DNS Mitigations

This video from A10 discusses how DNS works, why DNS DDoS resilience is critical, how DNS DDoS attacks are delivered, how companies can defend against DDoS attacks and how companies can defend against DNS attacks.

This guide provides information on how to protect your Amazon AWS domain by configuring DNSSEC protocol.

This article from Citrix discusses how to flush negative records, restrict the time to live (TTL) of negative records, preserve Citrix ADC memory by limiting the memory consumed by the DNS cache, retain DNS records in the cache, and enable DNS cache bypass.

This article from Cloudflare gives a high level overview of DNS filtering.

Top ten dangerous DNS attack types and how to mitigate them

This article from Microsoft gives an overview of some ways of protecting your DNS using security appliances in Azure.

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.

This guidance from CISA applies to organizations whose networks have been compromised by a cyber attack as well as to those desiring to improve their network security preparedness to respond to a cyber incident.