> Are you suggesting that web servers can't be massively scaleable > ? > I'm not sure I understand your examples.
Yes, you can build massively scaleable web servers, but at what price? What if some popular IoT device starts to fetch the root zone. And at a high rate? > You cite overprovisionoing in the root server system as a reason > not to try and supplement it, but I think it makes sense to look > at it the other way round -- if there were ways to distribute th > e > root zone reliably and accurately without presenting the attack > targets that the root server system does, the need for continued > investment in the infrastructure could be reduced (or the effect > ive > benefit to end-users from that investment could be increased). What if your web servers are not massively overprovisioned? Can we handle failures there. If you do massively overprovision those web servers, will it actually be cheaper or better than the current system? > The bandwidth available at the consumer edge, where a lot of the > attack sources now live, continues to grow far faster than the > bandwidth that can be provisioned at the root server edge. The > observation that "there's enough bandwidth that we're safe" does > n't > seem future-proof (it doesn't even seem present-proof, really). >From a ddos point of view there doesn't seem to be big difference between how the current DNS root absorbs traffic and what a highly available web service would have to do. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
