[ Current status: worst is over for now]
June 4, 2013 9:59 EST
Do not downgrade to domainPlus below – but feel free to set up the other extra redundancies.
As posted earlier, there is a DDoS against easyDNS in progress
https://www.easydns.com/blog/2013/06/03/ddos-in-progress-2/
Workarounds
Temporarily downgrade to “domainPlus” level of service which is using non-anycast, unicast (and ironically, what we call “lite”) nameservers. Normally you are prevented from downgrading if your domains are using features which are not bundled in domainPlus (i.e. easyMail, Failover, etc)
We have disabled those restrictions so you should be able to downgrade.
Don’t do this now, but feel free to do any of the Other possibilities section below
Other possibilities:
- Export your bind zone file under “Tools” -> “Export zone”
- Enable easyRoute53.
- add third party nameserver IPs under “External” -> “zone transfers” (this normally takes an hour to kick in but we’re reducing that to every 10 minutes)
Going forward:
At the moment, only one of our three mitigation solutions is actually “working” effectively (hint: it’s Staminus.net) and what we are doing right now is frantically working on routing the bulk of the rest of our DNS traffic through them. This will take a little longer, so in the meantime, try the domainPlus.
On a personal note
Words cannot express how sorry I am as the founder and we are as a company over this event. This is the “nightmare scenario” for DNS providers, because it is not against a specific domain which we can isolate and mitigate, but it’s against easyDNS itself and it is fairly well constructed. At this time please believe me that we are pulling out all the stops to get this working.
I will post more on this after the attack, but I cannot stress it enough to say that all DNS providers are unto themselves a Single Point of Failure. Yes, we try not to be, but if you really, truly require 100% DNS availability all the time then you must look at using multiple providers or multiple solutions and then coherently having those all work in harmony.
I apologize if this comes across sounding as a cop-out (at least one person on twitter seems to think so) but at the end of the day we want our customers to know how to stay online all the time and that’s how you do it. Right now we’re up (the main easyDNS website) because we added the Route53 warm spares to our own delegation.
Thank-you to everybody who has sent words of encouragement. I apologize personally and profusely to all those affected, please know that we will not rest until we have a handle on this situation.
Time for me to put on a pot of coffee.
Leave a Reply