Chapter 14. DNS and DDoS Attacks
Because of the pivotal role DNS plays in all things internet, remember absolutely nothing happens without it, the DNS system provides a tempting attack vector to those bad actors who want to knock targets inoperable or offline.
If you take out somebody's authoritative nameservers, you take that somebody right off the internet.
Alas, DNS attacks against nameservers aren't exactly surgical strikes. As a rule, there is a lot of collateral damage.
Given a target domainexample.domusing nameservers:dns1.someisp.comanddns2.someisp.com, and someisp happens to have thousands, or even millions of other downstream domains on those same nameservers (and only those same nameservers). If the attackers are successful in knocking over those nameservers, not only will example.dom go offline, so will every other domain using the same nameserver set.
Statistically, your odds are very low that one of your domains will be the direct target of a DDoS attack.
However, the odds are comparatively...
