A phantom domain attack happens when the attacker sets up "phantom" domains that do not respond to DNS queries. Under normal circumstances, the DNS recursive server contacts authoritative servers to resolve recursive queries. When phantom domain attacks happen, the recursive server continues to query non-responsive servers, which causes the recursive server to spend valuable resources waiting for responses. When resources are fully consumed, the DNS recursive server may drop legitimate queries, causing serious performance issues.
NIOS provides a few configurable parameters for mitigating phantom domain attacks in which recursive server continues to query non-responsive servers. Before you configure any of the parameters for mitigating phantom domain attacks, review the guidelines that might help you understand the relationship between these parameters. For information, see the Guidelines for Mitigating Phantom Domain Attacks section.
To configure parameters for mitigating phantom domain attacks, see the Configuring Parameters for Mitigating Phantom Domain Attacks section.
All events related to these operations are logged to the syslog. For information about the syslog and how to use it, see Using a Syslog Server.
...
| Note | ||
|---|---|---|
| ||
Updating the parameter values for mitigating phantom domain attacks takes effect immediately through Grid replication. However, for these values to be updated in the named.conf file, you need to restart the DNS service. To restart the member service, see Restarting Services. |
...