The DDOS attack on DYN & RRL ?

Ben Croswell ben.croswell at
Mon Oct 31 16:29:45 UTC 2016

I think what we see as a result of this attack is DNS provider diversity
being the new buzz phrase. The same as not relying on a single ISP link i
see more people using multiple DNS providers.
The size of these attacks will grow as IoT continues to grow. It makes
sense to have diverse providers to ensure your domains are serviceable if a
provider gets attacked.

On Oct 31, 2016 12:25 PM, "Matthew Seaman" <m.seaman at>

> On 2016/10/31 16:09, Barry Margolin wrote:
> > I heard that the impact of the attack was even narrower than just the
> > US, it was mostly eastern US. That suggests some things about the
> > granularity of Dyn's anycast network and the distribution of the Mirai
> > botnet.
> There were actually three attacks on the same day.  The first (about
> 12:00 UTC) affected pretty much just the Eastern USA, and we saw little
> beyond some raised RTTs in Europe.  The second (about 16:00UTC) took out
> all the Dyn POPs in the USA and affected their European POP.  The third
> (around 18:00UTC) ... was pretty much a non-event.  Dyn had mitigated
> the attacks pretty effectively by that point.
>         Cheers,
>         Matthew
> _______________________________________________
> Please visit to
> unsubscribe from this list
> bind-users mailing list
> bind-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list