Several of the internet's 13 root name servers were hit by two massive distributed denial-of-service (DDoS) attacks that peaked at nearly five million queries per second.
The first attack occurred on Nov. 30 at 6:50 UTC and lasted for about two hours and 40 minutes and the second attack occurred on Dec. 1 at 5:10 UTC and lasted for almost an hour, according to a Dec. 4 Root Server Operators press release.
Researchers said in the release that the attacks were large, noticeable via external monitoring systems, and fairly unique in nature because the source addresses were widely and evenly distributed while the query wasn't.
The traffic generated by the intrusions saturated network connections near some DNS root name server instances resulting in timeouts for valid, normal queries to some DNS root name servers from some locations, the release said adding, that several DNS root name servers were continuously reachable from virtually all monitoring stations for the entire duration of the incident.
“Because the DNS protocol is designed to cope with partial reachability among a set of name servers, the impact was, to our knowledge, limited to potentially minor delays for some name lookups when a recursive name server needs to query a DNS root name server,” the release said.
Researchers said it is unrealistic to trace the incident traffic back to its source because IP source addresses can be easily spoofed and the large amount of traffic.
