AdvancedScenario
15 min
DNS Amplification DDoS Attack
DNSSecurityDDoS
Advertisement
Interview Question
Your DNS servers are overloaded with suspicious traffic patterns resembling amplification. How do you detect, mitigate, and protect?
Key Points to Cover
- Identify traffic patterns and QPS spikes via logs/metrics
- Confirm reflection/amplification from open resolvers
- Rate-limit or block malicious sources at firewall/CDN
- Engage provider DDoS mitigation services
- Harden DNS infra: anycast, caching, restrict recursion
Evaluation Rubric
Detects attack via DNS metrics/logs30% weight
Applies rate limits or DDoS controls30% weight
Uses provider mitigation effectively20% weight
Mentions long-term DNS hardening20% weight
Hints
- 💡Look for large response-to-query ratios.
Potential Follow-up Questions
- ❓How to configure response rate limiting?
- ❓How to test DDoS readiness?
Advertisement