How it works
Our service is deployed in front of your DNS server, becoming the first destination for all DNS queries. Acting as a secure proxy, Imperva prevents illegal DNS queries from reaching your server while masking it from direct-to-IP network layer attacks.
From the Imperva dashboard you can whitelist specific queries and for additional peace of mind, you can also set a threshold to rate-limit the queries your server receives.
Finally, with DDoS protection for domain name servers in place you will still be able to manage your DNS zone files outside of the Imperva network.
DDoS protection for domain name servers uses a combination of reputation and rate-based heuristics to inspect incoming queries and filter out malicious packets without impacting legitimate visitors.
Improved DNS performance
Legitimate queries are cached for a set period of time. During that time, all subsequent queries are resolved directly from a nearest location on Imperva network. This accelerates performance and lessens the load on your own DNS server.
DDoS protection for domain name servers works in sync with our DDoS protection for websites and DDoS protection for networks services. Together they shield Imperva customers against all types of DDoS attacks.