Skip to main content
September 12, 2012

Could Your Domain Survive a DNS Attack?

Millions of web sites suddenly became unreachable on Monday due to severe DNS-related problems at GoDaddy. Whether this was the result of a hack, or an internal problem, or a combination of both remains a hot topic, but today we're going to ask a more pragmatic question: Could your domain survive a DNS attack or failure?

You may already have a robust, reliable web application infrastructure, but if a DNS problem prevents people on the Internet from connecting to your site, then it hardly matters how good the rest of your system is.

The key to a robust DNS infrastructure is diversity. You want to have several different DNS servers, running on completely different networks, operated by completely different organizations. That way, there is no single point of failure, and even if one of your critical DNS providers goes down or is under attack, web browsers can still locate and connect to your web site. didn't have enough DNS diversity, and we were affected by the GoDaddy problem -- a situation we're already working to remedy.

We've put together a quick tool that lets you check your domain's DNS survivability; it checks your domain's authoritative DNS servers for good network diversity and good operator diversity.

Enter your domain name:

Here's what a great DNS setup (for "") looks like; note the excellent network diversity and operator diversity. With a setup like this, no single DNS attack or failure would make "" unreachable.

DNS Survival Report for
The most common problems you may face with your DNS setup are lack of network diversity and lack of operator diversity. Both can be addressed quickly, easily, and economically by adding an additional "secondary DNS provider" in addition to your existing DNS setup. Establishing a robust, diverse, distributed DNS infrastructure is key to surviving domain system attacks and failures.

Related Content

Mark Kriegsman, Director of Engineering, is responsible for leading the development of Veracode’s flagship static binary analysis system. In addition to providing direct technical leadership, he also works closely with Veracode’s Research and Product Management teams to refine and improve Veracode’s product offerings. Mark is a lifelong innovator and entrepreneur, with over twenty-five years experience in advanced software and systems development.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.