Abstract: DNS server has a vital role in the Internet,and it will affect the network to provide normal services to users if DNS is attacked.DNS Query Flood attack sends a lot of fake DNS request to the DNS server,consumes the DNS server resources and causes denial of service.So it is very important to detect timely the attack.Based on the study of the DNS resolution process,we summed up the characteristics of the DNS Query Flood attack.According to the characteristics of attack,we combined the information entropy to determine whether a network abnormalities,and then used sliding window mechanism to determine whether there is any attack.

Key words: DNS query flood,Denial of service,Domain name resolution success rate,Information entropy,Sliding window