Google DNS intermittent ServFail for Disney subdomain

Matthew Pounsett matt at conundrum.com
Wed Oct 25 17:05:00 CST 2017


On 22 October 2017 at 12:23, David Conrad <drc at virtualized.org> wrote:

> Damian,
>
> Pragmatically speaking, I strongly suspect the increase in valid queries
> to authoritative servers even if all “large recursive resolvers” went away
> would be lost in noise of the overcapacity necessary to deal with even a
> lower-end DDoS attack.
>

A 10x increase in baseline queries is still a 10x increase (for whatever
value of "10" the real world would actually throw at us).  Although small
by comparison, that still has to be made up in an increase in the overhead
for DDoS.

I'm also led to wonder how much worse it would be if all those CPE were
open recursives instead of open forwarders.  I'd like to see CPE
manufacturers' decision making and processes improved BEFORE we start
encouraging them to go around ISPs' DNS servers or the large public
recursive clouds.


More information about the NANOG mailing list