Dyn DDoS this AM?

Måns Nilsson mansaxel at besserwisser.org
Fri Oct 21 23:45:55 UTC 2016


Subject: Re: Dyn DDoS this AM? Date: Sat, Oct 22, 2016 at 01:37:09AM +0200 Quoting Niels Bakker (niels at bakker.net):
> * mansaxel at besserwisser.org (Måns Nilsson) [Sat 22 Oct 2016, 01:27 CEST]:
> >Also, do not fall in the "short TTL for service agility" trap.
> 
> Several CDNs, Akamai among them, do use short TTLs for this exact reason.
> Server load is constantly monitored and taken into account when crafting DNS
> replies.

But the problem is that this trashes caching, and DNS does not work
without caches. At least not if you want it to survive when the going
gets tough. 

If we're going to solve this we need to innovate beyond the pathetic
CNAME chains that todays managed DNS services make us use, and get truly
distributed load-balancing decision-making (which only will work if you
give it sensible data; a single CNAME is not sensible data) all the way
out in the client application. 

-- 
Måns Nilsson     primary/secondary/besserwisser/machina
MN-1334-RIPE                             +46 705 989668
Well, I'm INVISIBLE AGAIN ... I might as well pay a visit to the LADIES
ROOM ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20161022/71cfb153/attachment.pgp>


More information about the NANOG mailing list