Most of the news reports were confusing two issues:
- root servers being attacked and 3 of the 13 names (there are far more than 13 servers) being virtually out of service.
The most affected servers seem to be single node servers. Servers with multiple nodes use a technique called anycast to allow the same IP used on multiple machines around the world.
- .org TLD name servers begin attacked (there are far fewer .org nameservers)
UltraDNS only handles the .org nameservers. There is public data indicating all of the .org nameservers had trouble during that day, but luckily not all at once.
- This incident: next to none.
- If all root nameservers would be unreachable, the impact would start to appear as recursive nameservers start to have expiring root information and therefore can't find TLD servers anymore. It's safe to assume popular recursive nameservers would start with cached information for the popular TLDs so such an attack would need some sustained time before it's effect starts to be felt around the globe.
Reactions of defending staff could help mitigate this.
- If all .org nameservers would have been out at once, the same as above applies, more or less, except that there are many .org domains and that the odds of them all being cached around the world on every recursive domainname server are much worse.
- no impact
- press feels this is senstional for some reason.
- it is (again) a wake up call for UltraDNS and ccTLDs to get their infrastructure up to speed with what is being done for .com and .net TLDs and beyond.
Anycasting all root nameservers (and major TLD nameservers) might be a way to stop global impact. Similarly, hidden servers used in addition to the public servers used by e.g. major recursive nameservers can significantly reduce impact.