NXDOMAIN definition
NXDOMAIN attack is a type of Distributed Denial of Service (DDoS) attack that floods a DNS server with requests for domains that don’t exist. The server exhausts its resources while processing the requests and returns Non-Existent Domain (NXDOMAIN) responses. NXDOMAIN attacks cause slow website loading times and service outages.
Attackers use large networks of botnets for NXDOMAIN attacks, making it difficult to filter legitimate requests and block fake ones. The request load creates network congestion and exhausts the target’s bandwidth, CPU, and memory. NXDOMAIN attacks are hard to detect because the slowdown they cause can be mistaken for a performance issue.
See also: botnet, DDoS mitigation, DNS firewall, DNS TTL, flooding
Outcomes of NXDOMAIN attacks
- Website loading time is forcefully slowed down or experiences a complete outage.
- Infrastructure costs go up due to increased usage of computational resources.
- The disruption impacts providers and clients by preventing them from using the services.
Preventing NXDOMAIN attacks
- DNS firewall. Setting up a firewall to block requests from non-existent domains.
- Blackholing. Redirecting the incoming malicious traffic to a “black hole” network.
- Rate limiting. Implementing a limit on the traffic rate processing.
- Traffic monitoring. Observing the DNS traffic to detect abnormalities that could indicate an attack.
- DNS time-to-live (TTL). Increasing the TTL value to cache negative responses.
