Author Archives: Alan

​What is a Smurf DDoS Attack?

The Smurf DDoS attack takes its name from the malware used to execute the attack. Smurf malware was created by an adolescent, Dan Moschuk (1997). First, he shared the original software just with his friends, but the smurf.c was crashing Internet Relay Chat (IRC) servers a bit later.

For Dan, this was an achievement. For the world, it was another threat to be worried about. 

The Smurf malware proved to work, and that encouraged him to enhance it for being more harmful. And he got it. Years later, he released his Fraggle.c., a UDP version of the Smurf software.

What is a Smurf DDoS attack?

Smurf Distributed Denial of Service (DDoS) attack belongs to the protocol-based type of attacks. Its goal is to shut down computer networks for their resources not to be available for genuine clients. 

Smurf DDoS attack is a strike that takes advantage of the Internet Control Message Protocol (ICMP). Through it, many ping data packets with a forged IP address of the target are sent to defined or multiple computers. As a result, those computers will respond to the server. Traffic will increase so that the resources of this server will be over faster than normal. Then, the target will be shut down, and not being available represents money loss for your business.

How does it work?

There are variants, but we will mention the general steps this attack follows.

Everything begins with the Smurf malware replacing the genuine data packets’ IP address with the fake IP address of the target. This first step is meant to direct considerable traffic to the targeted server. 

Then, to amplify its might (traffic), data packets go to a broadcast IP address of a router. By doing this, they will be sent to each machine connected to the network. 

And finally, as a result of these actions, all devices that got the data packets will respond to the targeted server because of the fake IP address. So you can imagine the number of devices that a large network can include, therefore the increase of traffic this will produce. 

The arrival of all these not-requested queries will create a conflict on the server: the more queries, the more difficult it is to handle them. The server can get sluggish due to the abnormal consumption of essential resources like bandwidth. The ping traffic generated through the ICMP echoes can take over the whole bandwidth. As a result, there won’t be enough resources to serve genuine clients’ queries. With the server’s defeat, the criminal objective is reached. The denial of the service will be displayed for users.

Can a Smurf DDoS attack be prevented or mitigated?

Yes, there are actions you can execute to prevent or mitigate a Smurf DDoS attack.

  • Get an anti-DDoS solution for your servers.
  • Monitoring your traffic in detail to detect strange traffic loads and spikes and to check data packets’ volume and signature is key to preventing an event.
  • Be aware of bandwidth behavior. For example, an uncommon fast consumption could be an indicator of a Smurf DDoS attack attempt.
  • Get redundancy and a load balancing solution to distribute traffic. Big loads won’t be a threat if they get directed to different servers.
  • Configure hosts and routers not to respond to ICMP echo requests.
  • Configure the operating system not to allow IP broadcast queries.
  • Configure the perimeter of the firewall for blocking pings that come from outside the network.


Don’t underestimate the danger of the Smurf DDoS attack. Consider measures to prevent it or mitigate it before it hits you.

​How DNSSEC works Step by Step

The DNS protocol is over 30 years old. It is amazing that it is still working so well. But it has a massive flaw, the security. So here comes the security extension called DNSSEC that provides digital signatures (keys) that let DNS clients validate and prove that the DNS data was not modified on the way, and it can also prove a negative answer (the requested item does not exist).

​What is DNSSEC? 

DNSSEC is Domain Name System Security Extensions. It is a compilation of different security measures that provide cryptographic authentication of DNS data. It proves that the DNS data has not been modified but still does not encrypt the DNS records. It works like a chain of trust that helps verify each step that a query takes. 

​Step by step DNSSEC

The following steps are universal, no matter if you are using Windows, Linux, another OS, or a SaaS solution. The interface will be different, but you must perform the same actions, so you can follow this step-by-step guide and check another one for your particular case.

​Choosing the algorithm for encryption

One of the first decisions that you will face is choosing the exact algorithm you want to use. Your options are:

  • RSASHA256
  • RSASHA512
  • DSA
  • ED25519
  • ED448

​The size of the key

It is connected to the last step, but it is very important to choose the right algorithm because it will affect the size of the keys. It is recommended to use at least 2048-bit KSK (key signing keys) and 1024-bit ZSK (zone signing keys). Larger keys mean better protection, but more computer power for signing too. Also, think about the limits when it comes to the size of the queries. More than 4096 bytes could be a problem. 

​Generating the DNSSEC keys

Now, when we have chosen the algorithm, we must create the ZSK and KSK keys. You need to create them and put them in the correct directory (if you are not using a SaaS solution). With the private ZSK, you will sign the zone, and technically, you will already use DNSSEC. This process will group similar records in resource records sets, which will be encrypted. Not the individual records. The process will create RRSIG records and DNSKEY public key for the resolvers to open the records.  

Because it is a chain of trust, the upper level needs to be able to verify the sub-zone. This is why we need the next steps in the DNSSEC process. 

​Creating the DS record

The DS record is the DNS record that you need to put in the higher level zone (parent) to prove the chain of trust. It will contain the hash, the value of the DNSKEY (the public key) that validates the signature.

​Put the DS record in the parent zone.

Now that you have successfully created the DS record, it is time to put it in the parent zone. Go to your registrar’s site. There you need to put the newly created record so it can authenticate the zone below.

​DNSSEC query

When a DNS client requests a record, the DNS recursive server will ask for the RRset of the requested type of record, the RRSIG record, and the public ZSK record to unlock them. If the key matches, the zone can be trusted, and the records can be used. 

Easy guide for checking DNS propagation.

You make some urgent modifications to your DNS records. An hour later, your boss calls you complaining because changes are not visible. There are two choices. You get very nervous, not understanding what’s wrong. Or you know perfectly what DNS propagation is, therefore you can totally confidently answer to your boss that he has to be patient and wait for this process to be completed.  

For online business owners and administrators, DNS propagation can be a cause of constant headaches. Or not, if you learn its details. That’s why we prepared for you this easy guide for understanding and checking the DNS propagation process.

What is DNS propagation?

Your DNS infrastructure requires maintenance daily and changes every time you plan strategic moves for your business. To execute those tasks directly involves the addition, removal, or edition of different DNS records.

In that context, DNS propagation means the necessary process to update every single change and to spread it all across your DNS network.

Changes to DNS records will be made and stored directly on the authoritative DNS nameserver. But DNS networks involve not a single server but many more (DNS recursive), usually distributed globally. If they don’t have the last update, they will keep serving the previous one (stored in their cache memory) until DNS records’ time-to-live (TTL) values expire.

For all clients worldwide to get the newest update, the DNS update-spread process must reach every server on the whole network. Then DNS propagation will be completed. Remember that DNS recursive servers are the ones that take your clients’ requests to search for answers. Therefore, their work serving them can be affected if they are not up to date.

This is the answer for your impatient boss! Changes on DNS records will not necessarily be propagated with light speed. Actually, different factors can intervene, making the process faster or slower. A common reference of the time that can take to complete DNS propagation is up to 72 hours. It can be a lot less or even more.

And if your boss doesn’t believe you, no worries, you can get evidence to support your words. You can check how DNS propagation is going! 

Easy guide for checking DNS propagation.

Here you have three alternatives. Choose based on your operating system (OS) or preference.

Linux and macOS users, here you have:

Try the Dig command. 

First, open your Terminal, and then type: “dig domainname*.com*” command.

A lookup for A or AAAA will be triggered. As a result, you will be able to see the IPs of your website. Have they changed or not yet? If they changed, DNS propagation already succeeded. If they haven’t, it should still be on its way.

*Type your domain name and corresponding TLD instead of those in the example.

Windows 10 users.

Open the Command Prompt.

Once there, you can use Nslookup on your domain name. Only type: nslookup domainname*.com*

Again, the lookup result will point out if your website’s IP addresses have changed or not.

*Type your domain name and corresponding TLD instead of those in the example.

Online DNS propagation checkers.

There are online tools for performing DNS lookups to check information related to domains located in different countries. Through them, you can check if the DNS changes you made have been updated. 


DNS propagation will be needed after every modification you try on DNS records. From routing the e-mail, changing TTL values on records, redirecting clients to subdomains, etc. Go deeper into how it works to learn how to influence it in your favor!

Email forwarding – Definition

Email forwarding explained. 

Email forwarding is a simple mechanism for automatically redirecting emails, but on a domain level. It is possible to redirect emails from one email address to another, or in the other case, from several separate email addresses to a particular one. You are able to define the time factor freely while getting the service. So, that means you can choose for what period of time this operation is going to be performed. You can define a short, medium, or long period, or maybe even you want it to be permanent.

Reasons to use it.

Email forwarding is one of the most fundamental and broadly applied email features. It makes the communication way smoother and also organized. Let’s see some examples where email forwarding is a great option.

  • Centralize messages – Some positions in an organization or specialists can find it helpful to centralize all the messages. So, they will have to check only one email account. These could also be individuals responsible for more than one domain, or owners of several businesses, supervisors of different projects, and so on. For sure, all of them receive a lot of emails every day. With email forwarding, all of the emails will be redirected to one email address you determine.
  • Avoid losing potential clients or audiences. There could be a reason for a business to change its domain name. Such cases could be restructuring based on growing, business merges, or renovation. While you are engaged with such tasks, your clients will probably still try to contact you via the previous email. So, it will be a good idea not to quit your previous domain directly. Alternatively, renew its ownership time enough, so your customers get correctly familiarized with the change. Establish email forwarding for all the incoming messages to be redirected from the former email address to the new one. 
  • Avoid that personnel rotation stops your potential deals. Every business has key positions in charge of delicate data, contacts, negotiations, etc. Even your happiest executive can be tempted by another company and suddenly quit the job. Also, different reasons can lead you to fire people in those positions. Time for hiring a new person, for introducing him/her, and for he/she to get up to date can mean the difference between getting or not a deal. Avoid risks by redirecting all emails sent to an email account to the one you define. Conversation between the client and your company can keep going no matter the inside situation. And the new colleague will have all the information to be soon on the same page!
  • Apply a disguised public domain email account. Usually, businesses use email addresses, including their domain names. It helps them with providing a professional image and confidence in their clients. Of course, if you prefer to use a personal account provided by a public email provider, such as Google’s Gmail, you can achieve this with email forwarding. It will successfully redirect all emails to your preferred email address. Customers will be able to send you messages to, and you will receive them at In addition, your personal email account will be absolutely private.

Advantages of Email forwarding

  • Easy to use. All of your emails are delivered to one email address.
  • Don’t lose clients. Your ex-employee’s email can be redirected to a different mailbox, and stay in touch with them.
  • You are able to apply the email software you prefer and forward the emails there.
  • Save time by managing all the emails from one single account.

SPF record – What is it?

SPF record explained.

SPF record stands for Sender Policy Framework record is a DNS (Domain Name System) record that specifies essential information for a domain name. It points to the outgoing mail server that is responsible for the particular domain. The MX (Mail eXchanger) record serves to show which email servers are responsible for the incoming emails for the domain. On the other hand, SPF records indicate which email servers qualified for sending emails on behalf of the domain name.

Let’s say you want to send an email to But, first, the incoming mail servers of are going to check your domain name. Then, they are going to look for the SPF record and follow the rules that are set by it. Your email is going to be successfully received only in the case the SPF record is present. In another case, your email could end in the SPAM box of your recipient.  

How does it work?

With SPF records, domain owners are able to make a public list containing all of their authorized senders, which are the outgoing mail servers and their IP addresses. Thanks to that list, servers that receive emails are able to verify if the email is delivered from an authorized server to communicate on your company’s behalf. If that message is not received from some of the servers included in the list, the server receiving the email will consider it fake. 

Establishing rules with SPF record

The rules are based on two main groups. The first one is the qualifiers, and the second one is the mechanisms of the SPF record.

The SPF qualifiers are:

  • “-” That minus symbol indicates FAIL. It is a warning that messages coming from the domain must be rejected. 
  • “~” That tilde symbol indicates SOFT FAIL. The signal here is when a message comes from the domain, it should get a failed tag, although it can also be allowed.
  • “?” The question mark symbol indicates NEUTRAL. The signal, in this case, is that there are no policies involved (none).
  • “+” The plus symbol indicates PASS. Messages, which are coming from the domain are signalized that they should be accepted. 

The SPF mechanisms are: 

  • ” all” – All mechanisms after that it will be ignored.
  • ” include” – It provides you the opportunity to include more other domains that are able to send emails from the mail servers of the domain. You can unite, and to send from
  • ” a” – When you pick it, then the A or AAAA records will require to get a match with the return path, and emails can be allowed.
  • ” mx” – When you select it, then an MX query requires to be completed and to get a match with the return path. If there is a match, then it is going to be allowed. 
  • ” ptr” – When you select it, then a PTR query requires to be completed and to get a match with the return path. It is allowed only if they match.
  • ” ip4” – This is going to review only A records (IPv4 addresses) to examine if they correspond to the domain.
  • ” ip6” – This is going to review only AAAA records (IPv6 addresses) to examine if the IP addresses match the domain.
  • exists” – This is for more complex queries.

DNS resolution – overview

Have you ever wondered how you can access so easy, so fast, a website on the Internet? 

If you get curious about how this magic happens, DNS resolution is the clue you need to follow.

What is DNS resolution?

Domain name system (DNS) resolution is the process of translating the domain name you type into your browser into the corresponding IP address of that domain. Without the IP address, the domain you search for can’t be located and loaded.

A domain name can have more than one IP address. For instance, it can have one IPv4 and one IPv6. During the DNS resolution, both will be requested. Or it can have multiple IPv4 (or IPv6) addresses, and when the DNS resolution process gets triggered, it will be enough to get one of those addresses to serve the domain.

The reason for this necessary translation emerged decades ago. When the Internet was young, hosts were searched using their IP addresses and stored in a manually updated Host file. Humans could still memorize those numbers (example:, but it was not simple. Still, to search this way was possible because there were a lot fewer devices than currently. 

The Internet succeeded, domains got multiplied, and the use of IP addresses got really hard for humans. Therefore, the domain name system (DNS) was created (1983). Instead of using a manually updated Host file with IP addresses, humans could type a name like 

Then, IP addresses are used by machines, domain names by humans. 

How does DNS resolution work?

Fasten your belt because we are about to get inside the big DNS machinery, and the trip will take milliseconds!

Everything starts when a user requests a domain name ( inside the browser. The DNS resolution is triggered! The domain name has to be translated into its associated IP address to be loaded. The request will be taken by the expert searcher of IP addresses: a DNS recursive server.

If it’s not the first time the user visits this domain, there’s a chance that the DNS recursive server still has it on its cache. These servers’ cache gets configured with a specific TTL (time-to-live) value that establishes the period of time to store data. Once the TTL expires, an update will replace the previously stored data. Then, if the DNS recursive server has the IP address, the process will last a blink of an eye. The translation will happen immediately, and the requested domain ( will be loaded. 

But, if it’s the first time this domain is requested, or if its IP address is not available in the recursive server’s cache, it will have to ask other servers for it. 

First, the DNS recursive server will ask the Root server. It will check the TLD (top-level domain) of the requested domain (.com in our example). Then it will point to the DNS recursive server, the corresponding TLD server for the domain. Both servers will communicate, and the TLD server will point to the right authoritative nameserver, so the recursive can request the IP address.

The recursive server will reach the authoritative one, and this last will provide the IP address. The user’s request will finally be answered by properly loading The DNS recursive server will store the IP address in its cache. 


We are very used to the web, and sometimes we take it for granted. But behind every search, there’s a massive process taking place for loading your domain or for you to access that e-shop, news site, social network, etc. And the complete DNS resolution process happens in milliseconds! Amazing, isn’t it?

What does DNS cache mean?

The Domain Name System (DNS) is a keystone for the Internet to work as well and easily as it does for users. But to be vital means, it’s always busy, hard demanded and sometimes, even stressed.

Balancing this and not risking the important mission DNS has, different mechanisms and technology have been developed to make some tasks easier. The objective is to reduce work for the system and devices and accelerate the answer to users’ requests. 

And that is the case with DNS cache!

What does DNS cache mean?

The DNS cache or DNS resolver cache means the temporary cache memory that DNS recursive servers (resolvers) and devices like your computer or mobile have to save the DNS records from the domain names you have already requested. 

Those DNS records are domain names’ and subdomains’ IP addresses (A for IPv4 addresses and AAAA for IPv6). Records related to their verification, authentication, mail servers, etc. They will remain in the DNS cache only the time that their TTL (time-to-live) establishes, not permanently. 

Let’s say it is a mechanism to avoid the multiple repetitions of a DNS lookup to get the necessary IP address for loading its corresponding domain name every time the user requests it. Instead, they could be multiple DNS lookups to serve the same domain name.

Think about the time and effort that can be saved if that information remains handy for a while. The answer to the users’ requests can be executed faster and resources better optimized.

How does it work?

Simply, the operating system (OS) keeps a temporary database on the memory of the server or other devices. 

Then, a user requests a domain name for the first time. The DNS resolution process gets triggered. The user’s browser sends the request. A resolver DNS server gets this to look for its corresponding IP address. 

This search will start with the resolver asking the root server, which will point to the TLD server for the requested domain. The resolver will then ask that TLD server, which will answer, pointing the authoritative name server in charge of the requested domain. This last will be the provider of the IP address for the resolver. Then, finally, the resolver will answer the user’s request while sending its corresponding IP address for the domain to be served and visited by the user.

Together with more domain DNS records, this IP address will be saved on the database we mentioned (cache). Both in the resolver cache and in the device cache. The next time the user requests the same domain name, to load it will be faster and easier. A new DNS lookup won’t be needed. The information will be found directly in the DNS cache.

This will happen with every domain requested. And based on the TTL value established on each DNS record, they will be more or less time available directly on the cache. Once the TTL expires, a new lookup will occur if the domain is requested again, and its results will be kept in the cache. 

What is DNS cache poisoning?

Unfortunately, cybercriminals already know very well how useful DNS cache is, and they have created a way to take advantage of its functionality.

DNS can be poisoned by inserting IP addresses or domain names into it for directing users to dangerous destinations, usually malicious websites. 

The DNS cache can get corrupted due to technical issues or administrative errors, but sometimes its corruption means criminal activity in progress. You can clear the cache regularly to prevent this risk. 

Why is the DHCP server used?

The DHCP server is one of the really beneficial components when we are speaking for an extensive network. It can significantly reduce the number of errors made when a network administrator has to assign IP addresses manually. Let’s explain a little bit more about it and why it is used!

DHCP server – What does it mean?

The short DHCP server stands for Dynamic Host Configuration Protocol server. It is a server that automates different tasks and network configurations. This server relies on the standard DHCP protocol inside a particular network. Some examples of implementing the DHCP server are assigning Internet Protocol (IP) addresses to various devices, default gateways, subnet masks. 

When you have a DHCP server, it is going to serve the queries of the clients automatically. Furthermore, it is going to provide them all required parameters and configurations to achieve communication on the network without any difficulties.

In case you don’t have a DHCP server, these kinds of tasks are going to be a responsibility of the network administrators. They will have to serve those requirements of clients to join the network, all of it performed manually. In more extensive networks, this could be a full-time job. 

Why use a DHCP server?

The process of supplying, administrating, and renewing IP addresses will become automated and dynamic. You just have to set up your particular preferences on the DHCP server. As a result, the process is going to operate without the need for any permanent further supervision.

Human mistakes are lead to a minimum, and automation helps with it. Every device, such as a smartphone or a computer that wants to connect successfully to a particular network requires a unique IP address. It is not possible for one IP address to work at the same time for several devices. 

The connection is not going to be achieved. Leases require to be monitored and renewed. Endpoints need to be modified, etc. Such tasks are capable of overwhelming the most prepared administrators if they have to perform them manually. The high number of demands can transcend them and lead to mistakes. Effectively this can be avoided with DHCP.

The process of configuring, modifying, and upgrading is pretty simple. The settings are going to be saved and propagate for everything to operate without any difficulties.

How does it work?

the Dynamic Host Configuration Protocol process has four main stages:

1. Discover. The client of the DHCP is going to distribute a message. This message includes information that it is on the network and that it requires an IP address.

2. Suggestion. The DHCP server receives the discover message from the client. It is going to proceed with suggesting an available IP address from the IP pool that this DHCP manages. 

3. Request. The client is going to get the DHCP offer for an IP address and also has to accept it. As the next step, the client sends a request to accept the given IP address back to the Dynamic Host Configuration Protocol server. 

4. Confirmation. The DHCP server receives the request. So it records it with details like, what IP address was given, to which MAC, and for how long. Then, it is going to confirm it and send the full network data required, such as DNS server, subnet mask, gateway, etc. 

Creating a website – 4 basic steps

Creating a website is an easy process. Follow these 4 basic steps, and you will get your site up and running in no time.

​1. Register your domain name

If you already have a business going on, this might be an easier task. Try to find an available domain name, similar or the same as your company’s name. Don’t try any misspelled version of your brand because this might confuse your clients. There are plenty of TLDs. Don’t limit your search to just .com. You might find a very good option with a new one. Just pay attention to the register and the renewal fees.

If your business is new, then think about a short and memorable domain name that could become your brand. Think about keywords that are related to your business, products, or services and try different combinations. Find a great one and get it from a domain registrar.

Think about from which country the registrar is. If it is not from yours, there might be different taxes applying.

​2. Find a web hosting company

The second step of creating a website is to find the right web hosting. Now ask yourself, what is the purpose of the website? Is it just your company’s web presence, or will it be an e-commerce site?

Think about how many resources you need, and it won’t be so hard to choose the right type of web hosting.

A shared web hosting is usually good for a basic site with not so many visitors.

If you want to run an online shop, it would be better to choose VPS (virtual private server). It will have dedicated resources for you that you don’t share with the rest.

There are also various cloud solutions, but you should check what exactly do they promise. For example, are there dedicated resources, or will you share everything with your neighbors?

It is also important to think about the physical location of the server. As closer it is to your potential clients, the better.

Web hosting from your country might be a good choice.

​3. Prepare your content

Here you have 3 choices:

  1. First, do it yourself. You can think about the structure of your site – menus, categories, articles, texts, items, products, etc. Write the content following SEO rules and content structure. Find images that you can legally use for your needs.
  2. A variant is to use a digital agency. A company that is dedicated to creating websites and content for them. This option might be better, but it might cost a lot, so think it well.
  3. Hire a freelancer. There are many available writers out there that will charge a lot less than an agency, and there is a good chance it will be better quality.

Whatever you decide, you still need to be engaged in the content and work to get it right.

​4. Build your website

Again the same 3 options will be in front of you:

  1. Do it yourself. It is fairly easy to install a content management system like WordPress. Then you can expand the functionality with extra extensions and make it pretty with a custom theme. It takes some time, but in general, most people can do it.
  2. Agency. You can get a complete deal of content, website building, and digital marketing together. Everything to create a website and start using it right away. Again, just think about the price and don’t get surprised at the end.
  3. Freelancer. There are freelancers who only create sites. If you are thinking about a custom website with unique features or designs, this option might be the best one. Find references for the person you are hiring and not blindly trust them.

So, what are you waiting for? Go and create your website today! Your clients are already waiting for it!

​What is a DNS outage?

Imagine this. You are an owner of a large e-commerce site. It is Black Friday, the biggest online promotion that you have, and you are eager to see how the site is going on. You type your domain name into your browser and… “Oh no!” “It is not opening. This is a disaster!” What is going on! You are experiencing a DNS outage that might completely devastate your promotion!

​So, what is this DNS outage?

DNS outage is the time when your DNS is not functioning for some reason (your nameservers were attacked, or they were saturated with too strong traffic, etc.), and that does not allow the domain resolution of your domain name to its IP address. The DNS resolution is the first step to enter a site. The browser won’t know where your website is hosted without it, and it can’t find its content.

All the visitors trying to resolve your domain will get an error message and won’t be able to access your site.

In a simple term:
The DNS outage is when your potential visitors enter your site name (domain name) into their browser and don’t get redirected to its IP address.

​Why is it bad?

If the DNS is down, nobody will be able to visit your site, and all the services related to the domain name, like emails, won’t function correctly. You will need to get it up and running again to get back all the temporary lost functionality.

During this time, you can:

  • Miss potential visitors.
  • Lose potential sales.
  • Have problems with services like email, FTP, VoIP, etc.
  • And more.

​What causes DNS outage?

  • Human error. Don’t be surprised. Most of the mistakes in Tech are human errors. For example, somebody didn’t configure the DNS records properly. Another performed a DNS migration badly, and so on. There are plenty of problems that could cause it. 
  • Hardware problems. If you are using your own server for DNS, any hardware failure could bring your server down and all the services that it provides. That is the risk of having your own server. 
  • DDoS attack. A Distributed Denial of Service attack is targeted traffic going your way with the purpose of taking out of service your server or servers. There are plenty of DDoS attacks in the last years, and their popularity is just increasing. They are getting stronger too, so the future does not look very pinkish in this aspect.

​Could I have prevented the DNS outage?

Of course, you could have prevented the DNS outage, and there are different measures that you can take to prevent future DNS downtime:

  • Secondary DNS. The easiest solution that could save you in most cases is to use a secondary DNS service. Preferably with another DNS provider. The secondary DNS will allow you to have other authoritative DNS servers that could still respond to queries, even if the Primary DNS is down. The more, the better.
  • DDoS protection. Many of the times that you are experiencing a problem with your domain name, the reason is a DDoS attack. Unfortunately, those traffic attacks have become cheap, and it is common that cybercriminals, sometimes paid by your competitors, are bringing down your domain. Get DDoS protection for your DNS servers that can resist strong traffic.
  • Load Balancing. You can organize your nameservers to use a load balancing method and redirect the traffic between them. That way, you can be sure that the weight is not falling on one of them. Spreading heavy traffic will improve the performance and the resilience of your DNS network.

Suggested article: What is a Smurf DDoS Attack?