nanog mailing list archives
Re: Dyn DDoS this AM?
From: Måns Nilsson <mansaxel () besserwisser org>
Date: Sat, 22 Oct 2016 01:19:57 +0200
Subject: Re: Dyn DDoS this AM? Date: Fri, Oct 21, 2016 at 03:21:20PM -0700 Quoting David Birdsong (david () imgix com):
On Fri, Oct 21, 2016 at 2:58 PM, Randy Bush <randy () psg com> wrote:anyone who relies on a single dns provider is just asking for stuff such as this. randyI'd love to hear how others are handling the overhead of managing two dns providers. Every time we brainstorm on it, we see it as blackhole of eng effort WRT to keeping them in sync and and then waiting for TTLs to cut an entire delegation over.
The fault is giving up the primary for an API connection. Sure, it is tempting. We do, however, need to push the "application-integrated" DNS vendors harder. They need to give their customers more choice in how the DNS is populated. They also very much need to let people with above-mentioned "application-integrated" needs add third party DNS providers in the mix. This diversity capability is what makes DNS resilient. Monocultures have suboptimal survivability in the long run. Adding DNS providers when you control the primary is completely painless. With EDNS0 there's lots of room for insanely large NS RRSETs. Also, do not fall in the "short TTL for service agility" trap. Besides, what Randy wrote. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 Hold the MAYO & pass the COSMIC AWARENESS ...
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Re: Dyn DDoS this AM?, (continued)
- Re: Dyn DDoS this AM? Jean-Francois Mezei (Oct 21)
- Re: Dyn DDoS this AM? Eitan Adler (Oct 21)
- Re: Dyn DDoS this AM? George William Herbert (Oct 21)
- Re: Dyn DDoS this AM? Masood Ahmad Shah (Oct 22)
- Re: Dyn DDoS this AM? Mark Andrews (Oct 23)
- Re: Dyn DDoS this AM? LHC (Oct 24)
- Re: Dyn DDoS this AM? LHC (Oct 24)
- Re: Dyn DDoS this AM? Eitan Adler (Oct 24)
- Re: Dyn DDoS this AM? Suzanne Woolf (Oct 24)
- Re: Dyn DDoS this AM? joel jaeggli (Oct 21)
- Re: Dyn DDoS this AM? Måns Nilsson (Oct 21)
- Message not available
- Re: Dyn DDoS this AM? Måns Nilsson (Oct 21)
- Re: Dyn DDoS this AM? Crist Clark (Oct 21)
- Re: Dyn DDoS this AM? Brett Frankenberger (Oct 21)
- Re: Dyn DDoS this AM? Josh Reynolds (Oct 21)
- Re: Dyn DDoS this AM? Josh Reynolds (Oct 21)
- Re: Dyn DDoS this AM? - dns alvin nanog (Oct 21)
- Re: Dyn DDoS this AM? Mikael Abrahamsson (Oct 22)