I’m always excited when I get to hear Cricket speak about DNS. Why? Because the man knows his stuff. Cricket Liu literally wrote the book on DNS and I first got to meet him back in 2007 when I worked for Corporate Express. He is one of the few hyper-smart people that also possesses solid public-speaking chops and ability to story-tell.
Today’s Webcast was sponsored by InfoBlox; and it was titled ‘Lessons from the Latest DDoS attack’ ; referring to the Oct 21st attack that took out DYN, ( DNS provider ) for several hours. Companies who host their DNS through DYN were affected – and not available.
The take away I got from listening to Cricket today was – Redundancy! Specifically, when Cricket highlighted adding Redundant Authoritative Name Servers across different providers to a company’s Architecture as a way to ensure availability when a single DNS provider is going through 3.2Gbps DD0S or other outage. ( e.g. deploy your Redundant Authoritative Name Servers in BOTH DYN and RackSpace have )
Cricket also talked briefly about Response Policy Zones as a DDoS defense, likening them to fancy customization blacklists with the added kick of being able to redirect that traffic elsewhere. Response Policy Zones is a deep dive topic I will tackle in a future blog.
He talked about the IoT devices that made up the attack; and how they were conscripted by the Mirai code to become slavebots; due to poor password design / users not changing defaults. Brian Krebs the best write up on this Cricket also mentioned something I had not heard anywhere else; and that was that many of the IoT devices are connected to high bandwidth links; each saturated with junk traffic.
Listening to someone, really listening, can tell you a lot about how they think. His simple, yet powerful advice on DNS provider redundancy is solid. I’m a believer. Redundancy is a topic we’ve covered here before when talking about Cloud Providers. I understand that it is a cost decision not to implement layers of redundant architecture; yet at some point – when weighing the risks; and likelihood of that risk manifesting [ DDoS ], it becomes more expensive not to implement redundant architectures.
This gets more interesting, DDoS attacks are growing – take a look ! I think we will see more DDoS defense tools / talks and news in the very near future.