[dns-operations] Storm on the DNS
Song Linjian (Davey)
songlinjian at gmail.com
Tue Dec 1 03:07:01 UTC 2015
Shocked!
One question. In the monitoring page the red block means unanswered packets ratio >70%, right ? I wondering the root server instance in that red region is up or down? if it is still up, the queries can not be routed to other server where the the probes shows green. In that case the merit of anycast dose not work.
Davey
> 在 2015年11月30日,22:11,Stephane Bortzmeyer <bortzmeyer at nic.fr> 写道:
>
> On Mon, Nov 30, 2015 at 09:56:45AM +0100,
> Costantino Andrea (Con) <andrea.costantino at h3g.it> wrote
> a message of 54 lines which said:
>
>> Time response seems to have worsened since at least 12h...
>
> And the problem/attack? stopped around 0930 UTC.
>
>
> 发件人: Romeo Zwart <romeo.zwart at ripe.net>
> 日期: 2015年11月30日 GMT+8 19:03:44
> 收件人: RIPE DNS Working Group <dns-wg at ripe.net>
> 主题: K-root DNS Service Incident
>
>
> Dear colleagues,
>
> Between about 07:00 and 09:15 UTC today multiple root operators
> including K-root were receiving an unusually large amount of query
> packets. This was impacting the overall performance of K-root DNS
> services, as can be seen for example in DNSMON (with apologies for the
> unpleasant URL below):
>
> https://atlas.ripe.net/dnsmon/group/k-root?dnsmon.session.color_range_pls=0-30-30-70-100&dnsmon.session.exclude-errors=true&dnsmon.type=server-probes&dnsmon.zone=k-root&dnsmon.startTime=1448835600&dnsmon.endTime=1448877600&dnsmon.ipVersion=both&dnsmon.server=193.0.14.129
>
> After initial investigation, the RIPE NCC took counter-measures during
> the incident. The results of these measures are partially visible in
> DNSMON. The full effect of the mitigations implemented roughly coincided
> with the end of the event.
>
> We will investigate the events and the effectiveness of our response
> further and report about this in the near future.
>
> Kind regards,
> Romeo Zwart
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
------------------------------
Davey Song(宋林健)
BII Lab
songlinjian at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20151201/646dd702/attachment.html>
More information about the dns-operations
mailing list