Re: UltraDNS: Internet Security Shield?

[Jordan Wiens <numatrix () ufl edu>]

On Tue, 18 Oct 2005, Fergie (Paul Ferguson) wrote:

> I'd be curious to hear your opinions on this:
>
> http://www.ultradns.com/about_us/dns_shield.cfm

Seems a little bit disingenous to say:

"In the event of a DDoS attack on the public Internet or other network 
failure, DNS Shield partner customers' queries are isolated from the 
effects and continue to be resolved locally ensuring domains powered by 
UltraDNS are 100% accessible."

Sure, the IP may be resolvable, but in the event of a network failure or a 
ddos on the public internet, it doesn't matter if you can resolve the 
domain, it's still likely to be unreachable.

Certainly an interesting idea though.

I wonder how their propogation method of instant updates would scale 
though if you were to try to run even half the domains handled by the 
current root servers.  It's not the total number of domains that I imagine 
would be the problem, but the associated 'live changes' that go with it. 
My guess is not so well.

--
Jordan Wiens, CISSP
UF Network Security Engineer
(352)392-2061


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.