On Mon, Oct 31, 2016 at 11:27 AM, Matthew Seaman <m.sea...@infracaninophile.co.uk> wrote: > On 2016/10/31 14:53, Jim Popovitch wrote: >> On Mon, Oct 31, 2016 at 10:25 AM, Matthew Seaman >> <m.sea...@infracaninophile.co.uk> wrote: >>> This despite the fact that Dyn has a global anycast network with >>> plenty of bandwidth, points of presence all round the world and >>> each POP contains a bunch of top-of-the-line servers. >> >> It seems to me that anycast is probably much worse in the Mirai botnet >> scenario unless each node is pretty much as robust as a traditional >> unicast node. > > I couldn't really say whether unicast is more or less resistant to this > sort of attack -- I'd guess either way it would be down to the capacity > at each individual node. > > It was Dyn's USA POPs that bore the brunt of the attack, presumably > because most of the Mirai bots were located in the USA. Even so, it > still caused us plenty of grief in Europe. Apparently the effects were > fairly minimal in the Far East. >
That makes one wonder if the EU Anycast nodes are reliant on the USA node(s). I have no insights (and even less DNS knowledge) but it makes one wonder if there's a fundamental design flaw in anycast DNS that relies on one or more nodes... is anycast DNS really just distributed cache DNS? -Jim P. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
