Additionally, DNS responses can be much larger than the corresponding requests. DNS DDoS Amplification: DNS uses UDP, a connection-less protocol, for transport which means that an attacker can spoof the source address of a DNS request and have the response sent to an IP address of their choosing.A classic example of this is the 2016 DDoS attack against Dyn, where an army of bots hosted on Internet connected cameras caused outages to many major websites, including Amazon, Netflix, Spotify, and Twitter. DDoS attacks against DNS can make websites unreachable by making the DNS servers that serve them unavailable by saturating the networks with what looks like legitimate traffic.
Distributed Denial of Service (DDoS): DNS infrastructure is essential to the functioning of the Internet.
Some threats include attacks against the DNS infrastructure: