[dns-operations] Reported DNS DDoS in China
Roland Dobbins
rdobbins at cisco.com
Wed Sep 27 05:19:49 UTC 2006
On Sep 26, 2006, at 10:08 PM, Paul Vixie wrote:
> if it's a /23 and there are no subnets of that in BGP, then it's not
> multiple POPs even if it's multiple physical locations. anyone can
> build a nameserver a hundred feet tall and feed it with its own nuke
> power reactor, but the only way to manage the risk of OPNs(*) is to
> multi-locate AND multi-home.
Agreed.
Time and time again, physically and logically co-located nameservers
show up as factors in major outages. Folks need to feel the pain
before they learn, it seems (this appears to be true of any BCP, in
any sub-category).
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Any information security mechanism, process, or procedure which can
be consistently defeated by the successful application of a single
class of attacks must be considered fatally flawed.
-- The Lucy Van Pelt Principle of Secure Systems Design
More information about the dns-operations
mailing list