nanog mailing list archives
Re: possible ORG problems, maybe?
From: Brandon Butterworth <brandon () rd bbc co uk>
Date: Thu, 16 Oct 2003 13:50:47 +0100 (BST)
it would appear that given the large scale ddos attacks against networks, and dns in particular over the last year, an anycast implementation is the *only* way that dns has a chance of surviving.
It might help but isn't a cure all. If they can query it they can DoS it and given the splay of zombies vs your servers there should be enough to kill them all dns serving P2P style (I'm not suggesting someone should do it) would even up the odds, with enough penetration you could get 1:1 so they all attack themselves.
In terms of UltraDNS, we try to make it easier by having the following two records on every server: dig @[UltraDNS Anycast name or ip address] whoareyou.ultradns.net A and dig @[UltraDNS Anycast name or ip address] whoami.ultradns.net A
more useful would be to make a query that returned the answers from all your servers (obfuscated if necessary) so we can see which is different & have data to report the problem I presume you have such a tool internally for regression testing brandon
Current thread:
- Re: possible ORG problems, maybe?, (continued)
- Re: possible ORG problems, maybe? Randy Bush (Oct 18)
- Re: possible ORG problems, maybe? Joe Abley (Oct 18)
- Re: possible ORG problems, maybe? bmanning (Oct 18)
- Re: possible ORG problems, maybe? Daniel Karrenberg (Oct 18)
- Re: possible ORG problems, maybe? Randy Bush (Oct 18)
- Re: possible ORG problems, maybe? Rodney Joffe (Oct 18)
- Re: possible ORG problems, maybe? Daniel Senie (Oct 18)
- Re: possible ORG problems, maybe? Rodney Joffe (Oct 15)
- Re: possible ORG problems, maybe? William Astle (Oct 18)