[64089] in North American Network Operators' Group
Re: possible ORG problems, maybe?
daemon@ATHENA.MIT.EDU (Brandon Butterworth)
Thu Oct 16 08:51:35 2003
Date: Thu, 16 Oct 2003 13:50:47 +0100 (BST)
From: Brandon Butterworth <brandon@rd.bbc.co.uk>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
> it would appear that given the large scale
> ddos attacks against networks, and dns in particular over the last year,
> an anycast implementation is the *only* way that dns has a chance of
> surviving.
It might help but isn't a cure all.
If they can query it they can DoS it and given the splay of zombies
vs your servers there should be enough to kill them all
dns serving P2P style (I'm not suggesting someone should do it)
would even up the odds, with enough penetration you could get 1:1 so
they all attack themselves.
> In terms of UltraDNS, we try to make it easier by having the following
> two records on every server:
> dig @[UltraDNS Anycast name or ip address] whoareyou.ultradns.net A
> and
> dig @[UltraDNS Anycast name or ip address] whoami.ultradns.net A
more useful would be to make a query that returned the answers
from all your servers (obfuscated if necessary) so we can see which
is different & have data to report the problem
I presume you have such a tool internally for regression testing
brandon
