“Platform Capacity” – the fourth dimension providing resilience
Important due to increased traffic from DNSSEC implementation
During our work with the DNS Infrastructure Resilience Task Force research yielded 770 different DDoS attacks occurred around the globe on 6 June, 2009. On average research revealed the probability of 1,300 DDoS attacks happening every day, equaling roughly 3% of the Internet’s daily traffic. During the period of 7 December, 2009 to 4 January, 2010, out of 76,158,230,373 EU-based queries analyzed 3,384,914,589, or 4.4%, were believed to have been questionable. While it was believed only 1.6% of query packets through a Vienna-based node were questionable a node in Brussels showed a 14.3% rate of queries related to potential DDoS-based queries.
While humans are aware of and operate within the three dimensions identified through scientific discovery we often do not think about the fourth, or subsequent dimensions we don’t see. When it comes to DNS resilience we think of hardware, bandwidth and peering. What appears absent in the typical discussion is capacity afforded by individual DNS platform providers. Is “DNS platform capacity” the fourth dimension of DNS?
High-end server hardware, bandwidth and peering only go so far in ensuring resilience. Platform capacity provides the extra dimension necessary to ensure legitimate queries are always answered.
Statistics gathered from 7 December, 2009 to 4 January, 2010 (click image to enlarge image)
Filed under: Capacity, Community DNS, CommunityDNS, DDoS, DNS, DNSSec, DoS | Leave a Comment
Tags: Community DNS, CommunityDNS, DDoS, DNS, DNS Resilience, DNSSec
