DNS amplification attacks increase 1,000 percent

Nexusguard researchers attribute Domain Name System Security Extensions (DNSSEC) with fueling the new wave of DNS amplification attacks, which accounted for more than 65 percent of the attacks last quarter according to the team’s evaluation of thousands of worldwide DDoS attacks. DNSSEC is designed to protect applications from using forged or manipulated DNS data, however, the extra security DNSSEC provides relies on a resource-intensive data verification process using public keys and digital signatures. While intended to be a patch to DNS poisoning, DNSSEC has had the unintended consequence of creating yet another DDoS vulnerability The growing adoption of DNSSEC technology though suggests that DNS amplification risks won’t disappear for service providers or enterprise networks anytime soon.

Source: https://betanews.com/2019/09/16/dns-amplification-1000-percent/