A DNS flood is a Layer 7 (application) attack vector against DNS infrastructure, one of the classes a thorough DDoS test is built to exercise. Unlike DNS amplification, which abuses third-party resolvers as reflectors, a DNS flood points high volumes of direct queries straight at a target's authoritative or recursive servers. The queries are valid, so they pass protocol checks, and each one forces a lookup, cache miss, or recursion that consumes CPU and memory until resolution slows or stops for everyone.
Why it matters in DDoS testing
DNS is a single point of failure that is easy to overlook: if name resolution stops, the application is unreachable even when its servers are healthy. Testing measures the query rate at which the authoritative tier saturates, whether response-rate limiting (RRL) and anycast distribution absorb the load, and how caching shields the origin. Validating that the resolution tier holds is part of DDoS resilience testing.