[dns-operations] Storm on the DNS
Roland Dobbins
rdobbins at arbor.net
Tue Dec 1 05:55:20 UTC 2015
On 1 Dec 2015, at 11:27, Song Linjian (Davey) wrote:
> If Google or Amazon experience such kind of attack, will they
> “isolate” their costumers?
No.
But a) the situations aren't analogous and b) root server operators have
a number of defensive means at their disposal.
Anycast is a technique which provides for increased scaling, resilience,
and availability. But it isn't the the only trick the root operators
have up their sleeves.
The other thing to consider is that the roots aren't vital to the
day-to-day operation of the DNS, and, as noted previously in this
thread, some operators run their own instances within their own
networks. Operators which do so are not necessarily completely 'immune'
to root server attacks, but the scope of such attacks is limited to
sources on networks which buy transit from them, which allows rapid
detection/classification/traceback/mitigation.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the dns-operations
mailing list