We recently made the decision internally that our DNSResolvers.com had to cease being open resolvers. We were still trying to figure out the best way to transition to an authenticated model gracefully.
However, tonight we were DDoS-ed against those open resolvers and while our core easyDNS authoritative DNS services were not impacted, our customer environment was slightly degraded and URL forwarding and mail forwarding experienced slowdowns. So that settles it: the DNSResolvers.com publicly accessible resolvers are going away sooner than later.
We may offer authenticated resolver services for our customers in the future, but until we get there if you are using DNSresolvers now, you should switch away to another option immediately.
Two spring to mind: OpenDNS and Google’s Public DNS.
DNSResolvers was free, it was not our core business, and we now exist in online environment where nobody should be running open public resolvers unless they are devoting ample resources toward making sure they aren’t part of the DNS amplification problem. The moment it interferes with our core business (like it just did) is the time to jettison it.
Nobody wants their paid services degraded by a DDoS against some free service that gets rampantly abused and shouldn’t be wide open anyway. We’re sorry to have to pull the plug on it and we would appreciate your understanding.
P.S if you don’t know what resolvers you are using, we have a tool for detecting that at MyResolver.com. If it says 205.210.42.205 or 64.68.200.200 then you are currently using DNSResolvers.com and you need to switch away.
In the old days (up until last week some time, that is) people ran recursive dns servers for themselves, on-LAN or on-campus, because it’s a light weight easy to operate service that benefits from locality.
obviously this is a BIND-centric view but there i am.