[dns-operations] [dDoS] Good discussion on the Rackspace attack and DNS resiliency

Colm MacCárthaigh colm at stdlib.net
Wed Dec 24 22:34:28 UTC 2014

There's a good question embedded in that discussion:  when a resolver
fails to get an answer from all of the authoritative nameservers for a
domain, why not use the last known answer, even if it's stale.

Yes, that clearly violates the TTL of the rrset, but wouldn't be
over-all better for the health of the internet?

On Wed, Dec 24, 2014 at 1:56 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> https://news.ycombinator.com/item?id=8784210
> After the successful attacks against Rackspace, Namecheap, DNSsimple
> and 1&1, it is clear that dDoS attacks against DNS servers are very
> common this winter, and they succeed :-(
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs


More information about the dns-operations mailing list