Originally Posted by vikas027
I have just come across a term Denial-of-Service attack (DoS attack) or Distributed Denial-of-service attack (DDoS attack).
As I understand this, you are claiming that you had never heard of these terms before? And you have been a sys admin for some time and have been posting here even longer?
If you don't mind I'll suggest that you should do a little more research and background reading to stay on top of the security situation, because if this is the first time that you've heard about DoS attacks, there could be a lot of other stuff that you are missing.
Just for learning purpose, could you please guide how can I prevent my DNS server from DoS attacks. Any links, docs would be sufficient.
For some reason, you are unconcerned about DoS attacks on other parts of the infrastructure? So, if I have understood correctly, you don't care if anything else breaks -or even if everything else breaks- provided that your DNS server doesn't break? Normally, that wouldn't make sense, but maybe your job role has somehow persuaded you to take that position.
Now, what does this server do? does it just give you name services for an internal network? If so, you are concerned about DoS (or DDoS) attacks from your internal network. This does not seem like the most likely interpretation of your concerns, but it would help clarity for you to confirm or deny it.
Possibly, your DNS server only caches name responses from the internet. This would be a more likely thing to cause legitimate and reasonable concern. In this case, you would have a firewall between your DNS server and the internet. You should, therfore, be able to take measures in you firewall to protect your DNS server. What is this firewall?
Or maybe the DNS box does both? Or maybe you have a master and slave(s)? Or a redundant failover system?
And what software are you using for DNS?
If you want the best answer for your situation, please provide all of the information, otherwise people are likely to give you sub-optimal answers.
OK, I'll take you literally and supply this
link. You didn't seem to have an interest, but you did say that "Any links, docs would be sufficient." And it will give you something else to think about.