We have been hit with a second DDoS attack against our web forwarding pool. For the moment it is mitigated, however, Cogent has added a second null route to our web forwarding pool. So if you were impacted by that yesterday, you will also be impacted today (most likely).
In other words, for MOST of the internet, your host records which use web forwarding are back up and working. But if you are on Cogent, or some place that traverses the Cogent network to get to our web forwarding pool, not so much.
What We Do Next
We are in the process now of setting up a proxy / tunnel through one of our DDoS mitigation partners. In this case, the fine folks at Black Lotus. Once this is in place, we will be once again changing the IP address for our web forwarding pool. What is different tonight is that we will then go ahead and change the IP for all the domains using our web forwarding to go through this tunnel. Blacklotus cleans up the traffic, then our web forwarder pool will go on about it’s business.
Watch our twitter feed and this space for updates.
[Update 11:45opm EST] Mitigation Up & Cutovers Commenced
We have our tunnel setup with our DDoD mitigation partner BlackLotus, we are cutting over domains that are using URL or STEALTH forwarding to use this tunnel. This involves a DNS update to affected domains, so please allow for unevenness or varying mileage as things like local DNS caches iron themselves out. Also given the nature of DNS anycast, some nodes may pickup changes at a different rate than others. This is normally not a factor but we are running a very high number of updates through our nameservers at a very rapid clip until we get everybody cutover.
You Can Force A Cutover on Your Domains By Doing the Following:
If you have a high priority hostname using URL forwarding, you can preemptively cut your domain over to the new mitigation simply by going into your DNS settings and forcing an update, any kind of update (change your TTL or something) – when the system rehashes your zonedata, your URL forwarding and STEALTH records will be updated with the IP of the new tunnel.
Thanks for your patience while we work this out.