Cloud-based ddos mitigation

What is claimed is: 1 . A network gateway configured to receive one or more communications associated with a server, comprising: a logging module configured to log outbound communication from the server in a traffic state table; and a traffic interrogation module configured to interrogate at least one inbound communication for the server against the traffic state table, wherein if the inbound communication corresponds to at least one entry in the traffic state table, the network gateway is configured to transmit the inbound communication to the server and remove the entry from the traffic state table, and if the inbound communication does not correspond to the at least one entry in the traffic state table for the outbound communication, the network gateway is configured to prevent the inbound communication from reaching the server. 2 . The network gateway of claim 1 , the network gateway is an internet gateway router. 3 . The network gateway of claim 1 , the server is a Domain Name System (DNS) server. 4 . The network gateway of claim 1 , the server is a recursive DNS server. 5 . The network gateway of claim 1 , further comprising: an outbound translation module configured to convert outbound traffic addressing of the outbound communication to converted traffic addressing, the converted traffic addressing included in the traffic state table; and an inbound translation module configured to convert inbound traffic addressing of the inbound communication to correspond to the outbound traffic addressing for routing, wherein the traffic interrogation module compares the inbound traffic addressing to the converted traffic addressing in the traffic state table. 6 . The network gateway of claim 5 , wherein the outbound translation module is configured to translate at least one of an internet protocol address and a port number of the outbound traffic addressing. 7 . The network gateway of claim 6 , wherein the outbound translation module is configured to select the internet protocol address for the outbound traffic addressing and the port number for the outbound traffic addressing from an internet protocol address pool and a port number address pool. 8 . The network gateway of claim 5 , further comprising an orchestration module configured to assign outbound traffic addressing ranges for use by the outbound translation module that are distinct from those assigned to a second outbound translation module of a second orchestration module, the second orchestration module of a second network gateway. 9 . A method, comprising: receiving an inbound communication for a server at a network gateway; and interrogating the inbound communication against a traffic state table at the network gateway, wherein if the inbound communication corresponds to an entry in the traffic state table, the inbound communication is transmitted to the server and the entry is removed from the traffic state table, and if the inbound communication does not correspond to the entry in the traffic state table, the inbound communication is dropped at the network gateway. 10 . The method of claim 9 , further comprising: receiving an outbound communication from the server at the network gateway; and creating the entry in the traffic state table, the entry based on the outbound communication. 11 . The method of claim 10 , further comprising: translating outbound traffic addressing of the outbound communication to converted traffic addressing; and logging the converted traffic addressing in the entry of the traffic state table. 12 . The method of claim 11 , further comprising: translating inbound traffic addressing of the inbound communication to correspond to the outbound traffic addressing for routing in response to matching the inbound traffic addressing to the converted traffic addressing in the traffic state table during interrogating of the inbound communication. 13 . The method of claim 12 , further comprising assigning outbound traffic addressing ranges for translating the outbound traffic addressing, the outbound traffic addressing ranges are distinct from those assigned in association with a second network gateway. 14 . The method of claim 13 , further comprising changing the outbound traffic addressing ranges after a condition is satisfied. 15 . The method of claim 11 , wherein translating the outbound traffic addressing changes at least one of an internet protocol address and a port number of the outbound traffic addressing. 16 . The method of claim 15 , further comprising selecting the internet protocol address for the outbound traffic addressing and the port number for the outbound traffic addressing from an internet protocol address pool and a port number address pool. 17 . The method of claim 9 , the network gateway is an internet gateway router. 18 . The method of claim 9 , the server is a recursive Domain Name System (DNS) server. 19 . A system, comprising: means for creating an entry in a traffic state table based on an outbound communication from a server; and means for interrogating an inbound communication for the server at a network gateway, the inbound communication interrogated against the traffic state table, wherein if the inbound communication corresponds to an entry in the traffic state table, the inbound communication is transmitted to the server and the entry is removed from the traffic state table, and if the inbound communication does not correspond to the entry in the traffic state table for the outbound communication, the inbound communication is dropped at the network gateway. 20 . The system of claim 19 , further comprising: means for translating outbound traffic addressing of the outbound communication to converted traffic addressing; means for logging the converted traffic addressing in the entry of the traffic state table; and means for translating inbound traffic addressing of the inbound communication to correspond to the outbound traffic addressing for routing in response to matching the inbound traffic addressing to the converted traffic addressing in the traffic state table.