[dns-operations] Storm on the DNS

Roland Dobbins rdobbins at arbor.net
Tue Dec 1 05:55:20 UTC 2015


On 1 Dec 2015, at 11:27, Song Linjian (Davey) wrote:

> If Google or Amazon experience such kind of attack, will they 
> “isolate” their costumers?

No.

But a) the situations aren't analogous and b) root server operators have 
a number of defensive means at their disposal.

Anycast is a technique which provides for increased scaling, resilience, 
and availability.  But it isn't the the only trick the root operators 
have up their sleeves.

The other thing to consider is that the roots aren't vital to the 
day-to-day operation of the DNS, and, as noted previously in this 
thread, some operators run their own instances within their own 
networks.  Operators which do so are not necessarily completely 'immune' 
to root server attacks, but the scope of such attacks is limited to 
sources on networks which buy transit from them, which allows rapid 
detection/classification/traceback/mitigation.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>



More information about the dns-operations mailing list