DNS (Domain Name System) is a distributed database which allows for a local control on each part of entire database while data of each part can be visited by way of client-server in an entire network. With backup and caching mechanisms, DNS will have a strong and adequate performance.
Currently, software systems providing DNS resolution are generally BIND, modified BIND version, NSD and POWERDNS, for example. These kinds of software can achieve a certain resistance to attack for example by ANYCAST load balancing.
However, DNS is based on UDP (User Datagram Protocol), which can be attacked by requests that are easily generated by simulation. With development of system and increasing improvement of hardware, a single machine may transfer significantly improved UDP pockets, and thus it is easy to transfer millions of DNS request attacks per second by a few machines.
In addition to structural anomaly data attacks, current attack programs may also construct request attacks which completely the same as normal data initiated by a user. At the same time, DNS response performance is particularly important. While DNS defense capability is improved, it is necessary to improve service processing capability of a single machine.