[dns-operations] Reported DNS DDoS in China

Roland Dobbins rdobbins at cisco.com
Wed Sep 27 05:19:49 UTC 2006

On Sep 26, 2006, at 10:08 PM, Paul Vixie wrote:

> if it's a /23 and there are no subnets of that in BGP, then it's not
> multiple POPs even if it's multiple physical locations.  anyone can
> build a nameserver a hundred feet tall and feed it with its own nuke
> power reactor, but the only way to manage the risk of OPNs(*) is to
> multi-locate AND multi-home.


Time and time again, physically and logically co-located nameservers  
show up as factors in major outages.  Folks need to feel the pain  
before they learn, it seems (this appears to be true of any BCP, in  
any sub-category).

Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice

Any information security mechanism, process, or procedure which can
be consistently defeated by the successful application of a single
class of attacks must be considered fatally flawed.

     -- The Lucy Van Pelt Principle of Secure Systems Design

More information about the dns-operations mailing list