VPN Articles and News

CloudFlare Virtual DNS Launches To Tackle Massive DDoS Attacks

By Paul Liu
Tuesday, August 11th, 2015

CloudFlare, one of the leading content delivery network, performance and security specialist as well as provider of distributed domain name server (DNS) services on the web; has announced the launch of Virtual DNS service to tackle the growing menace of Distributed Denial of Service (DDoS) attacks. The new service will not only tackle an industry wide problem by helping organizations protect their infrastructure against massively targeted DDoS attacks, it will also enhance the security, availability and performance of the companies’ IT resources in a big way.

DNS refers to a hierarchical naming system which identifies servers, computers and other resources that are connected to the internet. Since all the web requests internally get translated into DNS lookup queries, the security and performance of DNS related infrastructure is absolutely critical. The importance of DNS has not escaped the attention of cyber-attackers either who are launching more and more sophisticated attacks against the DNS infrastructure of the organizations. And while the service providers and enterprises have much better protection against coordinated attacks these days, they are really helpless against massive DDoS attacks that can generate millions of DNS queries through a botnet and cripple the infrastructure of any organization within minutes.

The magnitude of botnet based DDoS attacks can be gauged from the fact that recent attacks handled by CloudFlare involved two hundred to three hundred million DNS requests per second and 500 GBPS of bandwidth. Matthew Prince, CEO of CloudFlare, said that while a little bit of traffic filtering can be done for DDoS attacks, it is tough to deal with a botnet based attack which has hundreds of thousands of nodes at its disposal and is channeling traffic through DNS resolvers. Since even large enterprises don’t have the infrastructure to deal with such large coordinated attacks, a significant downtime is almost inevitable whenever an organization became a target of a botnet based DNS attack.

Virtual DNS involves pointing an organization’s name server information to CloudFlare’s infrastructure instead of its own. The service works like a giant proxy wall which is scattered throughout the world and protects the customers’ name server information against coordinated attacks. In addition, the service speeds up access to customers’ infrastructure significantly. The best thing about CloudFlare’s Virtual DNS service is that enterprises don’t have to do any kind of disruptive changes to their legacy infrastructure (such as moving of DNS records) in order to use the service.

While announcing the launch of the service, Prince said that Virtual DNS is intended to be a lifesaver for companies who are still managing their own name servers. He pointed out that large enterprises and hosting service providers often struggle to meet the security and performance challenges associated with maintaining their own DNS infrastructure since replacing it could result in lengthy downtimes, significant disruptions to operations as well as inflated costs. With the launch of Virtual DNS, he said; organizations can now get the security, performance and assured availability of CloudFlare’s infrastructure with no disruptions or changes to their existing DNS infrastructure.