DGA Attack mitigation

Petr Špaček petr.spacek at nic.cz
Mon Apr 9 18:19:49 UTC 2018


generally speaking 20 % of NXDOMAIN (or even more) is about normal
pattern we see in normal traffic.

Blame Google Chrome and the like, they use it do detect DNS hijacking.
Aggressive use of DNSSEC-validated cache will help for signed zones but
there is no real 'solution' except fixing clients.

If you want to protect your own zone, sign it using DNSSEC. More numbers
can be found in following presentation:


Petr Špaček  @  CZ.NIC

On 9.4.2018 20:04, Mahdi Adnan via Unbound-users wrote:
> Hi,
>  Im wondering how Unbound users are handling DGA and DGA like attacks.
> Im running 20 Unbound servers and around 20% of response are NXDOMAIN,
> for queries coming from my clients.
> Anyone experienced this kind of attack before ? if so, how do you
> protect your servers against it ? is there something Unbound can do ?
> -- 
> Respectfully*
> **Mahdi A. Mahdi*

More information about the Unbound-users mailing list