|
|
|
|
|
|
by krylon
3134 days ago
|
|
|
> There have been _lots_ of large scale attacks on DNS infrastructure. Huh, I did not know that. Fascinating! What I meant was that there have not been any disturbances that had widespread consequences; imagine that one day, out of nothing, it is impossible to get an answer for the .com zone, just for an hour or so. In my mind I see the news reporting about this the way they would report about a hurricane or earthquake. Unless a lot of their broadcasting / distribution also would be out of order. ;-) |
|
|
The thing is, you have to maintain an attack for a long time to effectively disrupt service.
The root zone is published -- I imagine large recursive caches may use a local copy, rather than actually querying the root servers; but if they do query the root, the TTLs are 2 days; there's a pretty good chance your recursive resolver will have com. cached. The com. servers also give a 2 day TTL, so for popular domains, there's a good chance those are cached too. DDoS on the nameservers for domains can be effective, though. Even then, it's usually not a total outage.
[1] https://blog.thousandeyes.com/ddos-attack-varying-impacts-dn...