[Animats]

Dyn, Inc. is toast. They created a central point of failure for the Internet. Major sites will stop using their services within hours.

Things need to get more distributed. Don't load Jquery from some central site. Don't load fonts from Google. Make sure your site will work if all the trackers and ad sites are not responding. Use multiple independent DNS providers.

It's also time for serious litigation. Find some vulnerable IoT device being used for the attack, and sue the retailer, distributor, and manufacturer for negligence. Junk IoT manufacturers need to feel fear.

[stcredzero]

Junk IoT manufacturers need to feel fear.

We've reached the point where any clueless business type who pooh-poohs and wishes away security concerns needs to get the idiot bit flipped on them. Today's networked computing environment has reached the point, where this stuff is toxic. It might have been okay for a few isolated frontier weirdos to play with mercury to extract gold, but then when that became a full blown industry, it resulted in toxic consequences we are still dealing with over 150 years later. Maker hipsters playing with a few hardware hacks did little harm. Now that IoT is becoming household, the situation has changed in an analogous way.

[Florin_Andrei]

Selling insecure devices (be that IoT, wifi routers, etc) is almost like aiding and abetting, in the context of DoS attacks.

[Kunix]

If they had to recall all vulnerable devices I am sure they would take security a lot more seriously.

[boredprogrammer]

capitalism just isn't ready for prime time

[stcredzero]

It's the worst way to organize an economy, after every single other way we've thought of so far.

[rbinv]

Please. Dyn has performed pretty well in the past, and any other provider (be it UltraDNS, CloudFlare or anybody else) would be a single point of failure as well.

As you said, the only protection (somewhat) is to have redundant/multiple DNS providers. Doesn't mean Dyn can't be one of many.

[Bartweiss]

Dyn is still one of the biggest and hardest to hit providers, so I'd be surprised if they're broadly abandoned. Redundant providers are pretty much the only fix available to users, but it's still sensible to be redundant via the the best providers out there, and that still means Dyn.

[Animats]

They had one job. To stay up no matter what. That's the only justification for using Dyn. They failed.

[rbinv]

Yes, they did. But, depending on the details of the attack, I am not sure if any other provider could have withstood the attack without problems. In other words, I doubt there's a single provider/alternative.

[detaro]

Unless you have a good argument why they are less likely to stay up than the alternatives, I don't see how this would lead to their end. Unless you take it as an argument to abolish ALL DNS servers and start mailing host-files around...

People have been painfully reminded why using multiple providers is best practice, will re-evaluate if that's worth the expense and if yes add other servers. Dyn will easily survive unless some massive blunder is exposed in the aftermath.

[meira]

The alternative, not being one of the bigs, has a lot less chance to be hit. I would leave dyndns the same way I'm leaving cloudflare.

[a3n]

No matter what is pretty tough. And it's not like they're an insurance company that can re-insure their risks.

The people who depend on DNS have one DNS-related job: to mitigate risk relative to their potential losses and existence.

[Bartweiss]

Would anyone else have stayed up, though? This isn't just going to be a fear response, the risk assessment will be to ask "what could have prevented this?"

Lots of people will quit using Dyn as a sole DNS, but I don't see any reason they'll quit being involved in people's multiple DNS solutions.

[cheald]

Dyn is toast as a single DNS provider. The big boys are just going to move to using two or three providers' nameservers rather than just one.

Dyn will almost certainly remain as one of those two or three.

[eternalban]

> load fonts from Google.

Not sure, but isn't this yet another beacon?

[jazoom]

It's hardly dire if the custom fonts don't load for a few hours.

[smn1234]

can you imagine the cost of doing and having everything nX times ??

[apathy]

Presumably about n-fold higher (marginally) than without redundancy. Not counting the cost of this sort of outage, which could swing the equation strongly in favor of nX