Unknowns have reportedly carried out large-scale DDoS attacks on the Internet's DNS root servers, causing minor outages on four nodes. The servers affected were at nodes B, C, G and H, according to root-servers.org.
Two different attacks took place. The first started on 30 November, and lasted 160 minutes (from 6: 50 to 9: 30 UTC), and the second, which was smaller scale than the first, became 1 in December and lasted only one hour (from 5: 10 to 6: 10 UTC).
Administrators of DNS root servers report that the attacks were valid DNS queries addressed to two different domains (another in the first attack and the other in the second).
Each attack sent about five million queries a second per root name server DNS. Server administrators do not expect to catch the culprit, or the culprits, as the IP addresses of the source can be easily falsified, and the IP addresses used in the DDoS attacks were well spread and randomized across IPv4.
The DDoS attacks did not cause any serious damage, beyond a simple one delay to some users.
“The system of DNS root name servers performed exactly as designed, demonstrating its overall resilience to traffic floods (traffic floods) seen on many root DNS name servers,” the server administrators said.
Due to the way the DNS servers work, with a grid structure that looks like the Internet itself, if a server does not respond, other servers are interfering to prevent the millions of questions they receive.