down sev0?

Paul Vixie vixie at
Thu Oct 26 03:34:16 UTC 2006

> > > I'm seeing * down (including ns*) from everywhere.

> > They are apparently under a multi-gbps ddos of "biblical proportions".

i wonder if that's due to the spam they've been sending out?

> As pointed out by Rob Seastrom in private email, RFC2182 addresses things
> of biblical proportions -

no.  really, not.

>                           such as dispersion of nameservers geographically
> and topologically. Having 3 secondaries, only one of them on separate /24,
> and none of them on topologically different network does not qualify.

there is no zone anywhere, including COM, the root zone, or any other, that
is immune from worst-case DDoS.  anycast all you want.  diversify.  build a
name service infrastructure larger than the earth's moon.  none of that will
matter as long as OPNs (the scourge of internet robustness) still exist.

> Given that is/was public (I think?) - I wonder what are their 
> sarbox auditors saying about it now ;)

that's an easy but catty criticism, and baseless.  i'm sure that some way
could be found to improve's infrastructure, and i don't just
mean by stopping the spamming they've been doing.  but it's not trivial and
in the face of well-tuned worst-case DDoS, nothing will help.

> Compliance of icann-accredited gtld-registrars with rfc2182 might be a
> good subject for research (again, thanks to rs for idea)....

i've been wondering if ICANN's accredidation could be revoked for spammers,
and has indeed been spamming.  and it may also be that they
are out of compliance with RFC 2182.  but that would be like catching al
capone for income tax evasion just because you couldn't pin murder on him.

(OPNs = Other People's Networks)
Paul Vixie

More information about the NANOG mailing list