DNS query flood
High-volume DNS queries against resolvers or authoritative servers. Stresses query parsing, cache, and recursive resolution paths.
How it works
- UDP (or TCP) DNS queries hit port 53 with varied QNAME/QTYPE.
- Recursive resolvers may fan out upstream lookups under load.
- NXDOMAIN-heavy patterns can amplify resolver work without large responses.
Packet flow (illustrative)
Engarde node Target
→Query: api.example.com A
←Answer: 203.0.113.10
→Query: randomNN.example.com
←NXDOMAIN
Illustrative flow — not a live capture.
Typical pattern Query PPS to :53
Engarde metric Query rate, timeouts
Layer DNS / app-adjacent
What to watch in Engarde
- Resolver latency and timeout rate under query spikes.
- Authoritative server CPU when bypassing cache.
- Any upstream provider DNS rate limiting.
Running this simulation
Engarde DNS simulation targets resolver or authoritative endpoints you authorize. Run short bursts first to baseline cache behavior.
Mitigation perspective
Response Rate Limiting (RRL), QPS caps, and anycast distribution; validate with simulation on staging DNS where possible.