What is a DNS flood: NXDOMAIN Flood?

  • Share via AddThis

The roadmap to every single computer on the Internet is held in DNS servers. The DNS NXDOMAIN flood attack attempts to make servers disappear from the Internet by making it impossible for clients to access the roadmap.

In this attack, the attacker floods the DNS server with requests for invalid or nonexistent records. The DNS server spends its time searching for something that doesn't exist instead of serving legitimate requests. The result is that the cache on the DNS server gets filled with bad requests, and clients can't find the servers they are looking for.

The DNS Express functionality in F5 BIG-IP DNS mitigates NXDOMAIN floods by retaining all the valid organization zone information, even during the flood. Nonexistent domains and servers are not logged or retained in the cache. This means that legitimate requests can still pull accurate information from the cache, since the cache is never flooded with bad data.