[resolved] Workaround for DDoS

[ Current status: worst is over for now]

June 4, 2013 9:59 EST

Do not downgrade to domainPlus below – but feel free to set up the other extra redundancies.

As posted earlier, there is a DDoS against easyDNS in progress

https://www.easydns.com/blog/2013/06/03/ddos-in-progress-2/

Workarounds

Temporarily downgrade to “domainPlus” level of service which is using non-anycast, unicast (and ironically, what we call “lite”) nameservers. Normally you are prevented from downgrading if your domains are using features which are not bundled in domainPlus (i.e. easyMail, Failover, etc)

We have disabled those restrictions so you should be able to downgrade.

Don’t do this now, but feel free to do any of the Other possibilities section below

Other possibilities:

Going forward:

At the moment, only one of our three mitigation solutions is actually “working” effectively (hint: it’s Staminus.netand what we are doing right now is frantically working on routing the bulk of the rest of our DNS traffic through them. This will take a little longer, so in the meantime, try the domainPlus.

On a personal note

Words cannot express how sorry I am as the founder and we are as a company over this event. This is the “nightmare scenario” for DNS providers, because it is not against a specific domain which we can isolate and mitigate, but it’s against easyDNS itself and it is fairly well constructed. At this time please believe me that we are pulling out all the stops to get this working.

I will post more on this after the attack, but I cannot stress it enough to say that all DNS providers are unto themselves a Single Point of Failure. Yes, we try not to be, but if you really, truly require 100% DNS availability all the time then you must look at using multiple providers or multiple solutions and then coherently having those all work in harmony.

I apologize if this comes across sounding as a cop-out (at least one person on twitter seems to think so) but at the end of the day we want our customers to know how to stay online all the time and that’s how you do it. Right now we’re up (the main easyDNS website) because we added the Route53 warm spares to our own delegation.

Thank-you to everybody who has sent words of encouragement. I apologize personally and profusely to all those affected, please know that we will not rest until we have a handle on this situation.

Time for me to put on a pot of coffee.

Leave a Reply

Your email address will not be published. Required fields are marked *