The DDOS attack on DYN & RRL ?
Ben Croswell
ben.croswell at gmail.com
Tue Nov 1 14:45:34 UTC 2016
The other option being having a master owned by your company and then
setting both external providers to secondary from your master. You to
maintain control over data and hqve diversity.
On Nov 1, 2016 10:42 AM, "Barry Margolin" <barmar at alum.mit.edu> wrote:
> In article <mailman.546.1477931391.74444.bind-users at lists.isc.org>,
> Ben Croswell <ben.croswell at gmail.com> wrote:
>
> > I think what we see as a result of this attack is DNS provider diversity
> > being the new buzz phrase. The same as not relying on a single ISP link i
> > see more people using multiple DNS providers.
> > The size of these attacks will grow as IoT continues to grow. It makes
> > sense to have diverse providers to ensure your domains are serviceable
> if a
> > provider gets attacked.
>
> My boss asked me to look into this after the attack. The sticking point
> seems to be that most DNS providers don't allow zone transfers from
> their servers. We currently get our auth DNS from SoftLayer, the hosting
> provider for our primary web, application, and database servers. I
> contacted them to find out if it's possible to enable zone transfers to
> a third party slave service, they said no; they suggested that we simply
> set up both services as masters, which would mean we'd have to update
> them independently (or write our own scripts that make use of each
> service's API). The customers of Dyn are in the same situation.
>
> Maybe last week's incident will prompt enough big customers to demand
> this that they'll change their policies.
>
> --
> Barry Margolin
> Arlington, MA
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20161101/1088cd33/attachment.html>
More information about the bind-users
mailing list