The DDOS attack on DYN & RRL ?
Moritz Muller
moritz.muller at sidn.nl
Tue Nov 1 07:23:28 UTC 2016
My co-authors and I wrote a paper about the events at the DNS root servers on 2015-11-30.
On this date, the root servers received a high number of queries (but by far not as many as Dyn) and since most of the Root letters were using anycast, we were able to observe how this had an impact on their reachability.
One of our takeaways was, that more DNS anycast site did have an impact on the reachability.
http://www.isi.edu/%7ejohnh/PAPERS/Moura16a.pdf
Moritz
> On 31 Oct 2016, at 22:39, Jim Popovitch <jimpop at gmail.com> wrote:
>
> On Mon, Oct 31, 2016 at 12:21 PM, Tony Finch <dot at dotat.at> wrote:
>> Jim Popovitch <jimpop at gmail.com> wrote:
>>>
>>> It seems to me that anycast is probably much worse in the Mirai botnet
>>> scenario unless each node is pretty much as robust as a traditional
>>> unicast node.
>>
>> This blog post is a pretty good intro to how anycast can help with DDoS
>> mitgation, though I think Cloudflare are overstating how unique they are -
>> there are other older DNS services that distribute load over large anycast
>> clouds of commodity hardware.
>>
>> https://blog.cloudflare.com/how-cloudflares-architecture-allows-us-to-scale-to-stop-the-largest-attacks/
>>
>
> Thanks for linking that Tony. The take-away that I get from that
> article is that CF can deal with DDoS because of link capacity in each
> POP, and/or re-route legitimate traffic via BGP. The principle
> reason they can do this is because their main biz involves packets
> larger than those traditionally seen with DNS. The comments in that
> article mention 10 TB of capacity, how's that compare to any of the
> capacities of the various DNS providers?
>
> -Jim P.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20161101/41825684/attachment.bin>
More information about the bind-users
mailing list