

Taking Down Twitter as Easy as D.N.S - lmacvittie
http://devcentral.f5.com/weblogs/macvittie/archive/2009/08/06/taking-down-twitter-as-easy-as-d.n.s.aspx

======
moe
_But if you wanted to take out a big site like that with a lot less effort (or
bots) all you’d need to do is … right. Take out their nameservers (DNS)._

Oh yeah, interesting Troll-FUD coming from a company selling overpriced
loadbalancer appliances. I say _Troll_ -FUD because their technicians
certainly know better than this nonsense. What is this, an attempt to drum up
PR for some DNS product they are offering?

DNS is so trivial to distribute that it's not normally a worthwhile attack
vector. F5 knows that.

~~~
kvs
> DNS is so trivial to distribute that it's not normally a worthwhile attack
> vector. F5 knows that.

Really? So what do you say for the evidence they provide in the article, from
Arbor and from Twitter's DNS provider?

~~~
moe
Well, my best guess would be: Incompetence.

If your business is DNS and you fail at the basic task of distributing it for
fault tolerance then what other explanation could there be?

To make this clear. The cost for running n DNS servers for your domain in n
datacenters is equal to the cost of having one (possibly rented) pizza-box in
each datacenter. You can list any number of nameservers for any domain.
Domains like google.com and microsoft.com have up to 5, for example.

Synchronizing the nameservers is a non-issue. For tinydns it's a one-liner
(rsync), for bind it's a few lines of axfer configuration. There is no
administrative overhead. You don't even have to worry about host failures much
because DNS is resilient by design (that's why you can have multiple NS
records in first place).

So, in dollar terms, in most datacenters a rented pizza-box starts at around
$30/month, often cheaper. Making your DNS 5-way redundant therefore costs
roughly $150/month. You don't have to be google to afford that.

And a potential attacker will damn sure not even attempt to take out your 5
DNS locations. He will go directly for your application instead because that
one, in most cases, can not be distributed over 5 locations for a measly 150
dollars/month.

~~~
kvs
FWIW: [http://www.blyon.com/blog/index.php/2009/08/06/twitters-
host...](http://www.blyon.com/blog/index.php/2009/08/06/twitters-hosting-
illustrated-fckyeahboobies-com/)

