• United States



The DNS Root Server Attack: Success Story for the Good Guys

Dec 09, 20023 mins
DNSNetwork Security

Someone tried to take down the Internet by attacking the 13 root DNS servers

Just before Halloween this year, someone tried to take down the Internet by attacking the 13 root DNS servers, the computers that translate names like into their true numerical addresses. The attack failed, or, put another way, the architecture of DNS succeeded in staving off the attack.

The attacker used a brusque kind of distributed-denial-of-service attack called an ICMP flood that drowned the servers with 10 times the amount of traffic they normally handle. Only seven of the 13 servers were severely affected. At the height of the two-hour attack, packet loss reached 10 percent (it’s normally less than 1 percent). At worst you got sluggish Web performance. Probably you didn’t even notice.

That’s because of how DNS works. Instead of just leaving these word-to-number translations on the root server, copies of them are cached all over the Internet on routers. That way you’re not banging on the door of a DNS server every time you type in

It also means when these root DNS servers are down most of us can still navigate by accessing a cached copy of the DNS information. It’s only when these cached copies expireeach one has a preset time to livethat real problems will start. Experts say that would take eight or nine hours.

“First and foremost, this is a success story,” says Bruce Schneier, founder and CTO of Counterpane Internet Security. “The attack failed. The architecture worked.” In effect, we won!

Even so, the attack generated a buzz in both security circles and the mainstream media. Some posited that this was a practice run by terrorists. Others suggested it represented a new level of sophistication among hackers.

Not so on either count, others say. It was, after all, a relatively elementary type of attack easily dealt with. And many, including Schneier, laugh at the idea that this was a precursor to terrorist activities. “We know what the motive was,” he says. “There can only be one: vandalism.”

While Henny Penny is wrongthe sky is not fallingthe attack should generate discussion. For example, right now the 13 root DNS servers are managed in a collegial, volunteer manner. Does this need to change? Should there be more root DNS servers, and if so, where? Are there ways to fortify the defenses of DNS and other architectures and protocols? (Border Gateway Protocol routing, or BGP, is another that’s widely known to be vulnerable.)

Anyway, it’s good to be able to apply 20/20 hindsight after a failed attack instead of a successful one. Chalk one up for the good guys.