DNS (Domain Name System) resolvers are devices and software services (e.g., client side or at an internet service provider (ISP)) that communicate with DNS name servers within the DNS system to resolve a domain name in response to a DNS name resolution request. Resolving a domain name may be the process of identifying a network address that is mapped to a domain name. For example, the domain name example.com may be mapped to the IPv4 address 93.184.216.119. DNS resolvers may be found in enterprise networks and ISP (Internet Service Provider) networks, as well as public DNS resolvers (e.g., Open DNS Resolvers) which may be DNS resolvers that are operated and maintained by various private entities. The DNS resolvers use the DNS system protocol to retrieve DNS information from authoritative servers and return the DNS information to various end-user applications.
DNS name servers are often targets for malicious attacks where DNS resolution requests sent by unknown DNS resolvers are meant to overwhelm a DNS name server. These malicious attacks can potentially cause a targeted DNS name server to slow to a point that the DNS name server may be unable to respond to legitimate DNS resolution requests. For example, a DDoS (Distributed Denial of Service) attack may be a type of malicious attack where an attacker sends IP (Internet Protocol) packets from a false (or “spoofed”) source address in order to disguise the identity of the attacker. A Denial-of-service attack may use IP spoofing to overload networks and devices with IP packets that appear to be from legitimate source addresses. The overload of IP packets may cause the DNS name server to become slow in responding, resulting in the DNS name server being unable to respond to legitimate DNS resolution requests. In the event of a malicious attack, network administrators may have a difficult time identifying non-malicious DNS resolution requests from malicious DNS resolution requests.