North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: DNS DOS increasing?

  • From: James Smith
  • Date: Mon Jan 21 10:10:09 2002

Title: RE: DNS DOS increasing?

 I've seen DOS-type behavior where a client will query a resolver for a
 name that doesn't exist, and the client does not accept the answer that
 the name does not exist and immediately sends another query, regardless
 of whether or not the resolver declared itself authoritative for the
 negative answer.


  Get ready for more DOS-like behavior as systems get deployed that have 10 second TTLs in the DNS. These systems are used to provide multi-isp redundancy by pinging each upstreams router, and when a ping fails, start giving out a dns response using the other ISP IP range. Same FQDN, new IP.

  This of course is driven by the desire for redundancy in small businesses who make the Internet an integral part of their business plan. Either they can't get PI space and don't have (or don't want to spend) the $$$ to do BGP, or are unable to convince their upstream to cut a hole in their CIDR block and allow a 2nd party to announce that chunk (which for some is as small as /28).

James H. Smith II  NNCDS NNCSE
Systems Engineer
The Presidio Corporation