October 21, 2002On October 21, 2002 an attack lasting for approximately one hour was targeted at all 13 DNS root name servers. The attackers sent many ICMP pings using a botnet to each of the servers. However, because the servers were protected by packet filters which were configured to block all ICMP pings, they did not sustain much damage and there was little to no impact on Internet users.
February 6, 2007On February 6, 2007 an attack began at 10 AM UTC and lasted twenty-four hours. At least two of the root servers (G-ROOT and L-ROOT) reportedly "suffered badly" while two others (F-ROOT and M-ROOT) "experienced heavy traffic". The latter two servers largely contained the damage by distributing requests to other root server instances with anycast addressing. ICANN published a formal analysis shortly after the event
A DDoS attack may of been possible in the early days of the internet however the resilience and security that have been put in place since then would make it unlikely, unless the biggest ever attack ever seen on the internet was conducted
Root servers resolve the top level domains (TLD) such as .uk, .com or .xxx and are critical to the operation of DNS. According to the Root Server Technical Operations Site there are 13 critical servers with multiple instances of each server using anycast addressing to distribute them around the world.
|B||Information Sciences Institute||1|
|D||University of Maryland||69|
|E||NASA Ames Research Center||12|
|F||Internet Systems Consortium, Inc.||58|
|G||U.S. DOD Network Information Center||6|
|H||U.S. Army Research Lab||2|
|13 Servers||12 Operators||465 Instances|
Location of root servers worldwide