Gu yum: DNS service slow telecom explanation cause analysis

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Recently I was involved in a telecommunications technology, one of their product cooperation, specific items in this ignore, first of all, today I saw an article in 163, "Ministry of the whole: recently broken network due to DNS service provider attack", I think it said Dnspod, I really do not understand how to put this problem and dnspod linked together, they are not so many sites to affect the normal resolution, the use of their DNS resolution of the site is not so much.

Global DNS root node server Total 13, China only mirror DNS resolution server.

Each province has its own DNS resolution server, telecom set up its own DNS resolution server, each province has more than 10 high-performance servers to do support, they will request the domain name directly converted to IP address, the request sent directly to the designated IP address, by the IP address to respond to user requests.

The process of converting to an IP address is: First verify the domain name format, such as: WWW.163.SDFSDFSD This format will be filtered directly, the format is validated correctly, the correct format is queried.

The local DNS domain name server sends a request to the root domain server to inquire about the www.gubaiyoudiyi.com: The address of the root name server, which does not belong to its own jurisdiction, but belongs to a domain under the CN. It will tell you to contact a COM domain name server to get more information, and give you a list of all COM name servers (many domain names after the registration of a DNS point is that the meaning of the corresponding IP to indicate the server from which the resolution); Your local DNS server will continue to send resolution requests to these servers, one of which is in its own area, and will repeat the process until you find the domain name that resolves www this machine and get www.active.com.cn IP address.

According to the common sense, if there are enough chickens, then can launch an attack, and constantly send unregistered IP address of the domain name request (because this resource consumption is large, resources, half power times), resulting in domain name resolution too slow, or even denial of service, such as attacks on the province's DNS server, Taking up his bandwidth resources or consuming his CPU resources, users in the province who use this IP for DNS resolution are affected, but they cannot affect users across the country unless the root resolution server crashes.

The storm is conditional, because of the size of his user base and the possibility of launching an attack, dnspod can only affect the address of the Web site where DNS is directed to provide addresses.