DDoS Attack Against Default DNS System v2

[+] matthewrussell|11 years ago|reply

This is a pretty big and complex attack. We have a ton of DDoS mitigation in place but it has taken some time for the filtering to become effective.

We are mitigating this as fast as we possibly can. I and we share your pain and frustration at the inconvenience this causes.

[+] nullrouted|11 years ago|reply

For those who don't know Matthew Russell is part of NameCheap.

[+] matthewrussell|11 years ago|reply

We have mitigated over 75% of the attack at this time. Most servers are performing well.

I appreciate my responses here are a little obscure but we do practice security through obscurity so I am not going to get into specifics that can be used against us in any future attack.

I will say we employ a range of technologies, internal and external, a ddos defense/mitigation. This does include CloudFlare

[+] tedchs|11 years ago|reply

It seems like DDoS attacks are becoming more prevalent. Are there forums where attacked companies can share data about the attacks they see and what they had to do to mitigate them? I feel like there should be public community resources around DDoS attacks like there are around other security vulnerabilities.

[+] Aeoxic|11 years ago|reply

I manage a private combination of communications bulletins and attack monitoring for a couple of smaller communities / organisations that get attacked on the regular (mostly hosting providers and gaming organisations). I've been considering letting it go invitation-only public.

[+] AznHisoka|11 years ago|reply

Woudln't this also benefit the attackers now that they know how ppl are going to mitigate them?

[+] kogir|11 years ago|reply

In the age of DNS providers with APIs, you really should have at least two. At YC we've just moved everything to Route53 and will be adding more - likely CloudFlare and Google Cloud DNS.

All of it will be managed by configuration files in version control, and won't require anything antiquated like zone transfers.

If the code is clean enough I'll release it with pluggable registrar and DNS provider modules.

[+] randall|11 years ago|reply

Please. The zone transfer thing is what's been the most burdensome. We'd love to have a github repo that we could create a post commit hook to tell a bot to update the syncing.

[+] myers|11 years ago|reply

This would be made easier in Namecheap offered Secondary nameserver support. For example, DNS host at Namecheap, but use Linnode as a secondary.

[+] tedchs|11 years ago|reply

If folks are looking for an alternative DNS host, there is Google Cloud DNS, which I have been using for a while via Google Domains and it's pretty awesome. Conceptually similar to Route53. Can use Google Cloud DNS without using other Google Cloud Platform services. https://cloud.google.com/dns/docs

[+] mrsaint|11 years ago|reply

>If folks are looking for an alternative DNS host, there is Google Cloud DNS, which I have been using for a while via Google Domains and it's pretty awesome.

It's pretty easy to setup too. [1] For my purposes cheaper than Route53.

[1] https://www.zeitgeist.se/2014/05/01/google-cloud-dns-how-to/

[+] IgorPartola|11 years ago|reply

Last time this happened, we had a pretty bad time. NS and SOA TTL being set at 24 hours made switching to Route53 rather difficult. Hopefully, they'll recover soon.

Anyone know the details of how these things happen?

[+] colmmacc|11 years ago|reply

FYI: You can invalidate Public DNS's and OpenDNS's caches manually:

https://developers.google.com/speed/public-dns/cache http://cachecheck.opendns.com/

[+] benmorris|11 years ago|reply

I'm going to move some things over to Route 53. I like Namecheap but this is the second DNS issue they've had in a month that has affected several of my sites.

[+] stevepike|11 years ago|reply

If you end up switching to Route 53, Namecheap support can give you a Zone file (http://en.wikipedia.org/wiki/Zone_file) to upload into Route 53. They're not exactly the same format; here's a GIST of the script I used to convert them the last time Namecheap was having DNS issues: https://gist.github.com/scpike/a72a748126cbb4359c03

[+] nullrouted|11 years ago|reply

Why not use cloudflare? It is free and has ipv6 baked in.

[+] teach|11 years ago|reply

Wondered why my site was spotty. I love Namecheap as a registrar, but I'm questioning now whether I should be using them as my DNS provider.

Any suggestions?

[+] hboon|11 years ago|reply

I'm using DNS Made Easy for a few of my domains. There's a couple of good alternatives.

[+] breakingcups|11 years ago|reply

I can fully recommend Point (https://pointhq.com/), haven't had a single problem yet and support thus far has been very good. The web interface is easy to use and they offer both an API as well as the ability to export zone files.

My only gripe would be that the claimed support response times as well as the 'call-me-back' button don't work as advertised.

[+] Sami_Lehtinen|11 years ago|reply

My NameCheap domains which are using CloudFlare do work perfectly, as well as domains which are using Yandex DNS.

[+] celsoazevedo|11 years ago|reply

Cloudflare it's free and works very well (you don't have to use their reverse proxy/cdn).

43 comments