it would appear that given the large scale ddos attacks against networks, and dns in particular over the last year, an anycast implementation is the *only* way that dns has a chance of surviving.
It might help but isn't a cure all. If they can query it they can DoS it and given the splay of zombies vs your servers there should be enough to kill them all dns serving P2P style (I'm not suggesting someone should do it) would even up the odds, with enough penetration you could get 1:1 so they all attack themselves.
In terms of UltraDNS, we try to make it easier by having the following two records on every server: dig @[UltraDNS Anycast name or ip address] whoareyou.ultradns.net A and dig @[UltraDNS Anycast name or ip address] whoami.ultradns.net A
more useful would be to make a query that returned the answers from all your servers (obfuscated if necessary) so we can see which is different & have data to report the problem I presume you have such a tool internally for regression testing brandon
participants (1)
-
Brandon Butterworth