Hacker News new | past | comments | ask | show | jobs | submit login

I think most of the providers (e.g. DO, Linode, CloudFlare etc) do not check the authority of DNS due to the chicken-and-egg problem. The AWS way to handle this issue is definitely awesome but the infrastructure required is not worth for those companies who are providing "free DNS service" as an add-on to their existing customers. Anyway, IMO, it is your fault if you point to a nameserver but not utilizing it.



The random nameservers are only accidentally a defense against this attack. They're avoiding SPOFs, including TLDs -- you never receive nameservers in the same TLD for example. It's a reliability and scaling consideration with this accidental benefit.

Most admins don't think about a complete TLD failure. Amazon did.


>> accidental benefit.

Agree

>> Most admins don't think about a complete TLD failure. Amazon did.

I think companies such as Google or Facebook did think that before, but I am not sure why they didn't follow this trick.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: