Full Disclosure mailing list archives
Re: FW: Question for DNS pros
From: John Hall <j.hall () f5 com>
Date: Thu, 05 Aug 2004 16:19:47 -0700
We're starting to get way beyond answering the initial request and into design decisions that are likely competitively useful, but I'll try to answer what I can. Nils Ketelsen wrote:
I do not know anyhting about 3-DNS apart from what I read in this thread, so please excuse me if I get anything wrong or seem to be not understanding: 1. Why do you need to measure metrics for my DNS days after I might have visited a site?
Sites using 3-DNS want to ensure performance and reliability of their sites on an ongoing basis and are usually popular enough for it to make sense to keep metrics for a site that has visited recently, since chances are good they'll visit again soon.
2. How does this kind of setup scale (imagine everyone did that)?
If everyone bought 3-DNS's, I could retire and not worry about this stuff at all! ;) I agree that if "everyone" did this, it might cause a noticable amount of traffic (still, probably a lot less than the amount of traffic you see in unsolicited email though). Remember that those probe packets are all very small.
And if I, for example, spoof DNS requests from each IP-Adress in the /8 of the organization I dislike? Or I spoof DNS requests from every IP-Address in 0.0.0.0/0? Will you then be sending out probe packets for a few days to all these IP-Adresses? That sounds like a DOS Amplifier to me.
In addition to rate limiting the number of packets we send to any local DNS (LDNS), we also limit the number of "factories" that do the probing, so the total probe packet output from a group of 3-DNS's is also limited to a very reasonable value.
So worst case: 20 packets per hour times 2^32 possible IP Addresses makes you send out 85899345920 an hour. Not bad. And that is for each of your customers, right? If I happen to have a /8 I might receive 5592405 Probe packets a second per 3-DNS group. I would call that significant.
No. The total probe packet generation capacity of a 3-DNS group is limited.
Nils
JMH -- John Hall Test Manager - Switch Team F5 Networks, Inc. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: FW: Question for DNS pros, (continued)
- Re: FW: Question for DNS pros Frank Knobbe (Aug 03)
- Re: FW: Question for DNS pros grutz (Aug 03)
- Re: FW: Question for DNS pros John Hall (Aug 03)
- Re: FW: Question for DNS pros Frank Knobbe (Aug 03)
- Re: FW: Question for DNS pros John Hall (Aug 03)
- Re: FW: Question for DNS pros Frank Knobbe (Aug 03)
- Re: FW: Question for DNS pros Ron DuFresne (Aug 03)
- Re: FW: Question for DNS pros John Hall (Aug 04)
- Re: FW: Question for DNS pros John Hall (Aug 04)
- Re: FW: Question for DNS pros Nils Ketelsen (Aug 04)
- Re: FW: Question for DNS pros John Hall (Aug 05)
- Re: FW: Question for DNS pros Mark (Aug 03)
- Re: FW: Question for DNS pros John Hall (Aug 04)
- Re: FW: Question for DNS pros Gary E. Miller (Aug 04)
- Re: FW: Question for DNS pros John Hall (Aug 05)
- Re: FW: Question for DNS pros Gary E. Miller (Aug 05)
- Re: FW: Question for DNS pros Paul Schmehl (Aug 03)