Name Server DDoS Protection
Name Server Protection is an always-on service, guaranteed to mitigate DDoS attacks targeting Domain Name Servers (DNS).
How it works
The Imperva Incapsula service is deployed in front of your DNS server, becoming the first destination for all DNS queries. Acting as a secure proxy, Imperva prevents illegal DNS queries from reaching your server while masking it from direct-to-IP network layer attacks.
From the Imperva dashboard you can whitelist specific queries and for additional peace of mind, you can also set a threshold to rate-limit the queries your server receives.
Finally, with Name Server Protection in place you will still be able to manage your DNS zone files outside of the Imperva network.
Name Server Protection uses a combination of reputation and rate-based heuristics to inspect incoming queries and filter out malicious packets without impacting legitimate visitors.
Improved DNS performance
Legitimate queries are cached for a set period of time. During that time, all subsequent queries are resolved directly from a nearest location on Imperva network. This accelerates performance and lessens the load on your own DNS server.
Name Server protection works in synch with our Infrastructure Protection and Website Protection services. Together they shield Imperva customers against all type DDoS attacks.