Tuesday, December 11, 2012 1:54 AM
We have been noticing an increasing number of DDoS attacks against our DNS Server 2008 R2. Recursion is disabled, so we only give valid responses to zones that we are authoritative for.
My problem, is that we are receiving traffic floods on the order of 100 requests per second simultaneously from multiple sources. Since DNS responds with a non-authorative response effectively saying "that zone isn't here, go somewhere else" it still consumes resources. To combat this, I implemented a QoS policy for outbound traffic to limit the bandwidth, so other services on our network are not affected. The QoS policy works well, but I fear that some legitimate DNS requests may get lost as a result.
These malicious floods are querying for the same zone (isc.org) for which we are not authoritative.
Do you have any solution for this big problem? How Can I stop this attack without hardware firewall?
Monday, December 17, 2012 3:01 AMModerator
Thanks for your post.
I think we have not much option to prevent the DDoS attack by using the windows built-in feature however, we can use hardware or software based router or firewall devices (for example , TMG/ISA)and set it in front of server in order to protect it to against the attacks form internet.
Planning to protect against denial of service flood attacks
Trusted Proxy Servers Can Appear to be Launching Flood or DoS Attacks
Web Technologies: Can the Government Prevent a DDoS Attack?
TechNet Community Support
- Marked As Answer by Aiden_CaoMicrosoft Contingent Staff, Moderator Thursday, December 20, 2012 4:38 AM