[dns-operations] solutions for DDoS mitigation of DNS

Paul Vixie paul at redbarn.org
Fri Apr 3 23:41:37 UTC 2020


On Friday, 3 April 2020 11:13:17 UTC Steven Miller wrote:
> Essentially, yes.  Some increase in capacity on your side plus RRL will
> certainly keep you safer, but it's no guarantee.
> 
> ...

i saw the question differently:

> On 4/3/2020 5:03 AM, Tessa Plum wrote:
> > So no way to stop reflector attack unless migrating servers to
> > professional IDC?

you can subscribe to a ddos "scrubbing service" which reroutes your inbound 
traffic through a ddos filtering vendor (such as akamai) during attacks. they 
will deliver the non-ddos subset of the traffic to your servers in your own 
data center using a tunnel. so, technically, there is a way to mitigate a 
reflector attack without migrading your servers to a professional IDC.

-- 
Paul




More information about the dns-operations mailing list