[dns-operations] DDoS against DtDNS

bert hubert bert.hubert at netherlabs.nl
Wed Sep 1 07:27:30 UTC 2010


On Wed, Sep 01, 2010 at 08:54:58AM +0200, Stephane Bortzmeyer wrote:
> Another attack, apparently less important, just enough to scare all
> DNS admins :-(
(..)
> Does anyone have details?

Other than that a huge concentration of domain names on a single platform
will always be a sitting duck?

This is a big reason why there is such a mad scramble for anycast going on
in the DNS scene.

Also, the willingness to spend on DNS infrastructure hasn't been there, with
average actual DNS hosting expenses per domain name often being measured in
the eurocent/dollarcent per year range.

We recently had such a discussion with a large DNS user, who was having
second thoughts about spending >3500 euros for hosting around a million
domains.  And this was not a 'domainer', mind you.

I'm not saying that the people under attack are not spending enough money,
or that they had it coming - far from it.

But right now, DNS really is the weakest link for most high traffic sites. 
And as such, the most effective to attack (most 'bang' for your 'gigabit
buck').

It took pretty long for the world to figure this out though, but our luck
ran out.

	Bert




More information about the dns-operations mailing list