[funsec] UltraDNS: Internet Security Shield?
twilde at dyndns.com
Wed Oct 19 11:56:06 CDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 19 Oct 2005, Jordan Wiens wrote:
> That's why I quoted their summary -- they appear to make that claim:
> "In the event of a DDoS attack on the public Internet or other network
> failure, DNS Shield partner customers' queries are isolated from the effects
> and continue to be resolved locally ensuring domains powered by UltraDNS are
> 100% accessible."
> My point is that those domains are not necessarily 100% accessible. They may
> be 100% resolvable, but it's not the same thing.
Full disclosure: I'm founder/part owner of another DNS provider; some
would argue we compete with UltraDNS, some would argue we don't.
I read the articles about this differently than everyone else seems to be
interpreting them. Most people are looking at it as "fine, they'll answer
all the DNS queries, but who cares if the site isn't up", and, if that's
the case, I agree, it is kind of a moot point. However, these paragraphs
jumped out at me when I read the release:
"The DNS Shield protects against these and other attacks by integrating
UltraDNS servers directly into the infrastructure of its Internet service
This creates totally protected environments where only authenticated user
queries are answered and that eliminates the external data blitzes that
can shut down networks and Web sites, the company said."
Reading this as a DNS guy, I understood it to mean that the DNS servers
will actually somehow differentiate the DNS queries coming from the
attacking hosts, and NOT answer them, making it impossible for the
attackers to resolve the site being attacked, and allowing the site to
really remain fully up and running, for EVERYONE. (Except the attacking
machines, of course.)
It could mean something entirely different than either one of those views,
of course. We just don't know, because all we know is the marketing
information. So, as Paul said, let's give Rodney some courtesy and the
benefit of the doubt. Buy it and see! :)
twilde at dyndns.com
Dynamic Network Services, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
-----END PGP SIGNATURE-----
More information about the funsec