Distributed Denial of Service (DDoS) attack is a serious threat to network security. In order to solve this problem, an effective method of tracing DDoS attack was proposed based on Autonomous System (AS) and Dynamic Probabilistic Packet-Marking (DPPM). In the proposed method, a new scheme of packet marking was designed with setting up two markers as the domain marks and routing tags for inter-domain tracing and in-domain tracing. Domain marks and routing tags were set at the same time using dynamic packet marking methods. Finally, through the path reconstruction on in-domain and inter-domain, the attack node was traced back rapidly. The experimental results show that the proposed algorithm is efficient and feasible, which provides an important basis for the DDoS attack prevention.