DDOS on Namecheap Free DNS and Default DNS V2

[+] ted0|12 years ago|reply

We are in the process of mitigating a large scale DDoS attack against our global DNS platform. We expect service to return to normal very shortly. Stay tuned and let me know if you have any questions. [email protected]

[+] jik|12 years ago|reply

Just for future reference, it's usually considered a good idea to put your status page on completely independent infrastructure so that it stays up even when the rest of your stuff goes down. A status page that doesn't work during an outage isn't particularly useful.

[+] t3ra|12 years ago|reply

WOOH the Akamai realtime attack visualization is completely red at the moment: http://www.akamai.com/html/technology/dataviz1.html

[+] nc-customer|12 years ago|reply

Most DDOS attacks against a company like yours are actually attacks against a specific customer. If:

a) you had a pool of DNS server names, say 20, all with unrelated hostnames

b) you assigned 2 to each customer, randomly, when they configured a domain to use your servers.

Then, a DDOS attack would impact 10% of your customers instead of 100%. (Assuming other practices, like null routing the target until resolved)

[+] nubela|12 years ago|reply

Yes please, thank you :) All my domains are down now but I understand how shitty (the panic!) it feels to have things going down. I'll be checking this.

[+] ted0|12 years ago|reply

I'd also like to add that we have redunancy on our DNS V1. I advise switching over to this, in the meantime. Please find the tutorial here: https://www.namecheap.com/support/knowledgebase/article.aspx...

[+] kelton5020|12 years ago|reply

Was going to switch to route 53 while you guys were down and switch back, but the page says it'll take a day...Might as well just wait at that point. I know it's panic mode over there, but some kind of failover record would be awesome for when this happens in the future(or an option for one).

[+] w0ts0n|12 years ago|reply

You guys should really put a notice on your homepage or something.

Good luck.

[+] trevorc|12 years ago|reply

I took your advice and transferred a domain to DNSv1. That domain is still not back online, but all the domains I left as DNSv2 have come back!

[+] ilikesnowflakes|12 years ago|reply

You guys should add an option for us to put in an optional backup DNS record in the settings.

[+] dywtk|12 years ago|reply

The quick tut on switching to DNSv1 is nice however the option doesnt exist in my account

[+] derwiki|12 years ago|reply

Thanks for posting here!

[+] njyx|12 years ago|reply

Kudos for using a HN page to stay in touch

[+] User7|12 years ago|reply

Ho quickly will the switch to v1 execute?

[+] kitnos|12 years ago|reply

hi already have OK's, but the DNS are all using the same IP :( bad sign?

[+] mindo3|12 years ago|reply

When did this attack start ?

[+] sprouticus|12 years ago|reply

Thanks for the update, guys.

[+] ChrisDiNicolas|12 years ago|reply

Good luck guys!

[+] megakf|12 years ago|reply

Down again My domain down again

[+] kitnos|12 years ago|reply

do you have ETA?

[+] MuratC|12 years ago|reply

You need to provide some gift to your customers for this downtime. I am using NC for 10 years, every time on bad issues I continue to use. But this outage very bad, I lost money...

[+] tinco|12 years ago|reply

Weird, I haven't researched DNS as well as I should have. I always lived under the impression that there was this extensive DNS cache network where intermediaries responded to queries with cached results from root DNS servers.

Instead, the second that this DDos hits is the second we have websites stopping working.

How is it that in this day and age we can't have distributed caches of DNS entries at our providers of full dns databases. I mean there can't be more than like a few billion dns entries in the world total, which fits easily in a modern desktop computers RAM.

If that is an underestimate, I can't believe a single modern server wouldn't be able to mirror the world's DNS queries for at least a providers worth of users.

[+] jschuur|12 years ago|reply

Depends on the TTL (time to live) settings for the DNS entries, doesn't it?

[+] plasma|12 years ago|reply

How would one add (say) AWS Route53 as a secondary DNS?

I assume you'd make sure the DNS records are the same in both DNS portals; and then add Route53 as 3rd & 4th nameservers with the first and second still being Namecheap?

[+] wes-exp|12 years ago|reply

It seems like secondary DNS is not supported, but you can change your primary DNS with the "Transfer DNS to Webhost" option.

[+] IgorPartola|12 years ago|reply

Yes, or just switch completely to Route53.

[+] motoford|12 years ago|reply

If your site is down and you are on v2, Switch to v1. It only takes a minute and it works.

[+] jsm386|12 years ago|reply

Yeah - at least right now this worked for me. Thank you for the tip!

[+] julianc|12 years ago|reply

I switched and it's the same, still down.

[+] blissofbeing|12 years ago|reply

I recently switched most of my domains to DNSMadeEasy because they are constantly in the top for speed[1], provide a top tier anycast network and for what you get are a great value.

If you want speed and readability I suggest switching to a paid DNS provider.

1: http://www.solvedns.com/dns-comparison/2014/01

BTW I'm not in any way affiliated, just like the service.

[+] naiyt|12 years ago|reply

Best of luck to their support team. Outages can make tech support's life miserable. If you call in, just remember the person on the other side of the phone has likely been yelled at all morning for something that wasn't their fault. Totally reasonable to be upset at the situation, just don't take it out on the tech you're talking to!

[+] User7|12 years ago|reply

Job security ;).. j/k! I imagine it must not be fun

[+] unknown|12 years ago|reply

[deleted]

[+] kennhardy|12 years ago|reply

May this have been a problem lasting for a week?

I am monitoring a few servers with DNS records. And the last week I have found all the servers unresponsive (by DNS, not tried directly) from time to time. And after an extensive amount of troubleshooting I am unable to find a problem.

[+] hmart|12 years ago|reply

If you're affected, you can switch your domains to their DNSv1. Seems pretty quick for most people.

Via https://news.ycombinator.com/user?id=edwhitesell

[+] User7|12 years ago|reply

I don't know how this website works, but I can't see the latest posts at the top of the page! I'm looking for the latest info on the issue. Are you up and running? Should I move back to v2? Thanks

[+] derwiki|12 years ago|reply

Is there any point in freaking out or do we just have to wait this one out?

[+] tinco|12 years ago|reply

If it's absolutely critical that your users get service right now, it might be a good idea to at least prepare a migration to other DNS servers, like perhaps those of Linode. If the situation doesn't improve within an hour or so, it might be that they don't have a good way to deal with it, and the outtage might take long, depending on the depth of the DDoSers pockets.

[+] avb|12 years ago|reply

Any good suggestions for alternative DNS providers?

[+] srik|12 years ago|reply

This is so embarrassing for me. We just put out our school computer group's website up and boom - murphys law.

[+] MichaelTieso|12 years ago|reply

That would explain why I'm getting a massive amount of tickets from my clients why their site is down.

[+] kennhardy|12 years ago|reply

Down for me as well. Lost access to absolutely all of my company's services. TTL 60...

[+] micah63|12 years ago|reply

yup, our app is down : (

113 comments