On Mon, Jun 03, 2013 at 11:49:58PM -0400, staticsafe wrote:
On Mon, Jun 03, 2013 at 03:58:12PM -0700, Jeremy Chadwick wrote:
Got this today in the middle of browsing. Possible root cause is listed at the bottom (from EasyDNS's twitter account):
easyDNS.com .@easyDNS -- 1h
We are getting reports of DNS issues which are looking like a DDoS (we had a minor one yesterday) - investigating.
Along with tons of responses to people telling them to add a third nameserver for better anycast distribution.
-- | Jeremy Chadwick jdc@koitsu.org | | UNIX Systems Administrator http://jdc.koitsu.org/ | | Making life hard for others since 1977. PGP 4BD6C0CB |
Update 21:19 EST
This DDoS attack is different from our previous ones in that it looks as if the target is us, easyDNS, not one of our clients.
It is proving difficult to isolate the real traffic from the DDoS traffic, we are having some success now and are working on routing more DNS traffic through those nodes that are successfully mitigating.
Some customers are adding out-of-band nameservers and loading their zonedata from here (which is working), as outlined in:
http://blog.easydns.org/2010/08/19/dos-attacks-and-dns-how-to-stay-up-if-you...
We'll be posting another update shortly.
- http://blog.easydns.org/2013/06/03/ddos-in-progress-2/ -- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on.
Post-mortem: http://blog.easydns.org/2013/06/04/post-mortem-of-the-june-3-4th-ddos/ P.S - I'm not in any way associated with easydns. -- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on.