BlueCross BLueShield
EE logo black
How DNS DDoS Protection works

How it works

Our service is deployed in front of your DNS server, becoming the first destination for all DNS queries. Acting as a secure proxy, Imperva prevents illegal DNS queries from reaching your server while masking it from direct-to-IP network layer attacks.

From the Imperva dashboard you can whitelist specific queries and for additional peace of mind, you can also set a threshold to rate-limit the queries your server receives.

Finally, with DDoS protection for domain name servers in place you will still be able to manage your DNS zone files outside of the Imperva network.

Precise DDoS mitigation

Precise mitigation

DDoS protection for domain name servers uses a combination of reputation and rate-based heuristics to inspect incoming queries and filter out malicious packets without impacting legitimate visitors.

Robust content delivery network

Improved DNS performance

Legitimate queries are cached for a set period of time. During that time, all subsequent queries are resolved directly from a nearest location on Imperva network. This accelerates performance and lessens the load on your own DNS server.

DDoS Protection Chart

Comprehensive protection

DDoS protection for domain name servers works in sync with our DDoS protection for websites and DDoS protection for networks services. Together they shield Imperva customers against all types of DDoS attacks.

Related Content

Key Resources

Protecting Cryptocurrency from DDoS Attacks

White Paper
Read paper ›
DDoS Protection Analytics

Enhanced Infrastructure DDoS Protection Analytics

Read blog ›