DDoS attacks and DNS resilience: are your controls keeping up?

TL;DR: DDoS attacks overwhelm web servers with fake traffic, often from botnets made up of hacked or remotely controlled devices, and can crash services fast, according to DigiCert. The underlying lesson is that availability failures are governance failures too, because resilience depends on layered DNS, network, and identity-aware controls rather than a single defensive setting.

NHIMG editorial — based on content published by DigiCert: What is a DDoS Attack?

Questions worth separating out

Q: How should security teams reduce DDoS risk for internet-facing services?

A: Start by identifying the services that would fail first if traffic suddenly spiked, then place filtering, rate limiting, and scrubbing in front of them.

Q: Why do botnets make distributed denial-of-service attacks so difficult to stop?

A: Botnets spread traffic generation across many compromised devices, which makes each source look small while the combined volume overwhelms the target.

Q: What breaks when DNS becomes the choke point during an attack?

A: When DNS is overloaded, users may be unable to resolve or reach services even if backend systems are still running.

Practitioner guidance

• Map DNS and web service choke points Identify which resolvers, load balancers, and public endpoints would fail first under sustained query floods, then document failover paths and dependencies.
• Implement upstream traffic filtering Use rate limiting, scrubbing, and edge controls before traffic reaches shared server capacity so fake queries do not compete directly with legitimate users.
• Harden the device population that can be conscripted Patch IoT and endpoint fleets quickly, remove unnecessary remote access, and monitor for the warning signs of zombie infection described in the article.

What's in the full article

DigiCert's full blog post covers the explanatory detail this post intentionally leaves for the source:

• The article walks through the DDoS sequence from botnet assembly to query flooding in plain language.
• It gives examples of device infection symptoms such as random shutdowns, slow internet, and update failures.
• It lists notable historical outages, including Dyn, GitHub, AWS, and Sony PlayStation Network.
• It explains why redundancy and DNS techniques matter when the target is public-facing.

👉 Read DigiCert's explanation of how DDoS attacks overwhelm DNS and web services →

DDoS attacks and DNS resilience: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →