nanog mailing list archives
Re: Dyn DDoS this AM?
From: Crist Clark <cjc+nanog () pumpky net>
Date: Fri, 21 Oct 2016 17:11:34 -0700
Given the scale of these attacks, whether having two providers does any good may be a crap shoot. That is, what if the target happens to share the same providers you do? Given the whole asymmetry of resources that make this a problem in the first place, the attackers probably have the resources to take out multiple providers. Having multiple providers may reduce your chance of being collateral damage (and I'd also still worry more about the more mundane risks of a single provider, maintenance or upgrade gone bad, business risks, etc., than these sensational ones), but multiple providers likely won't save you if you are the actual target of the attack. On Fri, Oct 21, 2016 at 4:45 PM, Måns Nilsson <mansaxel () besserwisser org> wrote:
Subject: Re: Dyn DDoS this AM? Date: Sat, Oct 22, 2016 at 01:37:09AM +0200 Quoting Niels Bakker (niels () bakker net):* mansaxel () besserwisser org (Måns Nilsson) [Sat 22 Oct 2016, 01:27CEST]:Also, do not fall in the "short TTL for service agility" trap.Several CDNs, Akamai among them, do use short TTLs for this exact reason. Server load is constantly monitored and taken into account when craftingDNSreplies.But the problem is that this trashes caching, and DNS does not work without caches. At least not if you want it to survive when the going gets tough. If we're going to solve this we need to innovate beyond the pathetic CNAME chains that todays managed DNS services make us use, and get truly distributed load-balancing decision-making (which only will work if you give it sensible data; a single CNAME is not sensible data) all the way out in the client application. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 Well, I'm INVISIBLE AGAIN ... I might as well pay a visit to the LADIES ROOM ...
Current thread:
- Re: Dyn DDoS this AM?, (continued)
- Re: Dyn DDoS this AM? George William Herbert (Oct 21)
- Re: Dyn DDoS this AM? Masood Ahmad Shah (Oct 22)
- Re: Dyn DDoS this AM? Mark Andrews (Oct 23)
- Re: Dyn DDoS this AM? LHC (Oct 24)
- Re: Dyn DDoS this AM? LHC (Oct 24)
- Re: Dyn DDoS this AM? Eitan Adler (Oct 24)
- Re: Dyn DDoS this AM? Suzanne Woolf (Oct 24)
- Re: Dyn DDoS this AM? joel jaeggli (Oct 21)
- Re: Dyn DDoS this AM? Måns Nilsson (Oct 21)
- Message not available
- Re: Dyn DDoS this AM? Måns Nilsson (Oct 21)
- Re: Dyn DDoS this AM? Crist Clark (Oct 21)
- Re: Dyn DDoS this AM? Brett Frankenberger (Oct 21)
- Re: Dyn DDoS this AM? Josh Reynolds (Oct 21)
- Re: Dyn DDoS this AM? Josh Reynolds (Oct 21)
- Re: Dyn DDoS this AM? - dns alvin nanog (Oct 21)
- Re: Dyn DDoS this AM? Mikael Abrahamsson (Oct 22)
- Re: Dyn DDoS this AM? Ken Chase (Oct 22)