DNS and Network-Flood Threats

DNS is a tempting target for attacks given that it is a core Internet service. Attackers can send malformed DNS queries or DNS responses to the targeted server, hoping to exploit bugs in its DNS implementation. Other variants include code insertion, buffer overflows, memory corruption, NULL pointer dereferencing, and specific vulnerability exploits.
DNS attacks tend to follow specific patterns but can be difficult to deal with using only rate-limiting techniques, because of the sheer scale of many recent attacks. DNS threat protection is designed to grow and expand over time, through threat protection rule updates, to deal with both outside-in and inside-out attacks on network infrastructure and Internet services.
Following are some of the network-flood attacks that can target your DNS caching and authoritative servers:

• Internet Control Message Protocol (ICMP) Flood
• SYN Flood
• UDP DNS Flood
• Inside-Out Attacks
• DNS Cache Poisoning
• DNS Reflection and Amplification Attacks
• DNS Malware
• DNS Domain Hijacking