In a typical recursive DNS query, a client requests the resolution of a domain name or the reverse resolution of an IP address on a local DNS server. The DNS server performs the queries on behalf of the client and returns a response packet with the correct information or an error message. The specification does not allow for unsolicited responses. In a DNS amplification attack, the main indicator is a query response without a matching request.
Residing in front of a customer’s infrastructure1, Nexusguard DNS Protection Service replaces the DNS server by directly fetching zone records from the customer’s servers and hosting them in our globally distributed scrubbing centers. The client first has to change the nameservers for the domain and point the domain name to Nexusguard’s name servers, which can be accomplished at Nexusguard’s self-service Customer Portal.
As the destination for all incoming queries, Nexusguard’s cloud-based DNS servers absorb all DNS attacks, while filtering out malicious traffic from incoming queries. Your DNS servers never need to respond to any malicious DNS query — Nexusguard handles everything. Our service protects against direct attacks on DNS services, and abuses of server vulnerabilities as a leverage to launch DNS amplification attacks on other servers.