DNS Amplification Attack

A DNS amplification attack is a type of distributed denial-of-service (DDoS) attack that exploits open [[recursive-dns|DNS resolvers]] to flood a victim with traffic. Attackers spoof the victim's [[ip-address|IP address]] in UDP-based [[dns|DNS]] queries and send them to open resolvers, which then send large responses (often [[edns|EDNS]]-enabled or [[dnssec|DNSSEC]]-signed records that are hundreds of times larger than the query) directly to the victim. Amplification factors of 50x–70x are common, making these attacks highly bandwidth-efficient for the attacker. Mitigations include Response Rate Limiting (RRL) on authoritative servers, BCP38 ingress filtering to prevent IP spoofing, and restricting open recursive resolution to authorized clients only.