It is possible to have backup or failover DNS services, but the very way DNS is designed creates some chokepoints. Long story short, when you want to look up something like "www.twitter.com", your computer has to find out, via a recursive process of asking questions and following the answers, what nameservers provide information for twitter.com. Those nameservers can then be attacked.Mo wrote:So (seemingly) half the internet because of the DDOS attack on Dyn. Can someone (JD?) help explain why these firms couldn't simply have a back DNS provider to be able to work around these issues?
You could add more nameservers, but
a) those could just be attacked too: some of the botnets used for attacks now are really massive, and there are various techniques that permit an attacker to punch above his weight, so to speak. And more importantly
b) everything in DNS gets cached for a while. This is actually critically important to how DNS normally functions, because if every component of DNS had to look up every single thing it needs afresh every time, it would be a lot slower and less reliable. So every answer in DNS has a cache "lifetime" attached to it, during which it's assumed to remain valid. If you make changes to how DNS for your site is configured, those changes aren't going to be seen until the cached answer expires. If that cache lifetime was four days (which is pretty standard) nobody is going to see your changes for possibly as much as four days from now. This makes DNS much more efficient, but it also makes rapid changes really difficult.