Dyn DDoS this AM?

Crist Clark cjc+nanog at pumpky.net
Sat Oct 22 00:11:34 UTC 2016

Given the scale of these attacks, whether having two providers does any
good may be a crap shoot.

That is, what if the target happens to share the same providers you do?
Given the whole asymmetry of resources that make this a problem in the
first place, the attackers probably have the resources to take out multiple

Having multiple providers may reduce your chance of being collateral damage
(and I'd also still worry more about the more mundane risks of a single
provider, maintenance or upgrade gone bad, business risks, etc., than these
sensational ones), but multiple providers likely won't save you if you are
the actual target of the attack.

On Fri, Oct 21, 2016 at 4:45 PM, Måns Nilsson <mansaxel at besserwisser.org>

> Subject: Re: Dyn DDoS this AM? Date: Sat, Oct 22, 2016 at 01:37:09AM +0200
> Quoting Niels Bakker (niels at bakker.net):
> > * mansaxel at besserwisser.org (Måns Nilsson) [Sat 22 Oct 2016, 01:27
> CEST]:
> > >Also, do not fall in the "short TTL for service agility" trap.
> >
> > Several CDNs, Akamai among them, do use short TTLs for this exact reason.
> > Server load is constantly monitored and taken into account when crafting
> > replies.
> But the problem is that this trashes caching, and DNS does not work
> without caches. At least not if you want it to survive when the going
> gets tough.
> If we're going to solve this we need to innovate beyond the pathetic
> CNAME chains that todays managed DNS services make us use, and get truly
> distributed load-balancing decision-making (which only will work if you
> give it sensible data; a single CNAME is not sensible data) all the way
> out in the client application.
> --
> Måns Nilsson     primary/secondary/besserwisser/machina
> MN-1334-RIPE                             +46 705 989668
> Well, I'm INVISIBLE AGAIN ... I might as well pay a visit to the LADIES
> ROOM ...

More information about the NANOG mailing list