[dns-operations] DNS deluge for x.p.ctrc.cc

Andrew Sullivan andrew at ca.afilias.info
Mon Feb 27 20:55:37 UTC 2006


On Mon, Feb 27, 2006 at 09:33:01AM -0600, Joe Greco wrote:

> Collateral damage in the form of shunning open recursers sounds like a
> nice idea, but it isn't really making any significant progress towards
> being able to deal with the core issue of DDoS, and it breaks a whole
> bunch of other useful things at the same time.

Doesn't that largely depend on who else does the shunning?  I imagine
that if, for instance, the root operators and one large gTLD decided
to shun certain servers because of this problem, and did it
consistently, well, and with an open and clear policy, it would
change the values of the variables in the cost/benefit equation.  

Note that I'm not saying people should or should not do this: I
really just don't know what people -- particularly root or TLD
operators -- should do.  But it does seem to me that this sort of
shunning might well actually accomplish something in at least some of
these cases (which is what makes it attractive, I expect).

I also wonder about the potential for unintended effects in such an
arms race.  Perhaps the attackers will go after something more subtle
and therefore harder to work around, if shunning is effective.  

A

-- 
----
Andrew Sullivan                         204-4141 Yonge Street
Afilias Canada                        Toronto, Ontario Canada
<andrew at ca.afilias.info>                              M2P 2A8
                                        +1 416 646 3304 x4110




More information about the dns-operations mailing list