[dns-operations] Storm on the DNS

Paul Vixie paul at redbarn.org
Tue Dec 8 16:46:26 UTC 2015

On Tuesday, December 08, 2015 05:18:33 PM Marek Vavruša wrote:
> Interesting things:
> * 5mpps didn't consume the resources (back of the napkin calculations
> says ~ 6 servers should cope with this), but saturated the pipes
> * It looks easy to filter on fw, and RRL *should* mitigate this simple
> attack (alas it wouldn't help much with saturated networks)

yes, it should. and, RRL config changes were made during/after the attack.

it is widely understood that any ddos mitigation countermeasure has its associated counter-
countermeasures. there is no such thing as a silver bullet in this context. without arrests and 
lawsuits, which would depend on a level of identity and accountability that the internet 
generally fails to offer, security of this kind is a life-of-the-internet long dance.

> Does anybody know what kind of countermeasures were deployed (both
> in-DNS and other filtering)?

it's difficult for me to precisely imagine how much you'd like any victim of any attack to say in 
public as to the precise nature, including the volume and the impact, of an attack. you are not 
the only audience for that information.

(yes, i know what kind of countermeasures were deployed. but i'm not going to speak for 
other rootops at all, and i'm not going to speak about c-root's experience in detail here in a 
public forum, and i'm mildly surprised that this reticence surprises anybody.)

P Vixie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20151208/a23fb93d/attachment-0001.html>

More information about the dns-operations mailing list