Akamai DNS Issue?

Mark Radabaugh mark at amplex.net
Wed Jun 16 14:13:47 UTC 2004


> Workarounds and defences already exist, and have been in use for a long
> time.

<long list removed>

> Failures in master servers can be mitigated by having several of them;
> simultaneous failure of all master servers can be managed to some
> degree using appropriate SOA timers, so that slave servers provide
> coverage while master servers are brought back into service.
>
> Different styles of attack can be mitigated by different DNS hosting
> strategies. A robustly-hosted zone will have an NS set that exhibits
> several or all of these approaches (and others too).
>
> The hosting of the root zone provides guidance, here.
>
>
> Joe
>

But you don't say how to avoid failures caused by massive confusion when
maintaining a excessively complicated system....

Mark




More information about the NANOG mailing list