Presented herein are techniques for mitigating a domain name system (DNS) amplification attack. A methodology is provided including receiving, at a (DNS) server, a DNS request, determining whether the DNS request has a source IP address that matches a predetermined source IP address and a port number that falls within a predetermined port range. When the DNS request has a source IP address that matches the predetermined source IP address and a port number that falls within the predetermined port range, determining whether the DNS request includes validation information. Based on the presence or content of the validation information, determining whether the DNS request is a valid DNS request, and dropping the DNS request when it is determined that the DNS request is not a valid DNS request.