DNS is a critical infrastructure of internet, allowing clients to get the associated IP addresses of domain names efficiently. Attacker may send a large number of random sub-domain queries for specific victim domains from bots, leading the recursive resolvers to reach out to the authoritative servers, called as random subdomain attacks. Thus, random subdomain attacks on DNS can cause a DDoS on DNS servers. In this paper, we propose an ASDWL scheme to mitigate DNS random subdomain attack for second level domains. The authentication of the subdomain whitelist is based on the cooperation of DANE and JWS, compatible with DNSSEC. By implementing the subdomain whitelist, our scheme can reduce the number of queries between recursive resolvers and authoritative servers, and decrease the cache size of random subdomains on DNS servers, particularly during random subdomain attacks targeting critical SLD.