Factsheet DNS amplification

DDoS-attacks have been hitting headlines the last year. In some of these attacks, attackers use a technique called DNS amplification. This factsheet will help network administrators in preventing DNS amplification attacks via their systems.

In a DNS amplification attack, the attacker abuses unprotected DNS servers, referred to as open DNS resolvers, which are accessible through the internet. The open DNS resolver is leveraged to send large amounts of traffic to the target of the DDoS attack.

Administrators of open DNS resolvers play a key role in preventing DNS amplification attacks. When they protect their DNS servers, attackers are no longer able to execute an attack via their DNS servers. This factsheet describes the steps a network administrator can take to prevent their systems from unknowingly cooperating in a DDoS attack using DNS amplification.

This document is currently under revision, which means that the document has not been reviewed or changed in the past year. As a result, the content of the document may not be up-to-date. The NCSC intends to update this product in the near future.