[Outages-discussion] Dyn outage continuing

Joseph Jackson jjackson at aninetworks.net
Fri Oct 21 15:12:01 EDT 2016 

Yeah but most services can't stand up to a really large DDoS.  It doesn't matter what you are doing if your bandwidth isn't big enough.



From: Outages-discussion [mailto:outages-discussion-bounces at outages.org] On Behalf Of Bob Colon
Sent: Friday, October 21, 2016 2:03 PM
To: outages-discussion at outages.org
Subject: Re: [Outages-discussion] Dyn outage continuing


Well of course... all hell breaks loose if people can't get their porn!




To ensure prompt service, please use "Reply All" when responding

Robert Colon | TCSA Tier 3 | EthoStream LLC | P: (877) 282-2519 x2114 | F: (414) 258-8307 | 20800 Swenson Drive, Suite 175 Waukesha, WI 53186 | www.telkonet.com<http://www.telkonet.com/> | www.ethostream.com<http://www.ethostream.com/> | @Telkonet<https://twitter.com/telkonet>

On 10/21/2016 1:54 PM, Patrick W. Gilmore wrote:
PagerDuty should, at minimum, run their own DNS in addition to using someone like Dyn. Not put all their DNS eggs in a single basket.

It's usually a good idea to have redundancy at every level. But I worry about people who want to run their own NS as well as someone like Dyn. Mostly because a lot of people will run that NS on their own LAN. When a large DDoS comes... well, you get the picture.

If you are looking for a company who does it "right", how about:
Fri Oct 21 14:52:47 dhcp-220-234:patrick:~ $ dig +short ns pornhub.com<http://pornhub.com>
sdns3.ultradns.com<http://sdns3.ultradns.com>.
ns3.p44.dynect.net<http://ns3.p44.dynect.net>.
ns1.p44.dynect.net<http://ns1.p44.dynect.net>.
sdns3.ultradns.net<http://sdns3.ultradns.net>.
ns2.p44.dynect.net<http://ns2.p44.dynect.net>.
ns4.p44.dynect.net<http://ns4.p44.dynect.net>.
sdns3.ultradns.org<http://sdns3.ultradns.org>.
sdns3.ultradns.biz<http://sdns3.ultradns.biz>.

Look at that - multiple managed DNS providers, and 4 separate TLDs!

:-)

--
TTFN,
patrick

On Oct 21, 2016, at 1:44 PM, Seth Mattinen <sethm at rollernet.us<mailto:sethm at rollernet.us>> wrote:

On 10/21/16 10:16, Chris Adams wrote:

[moved to outages-discussion]

Once upon a time, Patrick W. Gilmore via Outages <outages at outages.org<mailto:outages at outages.org>> said:

> However, Dyn is far, far better positioned to withstand attacks than a company like PagerDuty could possibly be on their own. So I think PagerDuty did the right thing in using Dyn.
The flip side is that the concentration of services in "specialist"
hands makes it easier to attack a large number of companies at once.  If
PagerDuty ran their own DNS, they are not a likely target of an attack,
so would be unaffected.


PagerDuty should, at minimum, run their own DNS in addition to using someone like Dyn. Not put all their DNS eggs in a single basket.

Maybe Dyn needs to deploy anycast nodes at every internet exchange of every size and scale instead of relying on a small number of beefy anycast nodes in select locations if their customers are going to have a single point of failure.

Look at eBay:

ebay.com<http://ebay.com>.                    172800            IN        NS       sjc-dns1.ebaydns.com<http://sjc-dns1.ebaydns.com>.
ebay.com<http://ebay.com>.                    172800            IN        NS       sjc-dns2.ebaydns.com<http://sjc-dns2.ebaydns.com>.
ebay.com<http://ebay.com>.                    172800            IN        NS       smf-dns1.ebaydns.com<http://smf-dns1.ebaydns.com>.
ebay.com<http://ebay.com>.                    172800            IN        NS       smf-dns2.ebaydns.com<http://smf-dns2.ebaydns.com>.
ebay.com<http://ebay.com>.                    172800            IN        NS       ns1.p47.dynect.net<http://ns1.p47.dynect.net>.
ebay.com<http://ebay.com>.                    172800            IN        NS       ns2.p47.dynect.net<http://ns2.p47.dynect.net>.
ebay.com<http://ebay.com>.                    172800            IN        NS       ns3.p47.dynect.net<http://ns3.p47.dynect.net>.
ebay.com<http://ebay.com>.                    172800            IN        NS       ns4.p47.dynect.net<http://ns4.p47.dynect.net>.

But then PayPal falls flat:

paypal.com<http://paypal.com>.                 172800            IN        NS       ns1.p57.dynect.net<http://ns1.p57.dynect.net>.
paypal.com<http://paypal.com>.                 172800            IN        NS       ns2.p57.dynect.net<http://ns2.p57.dynect.net>.
paypal.com<http://paypal.com>.                 172800            IN        NS       ns3.p57.dynect.net<http://ns3.p57.dynect.net>.
paypal.com<http://paypal.com>.                 172800            IN        NS       ns4.p57.dynect.net<http://ns4.p57.dynect.net>.

~Seth
_______________________________________________
Outages-discussion mailing list
Outages-discussion at outages.org<mailto:Outages-discussion at outages.org>
https://puck.nether.net/mailman/listinfo/outages-discussion





_______________________________________________

Outages-discussion mailing list

Outages-discussion at outages.org<mailto:Outages-discussion at outages.org>

https://puck.nether.net/mailman/listinfo/outages-discussion

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20161021/0c405b4d/attachment-0001.html>

More information about the Outages-discussion mailing list