... be vulnerable to congestion based attacks, since a congestion based attack is against OPN's (other people's networks) where even infinite point-source provisioning cannot help you.
well, thats practically true, but not theoretically true. the DNS is running just fine thank you. ddos attacks against OPNs is not an attack on the DNS per se, its on the clients in the OPN. trying to ensure that every client has reachability to a given server set - FROM the SERVER side - is ultimately an exercise in futility.
i'm glad you said "every client" rather than "most clients". in october 2002 there was a ddos against all 13 root server addresses, and several of them were unicast (that's as in "not anycasted") behind DS3 links, and these "failed" in that they became unreachable by "most clients". of course, as you also point out, it's the reachability of the "server set" and not any particular server that matters. "long live diversity!"
Servers/operators can only take reasonable and prudent steps to try and ensure the service is generally available -- micro managing DNS availablity to a specific server set is the way to madness.
i'm really not sure i agree. about the madness, that is. i've heard of plans to do inside-AS anycasting of dns content, such that interested network operators could ddos-proof their view of a given server or server-set as long as the ddos did not emanate from within that AS, and i'm not sure that this is a bad business model given that BCP38 is still "madness" to many of you reading this.
Anycast is a way to make the service generally available to as many end-systems as want/need the service. So is multi-homing. ... long term, what is important is the view that there is a common namespace, not that there are special servers.
sorry, that's just too deep for me today.
little, in practice, can make a DNS service ddos proof. it can be done, but the side effects are worse than the cure.
being "worse" begs the question "worse for whom?", and for many, the things that can be done to ddos-proof a service are not worse than the ddos problem. so i'll consider that you mean "worse for you" and i'll wait to hear why that's true in your situation. (it's not true in mine.)