[Outages-discussion] Dyn outage continuing
Patrick W. Gilmore
patrick at ianai.net
Fri Oct 21 14:54:55 EDT 2016
> PagerDuty should, at minimum, run their own DNS in addition to using someone like Dyn. Not put all their DNS eggs in a single basket.
It’s usually a good idea to have redundancy at every level. But I worry about people who want to run their own NS as well as someone like Dyn. Mostly because a lot of people will run that NS on their own LAN. When a large DDoS comes… well, you get the picture.
If you are looking for a company who does it “right”, how about:
Fri Oct 21 14:52:47 dhcp-220-234:patrick:~ $ dig +short ns pornhub.com
sdns3.ultradns.com.
ns3.p44.dynect.net.
ns1.p44.dynect.net.
sdns3.ultradns.net.
ns2.p44.dynect.net.
ns4.p44.dynect.net.
sdns3.ultradns.org.
sdns3.ultradns.biz.
Look at that - multiple managed DNS providers, and 4 separate TLDs!
:-)
--
TTFN,
patrick
> On Oct 21, 2016, at 1:44 PM, Seth Mattinen <sethm at rollernet.us> wrote:
>
> On 10/21/16 10:16, Chris Adams wrote:
>> [moved to outages-discussion]
>>
>> Once upon a time, Patrick W. Gilmore via Outages <outages at outages.org> said:
>>> > However, Dyn is far, far better positioned to withstand attacks than a company like PagerDuty could possibly be on their own. So I think PagerDuty did the right thing in using Dyn.
>> The flip side is that the concentration of services in "specialist"
>> hands makes it easier to attack a large number of companies at once. If
>> PagerDuty ran their own DNS, they are not a likely target of an attack,
>> so would be unaffected.
>
>
> PagerDuty should, at minimum, run their own DNS in addition to using someone like Dyn. Not put all their DNS eggs in a single basket.
>
> Maybe Dyn needs to deploy anycast nodes at every internet exchange of every size and scale instead of relying on a small number of beefy anycast nodes in select locations if their customers are going to have a single point of failure.
>
> Look at eBay:
>
> ebay.com. 172800 IN NS sjc-dns1.ebaydns.com.
> ebay.com. 172800 IN NS sjc-dns2.ebaydns.com.
> ebay.com. 172800 IN NS smf-dns1.ebaydns.com.
> ebay.com. 172800 IN NS smf-dns2.ebaydns.com.
> ebay.com. 172800 IN NS ns1.p47.dynect.net.
> ebay.com. 172800 IN NS ns2.p47.dynect.net.
> ebay.com. 172800 IN NS ns3.p47.dynect.net.
> ebay.com. 172800 IN NS ns4.p47.dynect.net.
>
> But then PayPal falls flat:
>
> paypal.com. 172800 IN NS ns1.p57.dynect.net.
> paypal.com. 172800 IN NS ns2.p57.dynect.net.
> paypal.com. 172800 IN NS ns3.p57.dynect.net.
> paypal.com. 172800 IN NS ns4.p57.dynect.net.
>
> ~Seth
> _______________________________________________
> Outages-discussion mailing list
> Outages-discussion at outages.org
> https://puck.nether.net/mailman/listinfo/outages-discussion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20161021/365a38ad/attachment-0001.html>
More information about the Outages-discussion
mailing list