[dns-operations] Storm on the DNS

Jared Mauch jared at puck.nether.net
Tue Dec 8 17:24:14 UTC 2015

> On Nov 30, 2015, at 11:27 PM, Song Linjian (Davey) <songlinjian at gmail.com> wrote:
>> No.  It isolates the attack.  Taking overwhelmed servers down will
>> resulting in cascading failures.
> So you mean the resilience of Root system is achieved by isolating the attacks, in another word, by abandoning some attacked regions? 
> It dose not sound like a positive counter measure. IMHO.  If Google or Amazon experience such kind of attack, will they “isolate” their costumers?

Yes, this has long been the solution, a so-called completion of the attack.  The nice thing about DNS is as long as you don’t have some super-short TTL you can have loss and still work.

- Jared

More information about the dns-operations mailing list