EasyDNS problems (probably network-related)
Got this today in the middle of browsing. Possible root cause is listed at the bottom (from EasyDNS's twitter account): Server not found Firefox can't find the server at www.dslreports.com. $ dig @a.gtld-servers.net ns dslreports.com ; <<>> DiG 9.8.4-P2 <<>> @a.gtld-servers.net ns dslreports.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41449 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 6 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;dslreports.com. IN NS ;; AUTHORITY SECTION: dslreports.com. 172800 IN NS ns1.easydns.com. dslreports.com. 172800 IN NS ns2.easydns.com. dslreports.com. 172800 IN NS remote1.easydns.com. dslreports.com. 172800 IN NS remote2.easydns.com. dslreports.com. 172800 IN NS ns6.easydns.net. ;; ADDITIONAL SECTION: ns1.easydns.com. 172800 IN AAAA 2001:1838:f001::10 ns1.easydns.com. 172800 IN A 64.68.192.210 ns2.easydns.com. 172800 IN A 72.52.2.1 remote1.easydns.com. 172800 IN A 64.68.192.210 remote2.easydns.com. 172800 IN A 72.52.2.1 ns6.easydns.net. 172800 IN A 72.52.2.1 ;; Query time: 111 msec ;; SERVER: 192.5.6.30#53(192.5.6.30) ;; WHEN: Mon Jun 3 15:53:10 2013 ;; MSG SIZE rcvd: 257 $ dig @REMOTE2.EASYDNS.COM ns dslreports.com ; <<>> DiG 9.8.4-P2 <<>> @REMOTE2.EASYDNS.COM ns dslreports.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14533 ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;dslreports.com. IN NS ;; ANSWER SECTION: dslreports.com. 1200 IN NS dns1.easydns.com. dslreports.com. 1200 IN NS dns3.easydns.org. dslreports.com. 1200 IN NS dns2.easydns.net. ;; Query time: 36 msec ;; SERVER: 72.52.2.1#53(72.52.2.1) ;; WHEN: Mon Jun 3 15:46:52 2013 ;; MSG SIZE rcvd: 119 $ dig @NS2.EASYDNS.COM ns dslreports.com ; <<>> DiG 9.8.4-P2 <<>> @NS2.EASYDNS.COM ns dslreports.com ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached $ dig @NS6.EASYDNS.NET ns dslreports.com ; <<>> DiG 9.8.4-P2 <<>> @NS6.EASYDNS.NET ns dslreports.com ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached $ dig @NS1.EASYDNS.COM ns dslreports.com ; <<>> DiG 9.8.4-P2 <<>> @NS1.EASYDNS.COM ns dslreports.com ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached $ dig @REMOTE1.EASYDNS.COM ns dslreports.com ; <<>> DiG 9.8.4-P2 <<>> @REMOTE1.EASYDNS.COM ns dslreports.com ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached Both the IPs returned look accessible to me: $ mtr 72.52.2.1 Host Loss% Snt Rcv Last Avg Best Wrst 1. gw.home.lan 0.0% 12 12 0.3 0.3 0.2 0.4 2. c-67-180-84-1.hsd1.ca.comcast.net 0.0% 12 12 22.9 26.0 16.3 46.9 3. te-0-0-0-12-ur05.santaclara.ca.sfba.comcast 0.0% 12 12 10.1 10.6 9.3 12.3 4. te-1-1-0-9-ar01.sfsutro.ca.sfba.comcast.net 0.0% 12 12 12.6 14.5 10.8 28.4 5. he-1-8-0-0-cr01.sanjose.ca.ibone.comcast.ne 0.0% 12 12 15.0 19.0 12.0 24.7 6. pos-0-4-0-0-pe01.529bryant.ca.ibone.comcast 0.0% 12 12 14.3 14.7 12.1 27.3 7. ix-1-3-0-0.tcore1.PDI-PaloAlto.as6453.net 0.0% 12 12 13.6 14.9 12.0 18.8 8. if-2-2.tcore2.PDI-PaloAlto.as6453.net 0.0% 11 11 38.3 40.6 35.9 60.6 9. if-5-2.tcore2.SQN-SanJose.as6453.net 9.1% 11 10 67.9 60.1 39.8 76.4 10. 64.86.142.34 0.0% 11 11 16.4 17.3 14.1 29.9 11. ??? 12. dns2.easydns.net 0.0% 11 11 14.6 15.2 13.7 19.6 $ mtr 64.68.192.210 Host Loss% Snt Rcv Last Avg Best Wrst 1. gw.home.lan 0.0% 7 7 0.3 0.3 0.2 0.4 2. c-67-180-84-1.hsd1.ca.comcast.net 0.0% 6 6 24.3 29.4 22.0 42.7 3. te-0-0-0-12-ur05.santaclara.ca.sfba.comcast 0.0% 6 6 9.7 10.8 9.5 13.9 4. te-1-1-0-4-ar01.sfsutro.ca.sfba.comcast.net 0.0% 6 6 10.6 12.5 10.6 13.5 5. he-3-9-0-0-cr01.sanjose.ca.ibone.comcast.ne 0.0% 6 6 15.6 22.3 13.9 37.5 6. pos-0-4-0-0-pe01.11greatoaks.ca.ibone.comca 0.0% 6 6 18.0 18.0 15.8 19.9 7. xe-9-3-0.sjc10.ip4.tinet.net 0.0% 6 6 60.0 24.1 15.6 60.0 8. xe-9-0-0.lax20.ip4.tinet.net 0.0% 6 6 22.7 25.5 21.9 37.6 9. giglinx-gw.ip4.tinet.net 0.0% 6 6 20.7 26.1 20.7 42.9 10. 199.59.167.122 0.0% 6 6 28.3 28.2 25.0 30.7 11. dns1.easydns.com 0.0% 6 6 23.0 26.5 22.5 43.5 $ host dns2.easydns.net dns2.easydns.net has address 72.52.2.1 $ dig @dns2.easydns.net ns easydns.net. ; <<>> DiG 9.8.4-P2 <<>> @dns2.easydns.net ns easydns.net. ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached https://twitter.com/easyDNS
easyDNS.com .@easyDNS -- 1h
We are getting reports of DNS issues which are looking like a DDoS (we had a minor one yesterday) - investigating.
Along with tons of responses to people telling them to add a third nameserver for better anycast distribution. -- | Jeremy Chadwick jdc@koitsu.org | | UNIX Systems Administrator http://jdc.koitsu.org/ | | Making life hard for others since 1977. PGP 4BD6C0CB |
On Mon, Jun 03, 2013 at 03:58:12PM -0700, Jeremy Chadwick wrote:
Got this today in the middle of browsing. Possible root cause is listed at the bottom (from EasyDNS's twitter account):
easyDNS.com .@easyDNS -- 1h
We are getting reports of DNS issues which are looking like a DDoS (we had a minor one yesterday) - investigating.
Along with tons of responses to people telling them to add a third nameserver for better anycast distribution.
-- | Jeremy Chadwick jdc@koitsu.org | | UNIX Systems Administrator http://jdc.koitsu.org/ | | Making life hard for others since 1977. PGP 4BD6C0CB |
Update 21:19 EST This DDoS attack is different from our previous ones in that it looks as if the target is us, easyDNS, not one of our clients. It is proving difficult to isolate the real traffic from the DDoS traffic, we are having some success now and are working on routing more DNS traffic through those nodes that are successfully mitigating. Some customers are adding out-of-band nameservers and loading their zonedata from here (which is working), as outlined in: http://blog.easydns.org/2010/08/19/dos-attacks-and-dns-how-to-stay-up-if-you... We'll be posting another update shortly. - http://blog.easydns.org/2013/06/03/ddos-in-progress-2/ -- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on.
On Mon, Jun 03, 2013 at 11:49:58PM -0400, staticsafe wrote:
On Mon, Jun 03, 2013 at 03:58:12PM -0700, Jeremy Chadwick wrote:
Got this today in the middle of browsing. Possible root cause is listed at the bottom (from EasyDNS's twitter account):
easyDNS.com .@easyDNS -- 1h
We are getting reports of DNS issues which are looking like a DDoS (we had a minor one yesterday) - investigating.
Along with tons of responses to people telling them to add a third nameserver for better anycast distribution.
-- | Jeremy Chadwick jdc@koitsu.org | | UNIX Systems Administrator http://jdc.koitsu.org/ | | Making life hard for others since 1977. PGP 4BD6C0CB |
Update 21:19 EST
This DDoS attack is different from our previous ones in that it looks as if the target is us, easyDNS, not one of our clients.
It is proving difficult to isolate the real traffic from the DDoS traffic, we are having some success now and are working on routing more DNS traffic through those nodes that are successfully mitigating.
Some customers are adding out-of-band nameservers and loading their zonedata from here (which is working), as outlined in:
http://blog.easydns.org/2010/08/19/dos-attacks-and-dns-how-to-stay-up-if-you...
We'll be posting another update shortly.
- http://blog.easydns.org/2013/06/03/ddos-in-progress-2/ -- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on.
Post-mortem: http://blog.easydns.org/2013/06/04/post-mortem-of-the-june-3-4th-ddos/ P.S - I'm not in any way associated with easydns. -- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on.
participants (2)
-
Jeremy Chadwick -
staticsafe