In article <mailman.542.1477928257.74444.bind-us...@lists.isc.org>, Jim Popovitch <jim...@gmail.com> wrote:
> On Mon, Oct 31, 2016 at 11:27 AM, Matthew Seaman > <m.sea...@infracaninophile.co.uk> wrote: > > On 2016/10/31 14:53, Jim Popovitch wrote: > >> On Mon, Oct 31, 2016 at 10:25 AM, Matthew Seaman > >> <m.sea...@infracaninophile.co.uk> wrote: > >>> This despite the fact that Dyn has a global anycast network with > >>> plenty of bandwidth, points of presence all round the world and > >>> each POP contains a bunch of top-of-the-line servers. > >> > >> It seems to me that anycast is probably much worse in the Mirai botnet > >> scenario unless each node is pretty much as robust as a traditional > >> unicast node. > > > > I couldn't really say whether unicast is more or less resistant to this > > sort of attack -- I'd guess either way it would be down to the capacity > > at each individual node. > > > > It was Dyn's USA POPs that bore the brunt of the attack, presumably > > because most of the Mirai bots were located in the USA. Even so, it > > still caused us plenty of grief in Europe. Apparently the effects were > > fairly minimal in the Far East. > > > > That makes one wonder if the EU Anycast nodes are reliant on the USA > node(s). I have no insights (and even less DNS knowledge) but it > makes one wonder if there's a fundamental design flaw in anycast DNS > that relies on one or more nodes... is anycast DNS really just > distributed cache DNS? "Anycast" just means that a single public IP address is routed to different POPs depending on where the source is. So if you query 4.2.2.1 or 8.8.8.8 from the US, you'll go to a US nameserver; if you query them from Europe, you'll go to a European server. While 4.2.2.1 and 8.8.8.8 are caching DNS, the same can be done with authoritative DNS, and that's what was attacked in the Dyn case (I'm not even sure if Dyn offers caching DNS). I heard that the impact of the attack was even narrower than just the US, it was mostly eastern US. That suggests some things about the granularity of Dyn's anycast network and the distribution of the Mirai botnet. -- Barry Margolin Arlington, MA _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users