[45173] in North American Network Operators' Group
RE: DNS DOS increasing?
daemon@ATHENA.MIT.EDU (James Smith)
Mon Jan 21 10:08:10 2002
Message-ID: <171DAAD54475984F8F41345A0945DF9C39ED49@hqexchange.presidio.com>
From: James Smith <jsmith@PRESIDIO.com>
To: nanog@merit.edu
Date: Mon, 21 Jan 2002 10:07:32 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C1A28D.5AA51EC6"
Errors-To: owner-nanog-outgoing@merit.edu
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C1A28D.5AA51EC6
Content-Type: text/plain
I've seen DOS-type behavior where a client will query a resolver for a
name that doesn't exist, and the client does not accept the answer that
the name does not exist and immediately sends another query, regardless
of whether or not the resolver declared itself authoritative for the
negative answer.
--
/ak
Get ready for more DOS-like behavior as systems get deployed that have 10
second TTLs in the DNS. These systems are used to provide multi-isp
redundancy by pinging each upstreams router, and when a ping fails, start
giving out a dns response using the other ISP IP range. Same FQDN, new IP.
This of course is driven by the desire for redundancy in small businesses
who make the Internet an integral part of their business plan. Either they
can't get PI space and don't have (or don't want to spend) the $$$ to do
BGP, or are unable to convince their upstream to cut a hole in their CIDR
block and allow a 2nd party to announce that chunk (which for some is as
small as /28).
James H. Smith II NNCDS NNCSE
Systems Engineer
The Presidio Corporation
------_=_NextPart_001_01C1A28D.5AA51EC6
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2650.12">
<TITLE>RE: DNS DOS increasing?</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2> I've seen DOS-type behavior where a client will =
query a resolver for a</FONT>
<BR><FONT SIZE=3D2> name that doesn't exist, and the client does =
not accept the answer that</FONT>
<BR><FONT SIZE=3D2> the name does not exist and immediately sends =
another query, regardless</FONT>
<BR><FONT SIZE=3D2> of whether or not the resolver declared itself =
authoritative for the</FONT>
<BR><FONT SIZE=3D2> negative answer.</FONT>
</P>
<P><FONT SIZE=3D2>-- </FONT>
<BR><FONT SIZE=3D2>/ak</FONT>
</P>
<P><FONT SIZE=3D2> Get ready for more DOS-like behavior as =
systems get deployed that have 10 second TTLs in the DNS. These systems =
are used to provide multi-isp redundancy by pinging each upstreams =
router, and when a ping fails, start giving out a dns response using =
the other ISP IP range. Same FQDN, new IP.</FONT></P>
<P><FONT SIZE=3D2> This of course is driven by the desire for =
redundancy in small businesses who make the Internet an integral part =
of their business plan. Either they can't get PI space and don't have =
(or don't want to spend) the $$$ to do BGP, or are unable to convince =
their upstream to cut a hole in their CIDR block and allow a 2nd party =
to announce that chunk (which for some is as small as /28).</FONT></P>
<P><FONT SIZE=3D2>James H. Smith II NNCDS NNCSE</FONT>
<BR><FONT SIZE=3D2>Systems Engineer</FONT>
<BR><FONT SIZE=3D2>The Presidio Corporation</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C1A28D.5AA51EC6--
