Massive distributed denial of service (DDoS) attacks on top-level domain servers early this year used 'recursive' DNS servers in combination with botnets of compromised computers and IP address spoofing. These choked the access channels to the internet's top-level domain servers, said ICANN security and stability advisory committee (SSAC) member Rodney Joffe, in a report delivered by colleague Dave Piscitello at the ICANN conference.

The servers themselves kept working, says Joffe, but the DNS fabric was seriously congested.

In an address at NZNOG late last month, SSAC chairman Steve Crocker discussed the same problem.

Machines on a botnet are induced to send large numbers of spoofed DNS requests to target servers, purporting to come from a particular address. The machine at that address then receives a huge volume of replies, and may collapse under the strain.

If a large text record is planted in advance in the target server (which may be under the perpetrator's control) and the requests are for that particular record, then the volume of traffic can be greatly multiplied, amounting to gigabytes in the case of the attacks of this year.