[dns-operations] DNS deluge for x.p.ctrc.cc

Joe St Sauver joe at oregon.uoregon.edu
Sun Feb 26 22:39:06 UTC 2006

Paul mentioned...

#if a TLD or root name server operator decided
#to ignore all packets that came from (known_openly_recursive&&recently_abused)

I'm not sure that's the right set of servers. Verified-as-open-and-abusable 
might be necessary, whether the bad guys have gotten around to actually using 
a particular abusable server or not (given that it is trivial for a 
prospective abuser to empirically scan for and verify that given name servers 
are exploitable). 

#nameservers, then there would be a dramatic and instantaneous 

Caching would help to smear that out a little. :-) See, there's a bright side
to every cloud. :-)

#loss of service
#to a lot (122K, 580K, 1M, the numbers vary) of recursive name servers and to
#a lot (millions?) of browser-equipped people who depend on those name servers.

Let's call it three in four name servers on average.

#(that sounds irresponsible, when i put it like that, doesn't it?)

It does raise interesting questions w.r.t. how folks who've been cut off from
name service will resolve the online resources they need to do remediation. 

I also suspect that there would be an immediate uptick in persistent 
semi-correct "host files" and a near instantaneous creation of third party 
commercial overseas bulletproof "root" DNS service providers ("no matter how 
hard you slam DDoS targets with replies to queries you shouldn't be answering, 
we'll never cut you off!" :-;)



Joe St Sauver (joe at uoregon.edu)

More information about the dns-operations mailing list