

EasyDNS is under DoS attack - noodly
http://blog.easydns.org/2012/01/07/dns-resolution-issues/

======
tshtf
I use EasyDNS, but this issue didn't affect me personally.

EasyDNS has built-in integration with Amazon's Route53, which will
automatically push your DNS records to Amazon when you change them on the
website. What I've done is used the 3 EasyDNS nameservers along with 3 from
Route53. When one service is being DoS'ed, the requests will timeout and move
to the next nameserver.

~~~
biot
Thanks for the heads-up. I wasn't aware of the service before and just
implemented this.

For others, here's the gist. This assumes you've already got things setup for
your domain in the route53 management console. In the easyDNS web interface:

    
    
      1. Menu "Your Info": edit, set the "Beta Access" to "Beta User"
      2. Menu "Preferences": set "Enable Route53 Support" to "Yes"
      3. Manage domain, Domain Overview, "External" tab, click "route 53"
      4. Fill in AWS Zone ID, Access Key ID, and Secret Access Key
         (you can create dedicated access/secret keys for EasyDNS)
      5. Click "Export from DNS" link and confirm
    

Then go to your registrar and add the additional nameservers to your domain.
Once setup, every change you make in easyDNS will propagate to route53.

------
noodly
Posting this thread here, because HN uses EasyDNS.

If you have problem accessing HN, here are IPs, that you can put in your
/etc/hosts file:

    
    
       67.23.12.57      ycombinator.com
       174.132.225.106  news.ycombinator.com
    

or you can just wait, until attack is over.

~~~
fl3tch
Interesting. I couldn't access the site about 20 minutes go. Running "host
news.ycombinator.com" returned nothing.

~~~
mike-cardwell
TTL for news.ycombinator.com A record is 20 minutes. Such a small value
doesn't lend it's self well to DOS attacks against DNS servers. Useful if you
need to change your DNS records quickly though.

------
dangrossman
I wonder if it's the same Chinese source as the attack on DNSMadeEasy in
November and December? It was a multiple-gigabit, sustained attack on hundreds
of thousands of domains. 4 of my domains were part of it, and I had to move
them to another DNS provider to avoid going over my 10 million monthly queries
limit.

I didn't really hear anything about it except from another DME customer that
posted on HN. DME never even informed anyone about the attack.

~~~
rkalla
Dan, i have been curious about DME as a provider for a few months. Very
interesting to read this, thank you for posting it.

------
noodly
Status of EasyDNS is also posted on twitter:

<https://twitter.com/#!/easyDNS>

There is more information about that attack than on status blog:

    
    
       "The attack is multi-faceted, multi-gb/sec SYN flood, ICMP and DNS flood.
        Working with Prolexic to get DNS2 back online ASAP"
    
       "We are still taking heat. We expect that to drop over time.
        We are still putting in mitigation and workarounds."

------
AdamGibbins
This seems to be affecting HN. I've found that when that occurs using
<http://hackerne.ws> works fine.

~~~
mjb
The authority for hackerne.ws is domaincontrol (GoDaddy, apparently) while the
authority for news.ycombinator.com is EasyDNS.

------
pors
I couldn't access HN for a while because of it (all good now obviously)

~~~
wbhart
It's still an issue for me. I'm using the IP addresses for now. They say on
their blog that this is likely propagation issues though.... and it's back.

------
hwatson
The blog seems to have gone down. It's just a blog entry that says:

> We are currently experiencing an Denial of Service Attack against DNS1, DNS2
> and DNS3 anycast strands.

> We are working on mitigation and will post updates as they become available.

------
michaelcampbell
Do these type of attacks typically occur from some state-run organized cluster
of computers, or are they from zombied/infected "run of the mill" boxes on
everyone's desktop?

------
anonfoobar1
What are the chances this DoS relates to the recent algorithmic-complexity
vulnerabilities?

~~~
wbhart
Do you have a reference? You are not talking about the article to do with the
US drone are you? Edit: oh I see you mean this:
[http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec...](http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf)

------
vinhboy
is there anything we can do right now, to fix this problem while the attack is
under way?

~~~
paulmok
Yeah - I have just been able to mitigate by exporting to route53 (via their
system) and then adding the additional route53 dns servers to the root chain.
Ugh :(

Fortunately for me I had the aws identity already setup and just had to do a
new "export" to update the records.

