DNS (from Domain Name System) is a distributed computer system of servers which contains information about domains. Often, the protection of this system turns out to be forgotten.
Attackers can attack the DNS server responsible for storing information about the domains of this site - instead of attacking the site itself, which requires much more resource. In the case like that, users' browsers will not be able to determine the site’s IP address, and it becomes inaccessible.
An attacker can constantly generate DNS queries for a DNS server in order to exhaust its resource. This is not difficult: for each request the server spends thousand times more CPU resource than the client does – for creating one this request only. The UDP protocol does not verify the legitimacy of the connection, and this simplifies the forge of the outgoing address of requests. Since the packets appear to be perfectly legitimate, the NS server must respond to everything. Without special protection, the only way to neutralize such an attack is to increase the power of the NS servers.
In addition to the fact that the constant capacity increase of the DNS server turns problematic, such a server can itself be used by attackers to organize further DDoS attacks on other victims.
Qrator DNS
Qrator DNS is a distributed DNS server system provided on the base of the Qrator Labs cloud. Like all services running in the Qrator Labs cloud, Qrator DNS exploits full BGP-Anycast Technology, so all Qrator DNS NS servers have the same IP, regardless of their actual geographic location. As a result, the network has the following two key benefits.
How Qrator DNS works
Qrator DNS works in two options of the connection
Also, Qrator Labs can configure the transfer of the domain zone file from the client's main NS server, the address of which is no longer known to attackers (this configuration is called Hidden Primary).
Benefits of Resilient DNS from Qrator Labs