03-08-2018 09:03 PM
I want to know the DNS DDoS architecture of Infoblox NIOS Devices.
- How they know the DNS DDoS attack? (most device knows the attack according to baseline. I wish infoblox has some intelligent feature for DNS DDoS)
- How they mitigate?
- How they report?
If u have some favorite link, feel free to comment.
Thanks. Have a nice day.
03-09-2018 03:37 AM
You can find this piece of information from the NIOS administrator guide. Infoblox provides the following features to detect and mitigate DNS DDoS attacks, such as NXDOMAIN attacks:
- Automated mitigation of phantom domain attacks (a subset of NXDOMAIN attacks), as described in ‘Automated Mitigation of Phantom Domain Attacks’ section of the NIOS administrator guide.
- Configurable parameters used to detect possible NXDOMAIN attacks, as described in ‘Detecting NXDOMAIN Attacks’ section of the NIOS administrator guide.
- Mitigation of NXDOMAIN responses by removing the LRU (Least Recently Used) items from the list of NX (non-existent) RRsets. The appliance uses the LRU list to select entries for removal from the cache when the cache utilization exceeds the allowed threshold. For more information, see ‘Mitigating Possible NXDOMAIN Attacks’ section from the NIOS administrator guide.
- CLI commands for configuring RRL (Response Rate Limiting) to mitigate DNS DDoS attacks by reducing the rate at which authoritative servers respond to high volumes of malicious queries, as described in ‘Support for RRL (Response Rate Limiting)’ section of the NIOS administrator guide.
In addition to this, Infoblox also offers the following security features to fully protect your DNS infrastructure and implementation :
- Infoblox ADP solution. Read through chapter ‘Infoblox Advanced DNS Protection’ from the NIOS administrator guide.
- Our DNS firewall solution. See chapter ‘Infoblox DNS Firewall’ from the NIOS administrator guide.
- Threat insight or analytics solution. See chapter ‘Infoblox Threat Insight’ from the NIOS administrator guide.
There are different reports available in Infoblox reporting & analytics solution which would help administrators to review DNS security related data. In case if you are planning to implement DNS security features/configuration in your Infoblox infrastructure, I recommend you to work with your Infoblox accounts team, so that the Systems Engineer could pick the right choices for you based on your environment/business needs.
Should there be any questions that needs clarification, please let us know.