[dns-operations] [dDoS] Good discussion on the Rackspace attack and DNS resiliency
Colm MacCárthaigh
colm at stdlib.net
Wed Dec 24 22:34:28 UTC 2014
There's a good question embedded in that discussion: when a resolver
fails to get an answer from all of the authoritative nameservers for a
domain, why not use the last known answer, even if it's stale.
Yes, that clearly violates the TTL of the rrset, but wouldn't be
over-all better for the health of the internet?
On Wed, Dec 24, 2014 at 1:56 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>
> https://news.ycombinator.com/item?id=8784210
>
> After the successful attacks against Rackspace, Namecheap, DNSsimple
> and 1&1, it is clear that dDoS attacks against DNS servers are very
> common this winter, and they succeed :-(
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
--
Colm
More information about the dns-operations
mailing list