I can totally buy DDoS flooding network capacity, but I'm befuddled these days by statements saying the servers are "under load", which typically means "out of CPU". It's kind of hard for me to imagine even an i5 not being able to saturate a gigE line with DNS lookups (yes, it is a lot of packets, but it can be done) unless DNSSec is going on. Even 10gigE, <i>if</i> you can amortize interrupts, seems like it'd not be hard to saturate with today's hardware.<p>What am I missing here?
I run DNSimple (<a href="https://dnsimple.com" rel="nofollow">https://dnsimple.com</a>) and we have a full REST API and support domain registrations, transfers and SSL certificates as well. Plus we have an ALIAS record type that's very useful for pointing your apex to services where they only provide a hostname.<p>I'll be happy to answer any questions you have regarding our service either here or through our support channels.
Going on 8 hours of Zerigo's downtime I've had to move all of our Zerigo DNS to DNSMadeEasy. It's a shame, because I really, really like Zerigo, especially their API.<p>Shit happens, but 99.9% (8 hours a year of downtime) is completely unacceptable for a DNS provider.
Add these to your hosts file to access your account:<p>64.27.57.25 manage.zerigo.com<p>64.27.57.8 dns.zerigo.com<p>Source: <a href="https://twitter.com/coldclimate/status/227369346891132928" rel="nofollow">https://twitter.com/coldclimate/status/227369346891132928</a>
Seems like if you are serious about mitigating this type of issue (as a consumer), you really should be specifying name servers from different providers. Your primary DNS server can be from dnsimple/zerigo/dnsmadeeasy and your secondary can be route53, or you could run your own.<p>The only problem seems to be keeping them in sync. Seems like you'd have to poll the primary (using whatever API it exposes) to update the secondary.<p>Mostly thinking out loud, surely someone more experienced could provide better guidance?
I run a DNS hosting service (SlickDNS, www.slickdns.com) and have seen a spike in signups today as a direct result of the Zerigo DDOS attack.<p>I can't claim that SlickDNS is invulnerable to DDOS attack, but FWIW it does run tinydns name servers which have good performance and excellent security. So if you're impacted by the Zerigo outage, feel free to check out SlickDNS. There's a 30-day free trial with all plans and record updates are pushed through to all the name servers in under 5 seconds.
Apparently no ETA for restore as of 2 hours ago:
<a href="https://twitter.com/zerigo/status/227322909230768128" rel="nofollow">https://twitter.com/zerigo/status/227322909230768128</a>
Best thing Zerigo could do for their customers at this point is export all zone information and email it to them or make available for DL. I have a feeling this is going to be a long outage. In the meanwhile, here is a great list of free DNS providers (dont get caught without a secondary DNS provider): <a href="http://www.lowendtalk.com/wiki/free-dns-providers" rel="nofollow">http://www.lowendtalk.com/wiki/free-dns-providers</a>
I've been seeing a lot of reflector attacks in the past couple of weeks, where the attacker sends a relatively small query for a valid domain that will return a large reply. The trick is that they spoof the source IP, so the DNS reply goes to the victim.<p>I ended up hacking something together to firewall any IPs which sent more than 1000 requests in a short period of time.
And this is why I use Route 53, I'm a lot more confident in Amazon's abilities to mitigate DDoS attacks.<p>Which really sucks, DDoS are really hard to combat and Zerigo are an awesome company.
Well, that explains why my wife woke me up complaining about half the internet not working. Our ISP is 3 (drei.at) and she was using their DNS, guess there are issues all over Europe.
What are the main advantages of paying for DNS hosting like Zerigo or SlickDNS instead of using the one provided for free with web host companies (E.g. Linode's DNS Manager)?