Investigating the impact of DDoS attacks on DNS infrastructure

Raffaele Sommese, Kimberley Claffy, Roland Martijn van Rijswijk - Deij, Arnab Chattopadhyay, Alberto Dainotti, Anna Sperotto, Mattijs Jonker

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

2 Citations (Scopus)
71 Downloads (Pure)


Denial of Service (DDoS) attacks both abuse and target core Internet infrastructures and services, including the Domain Name System (DNS). To characterize recent DDoS attacks against authoritative DNS infrastructure, we join two existing data sets – DoS activity inferred from a sizable darknet, and contemporaneous DNS measurement data – for a 17-month period (Nov. 20 - Mar. 22). Our measurements reveal evidence that millions of domains (up to 5% of the DNS namespace) experienced a DoS attack during our observation window. Most attacks did not substantially harm DNS performance, but in some cases we saw 100-fold increases in DNS resolution time, or complete unreachability. Our measurements captured a devastating attack against a large provider in the Netherlands (TransIP), and attacks against Russian infrastructure. Our data corroborates the value of known best practices to improve DNS resilience to attacks, including the use of anycast and topological redundancy in nameserver infrastructure. We discuss the strengths and weaknesses of our data sets for DDoS tracking and impact on the DNS, and promising next steps to improve our understanding of the evolving DDoS ecosystem.

Original languageEnglish
Title of host publicationProceedings of the 22nd ACM Internet Measurement Conference
PublisherAssociation for Computing Machinery
Number of pages14
ISBN (Electronic)9781450392594
Publication statusPublished - 25 Oct 2022
Event22nd ACM Internet Measurement Conference, IMC 2022 - Nice, France
Duration: 25 Oct 202227 Oct 2022
Conference number: 22


Conference22nd ACM Internet Measurement Conference, IMC 2022
Abbreviated titleIMC 2022
Internet address


Dive into the research topics of 'Investigating the impact of DDoS attacks on DNS infrastructure'. Together they form a unique fingerprint.

Cite this