Everyday attacks against Verisign-operated DNS infrastructure
Verisign operates two root servers (A.root-servers.net, J.root-servers.net), the authoritative name servers for .com, .net, .edu and many other ccTLD and gTLDs. Alongside those TLD name services, Verisign offers a managed DNS service and DDoS attack mitigation platform for many big-name companies. Over the years, Verisign's infrastructure has been targeted for various volumetric attacks, and Verisign has adapted to these threats.
Verisign employs many proactive and reactive strategies to combat such attacks. This presentation will show the means and methods for detecting and responding to these threats, including several real-world examples of attack traffic against Verisign infrastructure. We also will discuss current technologies and solutions for handling attack traffic, including large-scale infrastructure, custom name server and load balancer software, and dynamic resource allocation. We will also cover future plans including infrastructure upgrades, software enhancements, further anycast deployment, and more.