[dns-operations] Storm on the DNS
Damian Menscher
damian at google.com
Tue Dec 1 07:53:51 UTC 2015
On Mon, Nov 30, 2015 at 8:27 PM, Song Linjian (Davey) <songlinjian at gmail.com
> wrote:
> If Google or Amazon experience such kind of attack, will they “isolate”
> their costumers?
When faced with a global outage, reducing the impact by achieving a partial
site recovery is a good first step (true for any DDoS attack, not just DNS
attacks). It's not a great long-term plan, but I always say 90% up is
better than 100% down. Sacrificing some users buys you time (limiting PR
and revenue impact of the outage), and you can then determine a strategy
for mitigating the attack for the remaining affected users.
Any significant site must plan for attacks, both in terms of capacity to
absorb typical attacks and a response plan for any surprises. Hopefully
the roots will quickly release (perhaps on a restricted list) a report
describing what happened, so others who may be at risk can ensure they are
prepared.
Damian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20151130/8f315f86/attachment.html>
More information about the dns-operations
mailing list