[dns-operations] about anti-ddos DNS hostings

Kumar Ashutosh Kumar.Ashutosh at microsoft.com
Thu Jun 11 13:45:52 UTC 2015


@Kevin
See if this interests you
http://azure.microsoft.com/en-us/services/dns/


Thanks
Ashu
Program Manager | Windows Networking| DNS & SDN

-----Original Message-----
From: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] On Behalf Of bert hubert
Sent: Thursday, June 11, 2015 11:00
To: Kevin C.
Cc: dns-operations at dns-oarc.net
Subject: Re: [dns-operations] about anti-ddos DNS hostings

On Thu, Jun 11, 2015 at 12:06:54PM +0800, Kevin C. wrote:
> Do you know which provider has a good anti-ddos systems and with a low 
> price for bulk zones? I will suggest him switch to there.

No, this is something you can't offer right now. Geoff Huston's thinking on this is instrumental:

http://labs.apnic.net/?p=624

"Defending your DNS is now a game that you only win if you can afford to win.
I worry that by concentrating on the victim rather than the attacker, as we are being compelled to do, these attacks are creating a two tier DNS system.
One for those who can afford to pay for the highly advanced engineering that allows a service to operate in the most trying and difficult of circumstances, and what’s left, which is a third rate toxic DNS wasteland that we’ve simply given up on."

"The DNS for the rest of us is vanishing in this toxic mire.  And it won’t correct itself.  The attacks are aimed at defended points, so they increase in intensity in line with the increases in defence levels of the highly defended.  So everyone else is more and more vulnerable in the face of this increasing malevolence.  Is there a way out of this loop of escalating badness?  As good as all these attack deflection techniques are, wouldn’t it be good if we could just call up the DNS police?  Can we shift our collective focus back to the common good, and shift our focus away from selected potential victims who can afford private protection and instead focus on the attacker and the attacks that they carry out?"

I'd love to help point your customer somewhere, but no one is going to credibly host DoS-attracting domains on the cheap for the reaons outlined above.

	Bert

_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs




More information about the dns-operations mailing list