DNS Hammer
A Tool to audit your DNS server's rate limiting configuration
Why DNS Rate Limiting?
Welcome to the DNS Hammer, a GUI tool to audit your DNS rate limiting configuration. Rate limiting stops attacks, where a DNS server is tricked into sending large amounts of data to a victim. As these attacks, known as "DNS Reflection", hurt the DNS server as much as the victim, you want throttle the DNS responses.
Who should use DNS Hammer?
If you operate a name server this tool is for you. If the zones hosted on your DNS server are DNSSEC enabled this tool is definitely for you.
DNS Reflections contribute to DDoS Attacks
The internet is plagued by Distributed Denial of Service attacks, DDoS for short. These attacks generate a lot of traffic by requesting data in the name of a hapless victim.
With DNS it is possible to send a query of 60-80 bytes that generates a response of 2000 bytes or more. Thus, the attacker can amplify his own bandwidth by a factor of 20, 30, or more.
DNS rate limiting ensures, that any DNS client only receives a limited number of large response packets. If this limit is exceeded, the DNS server instructs the client to repeat its query through a TCP-based connection. The process of redirecting the client to a TCP connection is called "truncation".
The TCP based data exchange requires the 3-way-handshake, making sure that only the desired DNS responses are delivered to a remote host.
How can the DNS Hammer help me?
DNS Hammer sends an unusually large number of requests to a DNS server of your choice. The tool counts the answers, and how many of these are truncated.
Activate DNS rate limiting on your server and run DNS Hammer to determine, if and at what rate the request limit kicks in.