[192164] in North American Network Operators' Group
Re: Dyn DDoS this AM?
daemon@ATHENA.MIT.EDU (=?utf-8?B?TcOlbnM=?= Nilsson)
Fri Oct 21 19:46:01 2016
X-Original-To: nanog@nanog.org
Date: Sat, 22 Oct 2016 01:45:55 +0200
From: =?utf-8?B?TcOlbnM=?= Nilsson <mansaxel@besserwisser.org>
To: Niels Bakker <niels@bakker.net>, nanog@nanog.org
In-Reply-To: <20161021233709.GH45065@excession.tpb.net>
Cc: =?iso-8859-1?Q?M=E5ns_Nilsson_=3Cmansaxel=40besserwisser=2Eorg=3E?=@excession.bakker.net
Errors-To: nanog-bounces@nanog.org
--8/pVXlBMPtxfSuJG
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Subject: Re: Dyn DDoS this AM? Date: Sat, Oct 22, 2016 at 01:37:09AM +0200 =
Quoting Niels Bakker (niels@bakker.net):
> * mansaxel@besserwisser.org (M=C3=A5ns Nilsson) [Sat 22 Oct 2016, 01:27 C=
EST]:
> >Also, do not fall in the "short TTL for service agility" trap.
>=20
> Several CDNs, Akamai among them, do use short TTLs for this exact reason.
> Server load is constantly monitored and taken into account when crafting =
DNS
> replies.
But the problem is that this trashes caching, and DNS does not work
without caches. At least not if you want it to survive when the going
gets tough.=20
If we're going to solve this we need to innovate beyond the pathetic
CNAME chains that todays managed DNS services make us use, and get truly
distributed load-balancing decision-making (which only will work if you
give it sensible data; a single CNAME is not sensible data) all the way
out in the client application.=20
--=20
M=C3=A5ns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE +46 705 989668
Well, I'm INVISIBLE AGAIN ... I might as well pay a visit to the LADIES
ROOM ...
--8/pVXlBMPtxfSuJG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJYCqizAAoJEA4LceDT9hu05pAQAJHZ0UtFMukkTo4B8/SQKAHK
Gu8YzRGqBOUvPoREcAkI/VNRDOEgbhBnFUA+J973zmTFeLrlVnHVWyiR1n+FS8El
KL+M8XQhoVnzcTNMPkRD52Kc3gnoOg/LUuPnYcoHyWg4IifARtc+PIxun1jqEX2g
/vZ/Rlv6cjmHmuWGW6kDOBr6he9vIBwqoYDEQAQzQ/iTa0wz7y80XPm3zaKLe+MV
bL6g22zfahjqvJWOQmeWcD2wiboFHd7EqnGFWHSfnbc34yPZJJlcIfWSp7lm82wt
RdoRaZ5judXqYeA9f0A84nVifIj+RsdNWrIIJjyO6dUrxI64PdSdOgeAqlXkt9ok
FkeHFaEXZyBJCLGQzf6lhDdUr1Md76nMtUOA7drcfZVw+t3iaMZ6YHUywx1wWO3y
XEkr6COTm5eebfhea2xYYORWFOOtq6BOCeA09ta9PlMw1rBLyD22cdcJ0h6oojB3
fCbFmvEHmW9ADDXYNZJok1/zVzrNiWC3p7uVWPoMBVCV643Rv0jfQL8QoEUzBr/Y
iOrHN1ailLDsz7gFdVcq7VqVlO9F5U3fJd70YRbMsY7LITtpd9uuRpqQCCuRZfz0
IGKj8qqvFALngfbpoEFo4evftELZ5jf6yxXDdubgXh55H6pe6JqOjWslhOdgBZOs
ktEMIEWTZMSLbD9Uoccr
=+e84
-----END PGP SIGNATURE-----
--8/pVXlBMPtxfSuJG--
