[dns-operations] solutions for DDoS mitigation of DNS

Davey Song songlinjian at gmail.com
Thu Apr 2 09:39:48 UTC 2020

<<I noticed we had offline dicussion on this topic. It is better to share
both the concern of your case and the advices on the list>>

The intuitive solution against the DoS attack is to scale your system wiith
mulitple servers in the globe. You can either develop global
anycast instance as Paul suggested or select and operate secondary DNS
servers documented in RFC2182/BCP16.

There are many secondary DNS providers available. They also
provide anti-DDoS-attack solutions if you want to purchase. It 's really
helpful if you run important Internet services.

If you want to focus on your business/applicaiton rather than DNS
operation. You can simplely use managed DNS services in many DNS providers.
It's cheep  and efficient.

You said you are managing DNS for your university and your concern for
secondary DNS is privacy. I'm not sure what exactly the privacy concerns
are. But I think if you still can have one name server localted inside your
university for local/private name space and use another Name server with
secondary DNS for publich availlable name space. People can help if you
provide more information in your case.

Hope it helps you.


On Thu, 2 Apr 2020 at 10:20, Tessa Plum <tessa at plum.ovh> wrote:

> Hello
> May I ask if there are any solutions for DDoS mitigation of DNS?
> Both commercial or free solutions could be considered.
> Thanks.
> Tessa
> https://plum.ovh/
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200402/bc63f971/attachment.html>

More information about the dns-operations mailing list