Question

Does DigitalOcean's DDOS protection require that DO's nameserver be used?

I am thinking of running a website from my DigitalOcean (DO) droplet.

I understand DO has DDOS protection.

Does this protection apply (a) only when the domain’s name servers are that of DO or (b) also when the name servers are elsewhere but only the “A” record points to DO?

Thanks.


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
January 12, 2024
Accepted Answer

Hi there,

DigitalOcean provides DDoS protection for its infrastructure, including Droplets, which is independent of where your domain’s name servers are hosted.

This protection is designed to mitigate the impact of large-scale attacks on the network layer, ensuring that DigitalOcean’s services, including your droplet, remain accessible during such events.

To address your specific questions:

(a) Only when the domain’s name servers are that of DO: No, DigitalOcean’s DDoS protection does not require you to use DigitalOcean’s name servers. The protection is provided at the infrastructure level, covering all droplets regardless of where the domain is managed or where its name servers are hosted.

(b) Also when the name servers are elsewhere but only the “A” record points to DigitalOcean: Yes, the DDoS protection will still be effective. As long as your website’s “A” record points to a DigitalOcean droplet, the traffic to your website will benefit from DigitalOcean’s network layer DDoS protection. This is because the protection is applied to the infrastructure that hosts your droplet, not the DNS service managing your domain.

However, it’s important to note a few things:

  • DigitalOcean’s DDoS protection primarily focuses on mitigating large-scale network attacks. It does not replace the need for application-level security measures on your droplet.
  • If you are using a third-party DNS provider, you’ll need to manage DNS-related security (like DNS DDoS attacks) through that provider or another service.
  • While DigitalOcean provides basic DDoS protection, for more advanced needs, you might consider additional security services or specialized DDoS mitigation tools like the Cloudflare free DDoS service.

Hope that this helps!

Best,

Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more