[prev in list] [next in list] [prev in thread] [next in thread]
List: outages-discussion
Subject: Re: [Outages-discussion] Dyn outage continuing
From: Joseph Jackson <jjackson () aninetworks ! net>
Date: 2016-10-21 19:12:01
Message-ID: aaae546bb99d4e4aaec9a4a3d6632b50 () mbx080-w4-co-1 ! exch080 ! serverpod ! net
[Download RAW message or body]
Yeah but most services can't stand up to a really large DDoS. It doesn't m=
atter what you are doing if your bandwidth isn't big enough.
From: Outages-discussion [mailto:outages-discussion-bounces@outages.org] On=
Behalf Of Bob Colon
Sent: Friday, October 21, 2016 2:03 PM
To: outages-discussion@outages.org
Subject: Re: [Outages-discussion] Dyn outage continuing
Well of course... all hell breaks loose if people can't get their porn!
To ensure prompt service, please use "Reply All" when responding
Robert Colon | TCSA Tier 3 | EthoStream LLC | P: (877) 282-2519 x2114 | F: =
(414) 258-8307 | 20800 Swenson Drive, Suite 175 Waukesha, WI 53186 | www.te=
lkonet.com<http://www.telkonet.com/> | www.ethostream.com<http://www.ethost=
ream.com/> | @Telkonet<https://twitter.com/telkonet>
On 10/21/2016 1:54 PM, Patrick W. Gilmore wrote:
PagerDuty should, at minimum, run their own DNS in addition to using someon=
e like Dyn. Not put all their DNS eggs in a single basket.
It's usually a good idea to have redundancy at every level. But I worry abo=
ut people who want to run their own NS as well as someone like Dyn. Mostly =
because a lot of people will run that NS on their own LAN. When a large DDo=
S comes... well, you get the picture.
If you are looking for a company who does it "right", how about:
Fri Oct 21 14:52:47 dhcp-220-234:patrick:~ $ dig +short ns pornhub.com<http=
://pornhub.com>
sdns3.ultradns.com<http://sdns3.ultradns.com>.
ns3.p44.dynect.net<http://ns3.p44.dynect.net>.
ns1.p44.dynect.net<http://ns1.p44.dynect.net>.
sdns3.ultradns.net<http://sdns3.ultradns.net>.
ns2.p44.dynect.net<http://ns2.p44.dynect.net>.
ns4.p44.dynect.net<http://ns4.p44.dynect.net>.
sdns3.ultradns.org<http://sdns3.ultradns.org>.
sdns3.ultradns.biz<http://sdns3.ultradns.biz>.
Look at that - multiple managed DNS providers, and 4 separate TLDs!
:-)
--
TTFN,
patrick
On Oct 21, 2016, at 1:44 PM, Seth Mattinen <sethm@rollernet.us<mailto:sethm=
@rollernet.us>> wrote:
On 10/21/16 10:16, Chris Adams wrote:
[moved to outages-discussion]
Once upon a time, Patrick W. Gilmore via Outages <outages@outages.org<mailt=
o:outages@outages.org>> said:
> However, Dyn is far, far better positioned to withstand attacks than a co=
mpany like PagerDuty could possibly be on their own. So I think PagerDuty d=
id the right thing in using Dyn.
The flip side is that the concentration of services in "specialist"
hands makes it easier to attack a large number of companies at once. If
PagerDuty ran their own DNS, they are not a likely target of an attack,
so would be unaffected.
PagerDuty should, at minimum, run their own DNS in addition to using someon=
e like Dyn. Not put all their DNS eggs in a single basket.
Maybe Dyn needs to deploy anycast nodes at every internet exchange of every=
size and scale instead of relying on a small number of beefy anycast nodes=
in select locations if their customers are going to have a single point of=
failure.
Look at eBay:
ebay.com<http://ebay.com>. 172800 IN N=
S sjc-dns1.ebaydns.com<http://sjc-dns1.ebaydns.com>.
ebay.com<http://ebay.com>. 172800 IN N=
S sjc-dns2.ebaydns.com<http://sjc-dns2.ebaydns.com>.
ebay.com<http://ebay.com>. 172800 IN N=
S smf-dns1.ebaydns.com<http://smf-dns1.ebaydns.com>.
ebay.com<http://ebay.com>. 172800 IN N=
S smf-dns2.ebaydns.com<http://smf-dns2.ebaydns.com>.
ebay.com<http://ebay.com>. 172800 IN N=
S ns1.p47.dynect.net<http://ns1.p47.dynect.net>.
ebay.com<http://ebay.com>. 172800 IN N=
S ns2.p47.dynect.net<http://ns2.p47.dynect.net>.
ebay.com<http://ebay.com>. 172800 IN N=
S ns3.p47.dynect.net<http://ns3.p47.dynect.net>.
ebay.com<http://ebay.com>. 172800 IN N=
S ns4.p47.dynect.net<http://ns4.p47.dynect.net>.
But then PayPal falls flat:
paypal.com<http://paypal.com>. 172800 IN =
NS ns1.p57.dynect.net<http://ns1.p57.dynect.net>.
paypal.com<http://paypal.com>. 172800 IN =
NS ns2.p57.dynect.net<http://ns2.p57.dynect.net>.
paypal.com<http://paypal.com>. 172800 IN =
NS ns3.p57.dynect.net<http://ns3.p57.dynect.net>.
paypal.com<http://paypal.com>. 172800 IN =
NS ns4.p57.dynect.net<http://ns4.p57.dynect.net>.
~Seth
_______________________________________________
Outages-discussion mailing list
Outages-discussion@outages.org<mailto:Outages-discussion@outages.org>
https://puck.nether.net/mailman/listinfo/outages-discussion
_______________________________________________
Outages-discussion mailing list
Outages-discussion@outages.org<mailto:Outages-discussion@outages.org>
https://puck.nether.net/mailman/listinfo/outages-discussion
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<title>Signature</title>
<style><!--
/* Font Definitions */
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Inconsolata;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New","serif";
color:black;}
p.normal, li.normal, div.normal
{mso-style-name:normal;
margin:0in;
margin-bottom:.0001pt;
font-size:8.5pt;
font-family:"Arial","sans-serif";
color:black;
mso-fareast-language:JA;}
span.text
{mso-style-name:text;
font-family:"Arial","sans-serif";
color:gray;}
span.nobr
{mso-style-name:nobr;}
span.apple-tab-span
{mso-style-name:apple-tab-span;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#44546A;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#44546A">Yeah \
but most services can’t stand up to a really large DDoS. It doesn’t \
matter what you are doing if your bandwidth isn’t big \
enough.<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#44546A"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#44546A"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#44546A"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"> \
Outages-discussion [mailto:outages-discussion-bounces@outages.org] <b>On Behalf Of \
</b>Bob Colon<br> <b>Sent:</b> Friday, October 21, 2016 2:03 PM<br>
<b>To:</b> outages-discussion@outages.org<br>
<b>Subject:</b> Re: [Outages-discussion] Dyn outage continuing<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p>Well of course... all hell breaks loose if people can't get their \
porn!<o:p></o:p></p> <p><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="normal"><span class="nobr"><span style="color:gray">To ensure prompt \
service, please use "Reply All" when responding </span></span><span \
style="color:gray"><br> <br>
<span class="nobr">Robert Colon | TCSA Tier 3 | EthoStream LLC | P: (877) 282-2519 \
x2114 | F: (414) 258-8307 | 20800 Swenson Drive, Suite 175 Waukesha, WI 53186 | <a \
href="http://www.telkonet.com/">www.telkonet.com</a> | <a \
href="http://www.ethostream.com/"> www.ethostream.com</a> | <a \
href="https://twitter.com/telkonet">@Telkonet</a> </span> </span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<div>
<p class="MsoNormal">On 10/21/2016 1:54 PM, Patrick W. Gilmore wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">PagerDuty should, at minimum, run their own DNS in addition to \
using someone like Dyn. Not put all their DNS eggs in a single basket.<o:p></o:p></p> \
</blockquote> <div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">It’s usually a good idea to have redundancy at every \
level. But I worry about people who want to run their own NS as well as someone like \
Dyn. Mostly because a lot of people will run that NS on their own LAN. When a large \
DDoS comes… well, you get the picture.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">If you are looking for a company who does it \
“right”, how about:<o:p></o:p></p> </div>
<blockquote style="margin-left:30.0pt;margin-right:0in">
<div>
<p class="MsoNormal"><span style="font-family:"Courier \
New","serif"">Fri Oct 21 14:52:47 dhcp-220-234:patrick:~ $ dig \
+short ns <a href="http://pornhub.com">pornhub.com</a></span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier \
New","serif""><a \
href="http://sdns3.ultradns.com">sdns3.ultradns.com</a>.</span><o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier \
New","serif""><a \
href="http://ns3.p44.dynect.net">ns3.p44.dynect.net</a>.</span><o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier \
New","serif""><a \
href="http://ns1.p44.dynect.net">ns1.p44.dynect.net</a>.</span><o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier \
New","serif""><a \
href="http://sdns3.ultradns.net">sdns3.ultradns.net</a>.</span><o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier \
New","serif""><a \
href="http://ns2.p44.dynect.net">ns2.p44.dynect.net</a>.</span><o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier \
New","serif""><a \
href="http://ns4.p44.dynect.net">ns4.p44.dynect.net</a>.</span><o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier \
New","serif""><a \
href="http://sdns3.ultradns.org">sdns3.ultradns.org</a>.</span><o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier \
New","serif""><a \
href="http://sdns3.ultradns.biz">sdns3.ultradns.biz</a>.</span><o:p></o:p></p> </div>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">Look at that - multiple managed DNS providers, and 4 separate \
TLDs!<o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">:-)<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><span \
style="font-family:"Inconsolata","serif"">-- </span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span \
style="font-family:"Inconsolata","serif"">TTFN,</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span \
style="font-family:"Inconsolata","serif"">patrick</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On Oct 21, 2016, at 1:44 PM, Seth Mattinen <<a \
href="mailto:sethm@rollernet.us">sethm@rollernet.us</a>> wrote:<o:p></o:p></p> \
</div> <p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On 10/21/16 10:16, Chris Adams wrote:<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal">[moved to outages-discussion]<br>
<br>
Once upon a time, Patrick W. Gilmore via Outages <<a \
href="mailto:outages@outages.org">outages@outages.org</a>> said:<br> <br>
<o:p></o:p></p>
<p class="MsoNormal">> However, Dyn is far, far better positioned to withstand \
attacks than a company like PagerDuty could possibly be on their own. So I think \
PagerDuty did the right thing in using Dyn.<o:p></o:p></p> <p class="MsoNormal">The \
flip side is that the concentration of services in "specialist"<br> hands \
makes it easier to attack a large number of companies at once. If<br> PagerDuty \
ran their own DNS, they are not a likely target of an attack,<br> so would be \
unaffected.<o:p></o:p></p> <p class="MsoNormal"><br>
<br>
PagerDuty should, at minimum, run their own DNS in addition to using someone like \
Dyn. Not put all their DNS eggs in a single basket.<br> <br>
Maybe Dyn needs to deploy anycast nodes at every internet exchange of every size and \
scale instead of relying on a small number of beefy anycast nodes in select locations \
if their customers are going to have a single point of failure.<br> <br>
Look at eBay:<br>
<br>
<a href="http://ebay.com">ebay.com</a>.<span \
class="apple-tab-span">
</span>172800<span class="apple-tab-span"> \
</span>IN<span class="apple-tab-span"> \
</span>NS<span class="apple-tab-span"> </span><a \
href="http://sjc-dns1.ebaydns.com">sjc-dns1.ebaydns.com</a>.<br> <a \
href="http://ebay.com">ebay.com</a>.<span \
class="apple-tab-span">
</span>172800<span class="apple-tab-span"> \
</span>IN<span class="apple-tab-span"> \
</span>NS<span class="apple-tab-span"> </span><a \
href="http://sjc-dns2.ebaydns.com">sjc-dns2.ebaydns.com</a>.<br> <a \
href="http://ebay.com">ebay.com</a>.<span \
class="apple-tab-span">
</span>172800<span class="apple-tab-span"> \
</span>IN<span class="apple-tab-span"> \
</span>NS<span class="apple-tab-span"> </span><a \
href="http://smf-dns1.ebaydns.com">smf-dns1.ebaydns.com</a>.<br> <a \
href="http://ebay.com">ebay.com</a>.<span \
class="apple-tab-span">
</span>172800<span class="apple-tab-span"> \
</span>IN<span class="apple-tab-span"> \
</span>NS<span class="apple-tab-span"> </span><a \
href="http://smf-dns2.ebaydns.com">smf-dns2.ebaydns.com</a>.<br> <a \
href="http://ebay.com">ebay.com</a>.<span \
class="apple-tab-span">
</span>172800<span class="apple-tab-span"> \
</span>IN<span class="apple-tab-span"> \
</span>NS<span class="apple-tab-span"> </span><a \
href="http://ns1.p47.dynect.net">ns1.p47.dynect.net</a>.<br> <a \
href="http://ebay.com">ebay.com</a>.<span \
class="apple-tab-span">
</span>172800<span class="apple-tab-span"> \
</span>IN<span class="apple-tab-span"> \
</span>NS<span class="apple-tab-span"> </span><a \
href="http://ns2.p47.dynect.net">ns2.p47.dynect.net</a>.<br> <a \
href="http://ebay.com">ebay.com</a>.<span \
class="apple-tab-span">
</span>172800<span class="apple-tab-span"> \
</span>IN<span class="apple-tab-span"> \
</span>NS<span class="apple-tab-span"> </span><a \
href="http://ns3.p47.dynect.net">ns3.p47.dynect.net</a>.<br> <a \
href="http://ebay.com">ebay.com</a>.<span \
class="apple-tab-span">
</span>172800<span class="apple-tab-span"> \
</span>IN<span class="apple-tab-span"> \
</span>NS<span class="apple-tab-span"> </span><a \
href="http://ns4.p47.dynect.net">ns4.p47.dynect.net</a>.<br> <br>
But then PayPal falls flat:<br>
<br>
<a href="http://paypal.com">paypal.com</a>.<span \
class="apple-tab-span">
</span>172800<span class="apple-tab-span"> \
</span>IN<span class="apple-tab-span"> \
</span>NS<span class="apple-tab-span"> </span><a \
href="http://ns1.p57.dynect.net">ns1.p57.dynect.net</a>.<br> <a \
href="http://paypal.com">paypal.com</a>.<span \
class="apple-tab-span">
</span>172800<span class="apple-tab-span"> \
</span>IN<span class="apple-tab-span"> \
</span>NS<span class="apple-tab-span"> </span><a \
href="http://ns2.p57.dynect.net">ns2.p57.dynect.net</a>.<br> <a \
href="http://paypal.com">paypal.com</a>.<span \
class="apple-tab-span">
</span>172800<span class="apple-tab-span"> \
</span>IN<span class="apple-tab-span"> \
</span>NS<span class="apple-tab-span"> </span><a \
href="http://ns3.p57.dynect.net">ns3.p57.dynect.net</a>.<br> <a \
href="http://paypal.com">paypal.com</a>.<span \
class="apple-tab-span">
</span>172800<span class="apple-tab-span"> \
</span>IN<span class="apple-tab-span"> \
</span>NS<span class="apple-tab-span"> </span><a \
href="http://ns4.p57.dynect.net">ns4.p57.dynect.net</a>.<br> <br>
~Seth<br>
_______________________________________________<br>
Outages-discussion mailing list<br>
<a href="mailto:Outages-discussion@outages.org">Outages-discussion@outages.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/outages-discussion">https://puck.nether.net/mailman/listinfo/outages-discussion</a><o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Outages-discussion mailing list<o:p></o:p></pre>
<pre><a href="mailto:Outages-discussion@outages.org">Outages-discussion@outages.org</a><o:p></o:p></pre>
<pre><a href="https://puck.nether.net/mailman/listinfo/outages-discussion">https://puck.nether.net/mailman/listinfo/outages-discussion</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>
_______________________________________________
Outages-discussion mailing list
Outages-discussion@outages.org
https://puck.nether.net/mailman/listinfo/outages-discussion
--===============2700207721102752963==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic