Google DNS intermittent ServFail for Disney subdomain

• Previous message (by thread): Google DNS intermittent ServFail for Disney subdomain
• Next message (by thread): Google DNS intermittent ServFail for Disney subdomain
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 22 October 2017 at 12:23, David Conrad <drc at virtualized.org> wrote:

> Damian,
>
> Pragmatically speaking, I strongly suspect the increase in valid queries
> to authoritative servers even if all “large recursive resolvers” went away
> would be lost in noise of the overcapacity necessary to deal with even a
> lower-end DDoS attack.
>

A 10x increase in baseline queries is still a 10x increase (for whatever
value of "10" the real world would actually throw at us).  Although small
by comparison, that still has to be made up in an increase in the overhead
for DDoS.

I'm also led to wonder how much worse it would be if all those CPE were
open recursives instead of open forwarders.  I'd like to see CPE
manufacturers' decision making and processes improved BEFORE we start
encouraging them to go around ISPs' DNS servers or the large public
recursive clouds.

• Previous message (by thread): Google DNS intermittent ServFail for Disney subdomain
• Next message (by thread): Google DNS intermittent ServFail for Disney subdomain
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]