Dyn DDoS this AM?
mansaxel at besserwisser.org
Fri Oct 21 23:45:55 UTC 2016
Subject: Re: Dyn DDoS this AM? Date: Sat, Oct 22, 2016 at 01:37:09AM +0200 Quoting Niels Bakker (niels at bakker.net):
> * mansaxel at besserwisser.org (Måns Nilsson) [Sat 22 Oct 2016, 01:27 CEST]:
> >Also, do not fall in the "short TTL for service agility" trap.
> Several CDNs, Akamai among them, do use short TTLs for this exact reason.
> Server load is constantly monitored and taken into account when crafting DNS
But the problem is that this trashes caching, and DNS does not work
without caches. At least not if you want it to survive when the going
If we're going to solve this we need to innovate beyond the pathetic
CNAME chains that todays managed DNS services make us use, and get truly
distributed load-balancing decision-making (which only will work if you
give it sensible data; a single CNAME is not sensible data) all the way
out in the client application.
Måns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE +46 705 989668
Well, I'm INVISIBLE AGAIN ... I might as well pay a visit to the LADIES
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: Digital signature
More information about the NANOG