[dns-operations] After Google Mail, Google Docs, Google Wave... Google DNS
Lutz Donnerhacke
lutz at iks-jena.de
Fri Dec 4 10:22:05 UTC 2009
* Phil Pennock wrote:
> FAQ:
> http://code.google.com/speed/public-dns/faq.html
The DDoS considerations looks strange to me:
- From the Chrome documentation I expect about 200 queries on startup
due to DNS prefetching for favorites and startup sites.
- The main argument for NXDOMAIN rewriting at ISP level is: "Do you
want to spend the money to Google or to us?" Google DNS aims to the
customers of such ISPs. In this case Google plays the "good guy" card.
- Google has to expect a lot of customers behind NAT. So they had to set
the minimum rate limit to about 1000 queries per second and IP.
- For a DDoS DNS amplification the attacker aims to overload the network,
not an host. So a whole /20 is usable to attack the uplink. This results
in about 4 mio queries per second.
- Let's assume a large response of 1000 bytes. This results in about 30 Gbps
attack volume with is within the rate limit ...
- Thanks to anycasting inside the Google network, the servers will not notice
such high query rates, the rate limit is enforces per anycast node.
More information about the dns-operations
mailing list