[dns-operations] solutions for DDoS mitigation of DNS
Paul Vixie
paul at redbarn.org
Fri Apr 3 23:41:37 UTC 2020
On Friday, 3 April 2020 11:13:17 UTC Steven Miller wrote:
> Essentially, yes. Some increase in capacity on your side plus RRL will
> certainly keep you safer, but it's no guarantee.
>
> ...
i saw the question differently:
> On 4/3/2020 5:03 AM, Tessa Plum wrote:
> > So no way to stop reflector attack unless migrating servers to
> > professional IDC?
you can subscribe to a ddos "scrubbing service" which reroutes your inbound
traffic through a ddos filtering vendor (such as akamai) during attacks. they
will deliver the non-ddos subset of the traffic to your servers in your own
data center using a tunnel. so, technically, there is a way to mitigate a
reflector attack without migrading your servers to a professional IDC.
--
Paul
More information about the dns-operations
mailing list