Because the domain name system is spread out and because the 13 root servers are the last resort for address searches, the hour-long attack had almost no effect on the Internet itself.
"There was never an end user that said there was a problem," said Paul Vixie, chairman of the Internet Software Consortium, a group that supports the open-source software on which many domain name servers run.
The group also administers one of the 13 computers--specifically, the "F" server--that routinely matches Internet addresses. Like the telephone book, domain name servers match a name with a number. They also are layered like a virtual onion, so that a user who wants to go to specific address, such as "zdnet.com" will first attempt to get the information from a local server. If the domain is not found, then the request gets bumped up to a domain name server for the top-level domain, such as ".com."
Requests should only rarely consult the root servers. Most requests that the ISC's "F" server sees are from poorly designed networks that don't cache the previous answers for information, Vixie said.
"We answer a request and then two milliseconds later get another request from the same user for the same domain," he said.
While Vixie took issue with reports that the attack had been the "largest ever," he did say that aspects of the data flood made it unusual. "There have been attacks against the root domain servers--yes," he said. "But it is rare to have attacks against all 13 at the same time."
About 4,000 denial-of-service attacks hit the Internet in the average week, according to data collected by the Cooperative Association for Internet Data Analysis. Many of those are aimed at domain name server.
The Internet Software Consortium's "F" server responds to more than 270 million domain-name service queries each day, according to its site.
