This topic explains frequently asked questions about DNS security.
FAQ
Q: What does DNS security mean in the paid edition of DNS?
A: DNS security refers to DNS attack prevention for domains attached to the paid edition of DNS. DNS attack prevention primarily protects against DNS query attacks. These attacks are conducted by sending numerous domain name resolution requests to the DNS server of the targeted domain. DNS query attacks can instantly create a heavy query load on the DNS server of the attacked domain. When the number of domain name resolution requests per second exceeds a certain threshold, it can cause DNS resolution timeout or even DNS server crash. This prevents users from resolving the IP address of the attacked domain, resulting in inaccessible websites.
Q: Does the Free Edition of DNS support DNS attack prevention?
A: No, it does not. The Free Edition does not provide DNS attack prevention.
Q: Does Cloud DNS support DNSSEC?
A: Yes, it does. Domain Name System Security Extensions (DNSSEC) is a DNS security authentication mechanism provided by the Internet Engineering Task Force (IETF). DNSSEC enhances DNS authentication by using digital signatures based on public key encryption, adding a layer of security protection to DNS infrastructure. This feature effectively ensures that visitors are accurately directed to your web server and prevents DNS hijacking and pollution.
Q: Does DNS security support protection against DNS flood attacks?
A: Yes, it does. To use the DNS security feature, ensure that the paid instance to which the domain is attached has purchased the DNS security service (this service can be selected when you purchase the instance). When facing DNS flood attacks, different defense levels provide different degrees of protection:
Basic DNS attack defense: Provides basic DNS attack protection capabilities for all domains attached to paid instances. The basic DNS attack defense limit does not exceed 10 million queries per second, suitable for general DNS attack prevention.
Full DNS attack defense: Provides comprehensive DNS attack protection capabilities for all domains attached to paid instances. It can withstand DNS query attacks of over 100 million queries per second, suitable for scenarios that frequently experience severe DNS attacks.
For more information, see DNS security.
Q: What is the protection scope and service capability of DNS security?
A: DNS security levels are divided into basic DNS attack defense and full DNS attack defense. The basic DNS attack defense limit does not exceed 10 million queries per second. Full DNS attack defense can withstand DNS attacks of over 100 million queries per second.
Q: Is the protection fee for DNS security charged based on the validity period of the paid edition?
A: Attacks that occur during the validity period of the paid DNS are within the service scope of protection.
Q: Where can I view the DNS attack protection data after purchasing DNS security?
A: The Cloud DNS console provides DNS protection data viewing. You can refer to the DNS security operation document.
Q: What should I do if DNS attacks exceed the limit of full DNS attack defense?
A: If you encounter this situation, we recommend that you contact us by submit a ticket.