DNS servers can be subject to attacks that deny access to domains, overwhelm servers with traffic or take over DNS infrastructure. DNS providers such as IBM® NS1 Connect offer managed DNS services to protect against these types of attacks.
Common types of DNS attacks include:
Flood attack
Distributed denial of service (DDoS) attacks overwhelm authoritative name servers with a flood of traffic. Authoritative servers are unable to fulfill legitimate DNS queries because they are inundated with malicious traffic.
Random subdomain attack
This is a denial of service attack that's also referred to as a NXDomain attack. This attack sends authoritative name servers requests for nonexistence subdomains making them unable to respond to real queries.
DNS amplification attack (DNS flood)
A tool to amplify DDoS attacks, DNS floods can cause disruption by artificially inflating the workload DNS servers must execute to complete a query.
Cache poisoning
In this attack forged DNS data infiltrates the cache of a DNS resolver creating an incorrect IP address for a domain that brings users to an unexpected website. These websites can subject users to malware or phishing attempts.
DNS protocol attacks
An attack that targets DNS servers by causing them to process malformed packets. This makes them unable to process legitimate queries.
BGP hijacking attack
This attack reroutes users through the Boarder Gateway Protocol (BGP) from legitimate domains to ones that are often set up for malicious purposes.
DNS tunneling
In this attack DNS infrastructure becomes a pathway to pass malware or stolen data past a firewall.
DNS hijacking (credential theft)
This is an attack that alters or destroys DNS zone data by gaining unauthorized access the management of DNS servers.
Domain theft
In a domain theft,attackers take ownership of a domain name through unauthorized access to the registrar of a domain.