a name: Enter your choice in the search tool and click 'GO'. If after the check the domain names search results show your choice is available, you will then have the option to proceed to purchase registration; which is a very quick and easy process - start a search and find your ideal website address now.