Oct 13 – 14, 2018
Okura Hotel
Europe/Amsterdam timezone

When the Dike Breaks: Dissecting DNS Defenses During DDoS

Oct 14, 2018, 11:30 AM
Heian I/II (Okura Hotel)

Heian I/II

Okura Hotel

Ferdinand Bolstraat 333 1072 LH Amsterdam NL
Standard Presentation Public Workshop Joint OARC & CENTR-Tech Public Workshop


Giovane Moura (SIDN Labs)




The Internet’s Domain Name System (DNS) is a frequent target of
Distributed Denial-of-Service (DDoS) attacks, but such attacks have had
very different outcomes—some attacks have disabled major public
websites, while the external effects of other attacks have been minimal.
While on one hand the DNS protocol is a relatively simple, the system
has many moving parts, with multiple levels of caching and retries and
replicated servers. This paper uses controlled experiments to examine
how these mechanisms affect DNS resilience and latency, exploring both
the client side’s DNS user experience, and server-side traffic. We
find that, for about 30% of clients, caching is not effective. However,
when caches are full they allow about half of clients to ride out server
outages. Caching and retries together allow up to half of the clients to
tolerate DDoS attacks that result in 90% query loss, and almost all
clients to tolerate attacks resulting in 50% packet loss. While clients
may get service during an attack, tail-latency increases for clients.
For servers, retries during DDoS attacks increase normal traffic up to
$8\times$. Our findings about caching and retries help explain why users
see service outages from real-world DDoS events, but minimal visible
effects from others.

Talk Duration 30 Minutes

Primary authors

Giovane Moura (SIDN Labs) Moritz Müller (SIDN) Ricardo Schmidt (University of Twente) John Heidemann (USC/Information Sciences Institute)

Presentation materials