[dns-operations] Storm on the DNS
jared at puck.nether.net
Tue Dec 8 17:24:14 UTC 2015
> On Nov 30, 2015, at 11:27 PM, Song Linjian (Davey) <songlinjian at gmail.com> wrote:
>> No. It isolates the attack. Taking overwhelmed servers down will
>> resulting in cascading failures.
> So you mean the resilience of Root system is achieved by isolating the attacks, in another word, by abandoning some attacked regions?
> It dose not sound like a positive counter measure. IMHO. If Google or Amazon experience such kind of attack, will they “isolate” their costumers?
Yes, this has long been the solution, a so-called completion of the attack. The nice thing about DNS is as long as you don’t have some super-short TTL you can have loss and still work.
More information about the dns-operations