[dns-operations] Continued weekly DDoS fun
jabley at hopcount.ca
Mon Jan 12 17:35:56 UTC 2009
On 2009-01-12, at 03:33, Tom Daly wrote:
> Our normal countermeasures are holding this back no problem, but the
> frequency is getting pretty annoying. Is anyone else seeing anything
> similar? Anyone have any more advanced mitigation techniques then
> the good old 'find and filter' cat and mouse game?
Have you considered reducing the number of zones each nameserver is
authoritative for (and presumably vastly increasing the number of
available servers) so that you can isolate individual servers under
attack and protect the rest of your users?
Doing so might also make it a lot easier to identify whether
particular domains are attracting the packet love more than others --
it's entirely possible that the attack is not directed at dyndns per
se, but at a domain that you happen to host. Figuring out which domain
that is is difficult if each server hosts ten squidillion of them.
As to the more general solution to dealing with attack traffic, I keep
hearing people advocating the solution "give money to arbor", not that
I have any first-hand experience of such a solution, or any reason to
promote arbor above others in that space.
More information about the dns-operations