Re: UltraDNS: Internet Security Shield?

[David Dagon <dagon () cc gatech edu>]

On Tue, Oct 18, 2005 at 10:44:33AM -0400, Jordan Wiens wrote:

> Sure, the IP may be resolvable, but in the event of a network failure or a 
> ddos on the public internet, it doesn't matter if you can resolve the 
> domain, it's still likely to be unreachable.

The disaster or DDoS would have to overcome the use of anycast'd DNS.
On this, see:

   http://www.isc.org/pubs/tn/isc-tn-2003-1.html

And, yes, it needs to be studied (and is):

   http://www.caida.org/projects/oarc/200507/slides/oarc0507-Woolf-anycast.pdf

Failure is also something that needs to be defined.  Anycast'd DNS may
stay up during a DDoS, but discrete users may be affected, and parts
of the Internet might not be reachable from other parts.  Is that a
failure or a success story?

Cheers,

-- 
David Dagon              /"\                          "When cryptography
dagon () cc gatech edu      \ /  ASCII RIBBON CAMPAIGN    is outlawed, bayl
Ph.D. Student             X     AGAINST HTML MAIL      bhgynjf jvyy unir
Georgia Inst. of Tech.   / \                           cevinpl."
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.