The DDOS attack on DYN & RRL ?

Jim Popovitch jimpop at
Mon Oct 31 15:36:28 UTC 2016

On Mon, Oct 31, 2016 at 11:27 AM, Matthew Seaman
<m.seaman at> wrote:
> On 2016/10/31 14:53, Jim Popovitch wrote:
>> On Mon, Oct 31, 2016 at 10:25 AM, Matthew Seaman
>> <m.seaman at> wrote:
>>> This despite the fact that Dyn has a global anycast network with
>>> plenty of bandwidth, points of presence all round the world and
>>> each POP contains a bunch of top-of-the-line servers.
>> It seems to me that anycast is probably much worse in the Mirai botnet
>> scenario unless each node is pretty much as robust as a traditional
>> unicast node.
> I couldn't really say whether unicast is more or less resistant to this
> sort of attack -- I'd guess either way it would be down to the capacity
> at each individual node.
> It was Dyn's USA POPs that bore the brunt of the attack, presumably
> because most of the Mirai bots were located in the USA.  Even so, it
> still caused us plenty of grief in Europe.  Apparently the effects were
> fairly minimal in the Far East.

That makes one wonder if the EU Anycast nodes are reliant on the USA
node(s).  I have no insights (and even less DNS knowledge) but it
makes one wonder if there's a fundamental design flaw in anycast DNS
that relies on one or more nodes... is anycast DNS really just
distributed cache DNS?

-Jim P.

More information about the bind-users mailing list