Dyn DDoS this AM?

• Previous message (by thread): Dyn DDoS this AM?
• Next message (by thread): Dyn DDoS this AM?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Subject: Re: Dyn DDoS this AM? Date: Sat, Oct 22, 2016 at 01:37:09AM +0200 Quoting Niels Bakker (niels at bakker.net):
> * mansaxel at besserwisser.org (Måns Nilsson) [Sat 22 Oct 2016, 01:27 CEST]:
> >Also, do not fall in the "short TTL for service agility" trap.
> 
> Several CDNs, Akamai among them, do use short TTLs for this exact reason.
> Server load is constantly monitored and taken into account when crafting DNS
> replies.

But the problem is that this trashes caching, and DNS does not work
without caches. At least not if you want it to survive when the going
gets tough. 

If we're going to solve this we need to innovate beyond the pathetic
CNAME chains that todays managed DNS services make us use, and get truly
distributed load-balancing decision-making (which only will work if you
give it sensible data; a single CNAME is not sensible data) all the way
out in the client application. 

-- 
Måns Nilsson     primary/secondary/besserwisser/machina
MN-1334-RIPE                             +46 705 989668
Well, I'm INVISIBLE AGAIN ... I might as well pay a visit to the LADIES
ROOM ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20161022/71cfb153/attachment.sig>

• Previous message (by thread): Dyn DDoS this AM?
• Next message (by thread): Dyn DDoS this AM?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]