

DDoS attacks against Zerigo DNS services - jm3
http://www.zerigostatus.net/

======
pardner
Implementing secondary DNS servers is essential, and has kept our primary site
up and running.

That said, it is UNFORGIVABLE (imo) that Zerigo failed to send ANY type of
notification to its DNS customers... they have apparently been having ddos
trouble for about 24 hours.

afaik they do not offer any type of text or email alerts when they are
experiencing trouble (such as the SMS messages I get from Heroku).

So, while I like their tools, and the ddos hasn't affected our website that
have secondary DNS, we will "walk" to another provider that cares enough about
their customers to offer proactive alerts.

~~~
dsl
We run our own owned+operated DNS with Dynect as secondary. Couldn't be
happier.

------
nodesocket
Honestly I've tried most of the popular DNS providers (DNSMadeSimple, DynDNS,
etc), but nothing lets me and my team sleep tighter at night than Route53. If
a DDos is successful in taking down Amazon Route53, then we have bigger issues
to worry about. Plus, Route53 is dirt cheap, its a no brainer.

~~~
pardner
If Route53 ever supports Primary/Secondary DNS Zone Transfers (AXFR/IXFR) it
will be a no brainer for us, too. Even with Amazon, we just can't have all our
DNS eggs in one basket.

------
dsl
Just a heads up, Zerigo doesn't operate its own network for DNS, so as far as
mitigating an attack they are at the mercy of upstreams.

a.ns.zerigo.net 64.27.57.11, announced by WeHostWebSites.com

b.ns.zerigo.net 174.37.229.229, SoftLayer

c.ns.zerigo.net 109.74.192.232, Linode

d.ns.zerigo.net 174.36.24.250, Softlayer

e.ns.zerigo.net 72.26.219.150, Voxel.net (Internap)

f.ns.zerigo.net 223.27.170.242, Voxel.net (Internap)

------
zrail
First DNSimple and now Zerigo. I wonder if this is coordinated or if it's
separate groups. In any case I'm glad I switched to Route53 a few weeks ago.

~~~
latch
Almost exactly a year ago, Zerigo was down for over 6 hours.

Almost three years ago, DnsMadeEasy (which as far as I know dwarf DNSimple and
Zerigo) had an outage after a massive attack.

~~~
pardner
Unfortunate that Zerigo did not (apparently) bother to deploy ddos protection
after the event a year ago, and waited until this event to do so. This is part
of their auto-reply to any emails to support:

"Zerigo has procedured DDOS mitigation services from Verisign and is in the
process of integrating them into our network to prevent such attacks from
compromising our DNS services in the future."

------
eksith
Are these attacks part of a strategy to take down a specific target(s) or are
they basically shotgunning providers?

~~~
dsl
It is common to see attacks hop from provider to provider.

A target (like a High Yield Investment Program, a pro-choice website, online
casino, etc) will be using ProviderA and the attackers will hit their DNS in
an attempt to take the site down. The target will want to get back online (or
get terminated by ProviderA) and jump over to ProviderB. The attackers see the
change, and take down the new provider. Rinse and repeat forever.

On the backend most of the large DNS providers share a common blacklist of
sites they have terminated so you can't just provider hop and drag the attack
around with you. I don't think DNSimple or Zergio participates, though.

