At around 10:00am EST +/- 5 mins both ns1 and ns2 received sharp spikes of inbound traffic lasting approximately 15 minutes. While the volume of those spikes was not overpowering, the servers did timeout some queries.
As many people know, we have been under DDoS attack against ns1 and ns2 since last week. The attack has been ongoing but mitigated since last friday.
We are operating on the theory that this morning’s spike is another wave in the DDoS and we are currently analyzing the attack traffic.
At the moment, all systems have resumed normal functioning.
Since this attack is affecting NS1 and NS2, any customers still on the legacy platform can greatly reduce (eliminate) any impact by migrating to the new platform, which adds at least 1 more anycast constellation to all levels of service.
Mark Newland says
November 15, 2011 at 6:28 pmWas one of the first calls on this in am. Resolution failure on 3 of my domains (all 3 look to ns1 and ns2) appears to be ok after 12 noon ET. However, now 625 pm ET and problem just started again. I have asked my clients to change these pointers to new system but no response yet. Why is this still happening? Domains effected are smf-cpa.com, njpies.org, franciseparker.com.
MWN
easyDNS Support says
November 17, 2011 at 3:54 pmHi there,
As noted, we have found that it’s likely to be a client, though we can’t name names, but the attacks are not against our new clusters, so we are urging folks to migrate. For the time being, as you know, the attacks have abated.