
DDOS on Namecheap Free DNS and Default DNS V2 - hmart
http://status.namecheap.com/?p=14846
======
ted0
We are in the process of mitigating a large scale DDoS attack against our
global DNS platform. We expect service to return to normal very shortly. Stay
tuned and let me know if you have any questions. ted@namecheap.com

~~~
ted0
I'd also like to add that we have redunancy on our DNS V1. I advise switching
over to this, in the meantime. Please find the tutorial here:
[https://www.namecheap.com/support/knowledgebase/article.aspx...](https://www.namecheap.com/support/knowledgebase/article.aspx/923/10/what-
is-the-difference-between-your-dns-system-v-1-and-v-2)

~~~
Jailout2000
ETA how long it will take for the transfer to be completed? I know that
editing host records usually is instantaneous (unlike other providers), but
we're talking about changing the DNS servers here.

~~~
Jailout2000
Looks to be up around five to ten minutes after executing the change. Not too
terrible.

------
tinco
Weird, I haven't researched DNS as well as I should have. I always lived under
the impression that there was this extensive DNS cache network where
intermediaries responded to queries with cached results from root DNS servers.

Instead, the second that this DDos hits is the second we have websites
stopping working.

How is it that in this day and age we can't have distributed caches of DNS
entries at our providers of _full_ dns databases. I mean there can't be more
than like a few billion dns entries in the world _total_ , which fits easily
in a modern desktop computers RAM.

If that is an underestimate, I can't believe a single modern server wouldn't
be able to mirror the world's DNS queries for at least a providers worth of
users.

~~~
jschuur
Depends on the TTL (time to live) settings for the DNS entries, doesn't it?

~~~
tinco
Yes, perhaps there lies our folly. It's the choice between being flexible in
ability to move our servers really quick, or being tolerant of DNS servers
going down.

I sort of hoped that a DNS client would just use an expired DNS result in case
the servers would not respond, but perhaps that is naieve/dumb.

~~~
toomuchtodo
> I sort of hoped that a DNS client would just use an expired DNS result in
> case the servers would not respond

This would break the whole concept of TTLs.

> but perhaps that is naieve/dumb.

Not at all. Hard problems are hard to solve.

------
plasma
How would one add (say) AWS Route53 as a secondary DNS?

I assume you'd make sure the DNS records are the same in both DNS portals; and
then add Route53 as 3rd & 4th nameservers with the first and second still
being Namecheap?

~~~
wes-exp
It seems like secondary DNS is not supported, but you can change your primary
DNS with the "Transfer DNS to Webhost" option.

------
motoford
If your site is down and you are on v2, Switch to v1. It only takes a minute
and it works.

~~~
julianc
I switched and it's the same, still down.

~~~
motoford
At first I thought the same. I went in to edit records, and I hit save. I
checked again and it was working. I assumed there was just a delay of a minute
or so and that clicking save was a coincidence.

My domain is on v1 now and its still working.

------
blissofbeing
I recently switched most of my domains to DNSMadeEasy because they are
constantly in the top for speed[1], provide a top tier anycast network and for
what you get are a great value.

If you want speed and readability I suggest switching to a paid DNS provider.

1: [http://www.solvedns.com/dns-
comparison/2014/01](http://www.solvedns.com/dns-comparison/2014/01)

BTW I'm not in any way affiliated, just like the service.

------
naiyt
Best of luck to their support team. Outages can make tech support's life
miserable. If you call in, just remember the person on the other side of the
phone has likely been yelled at all morning for something that wasn't their
fault. Totally reasonable to be upset at the situation, just don't take it out
on the tech you're talking to!

~~~
User7
Job security ;).. j/k! I imagine it must not be fun

------
kennhardy
May this have been a problem lasting for a week?

I am monitoring a few servers with DNS records. And the last week I have found
all the servers unresponsive (by DNS, not tried directly) from time to time.
And after an extensive amount of troubleshooting I am unable to find a
problem.

------
hmart
If you're affected, you can switch your domains to their DNSv1. Seems pretty
quick for most people.

Via
[https://news.ycombinator.com/user?id=edwhitesell](https://news.ycombinator.com/user?id=edwhitesell)

------
User7
I don't know how this website works, but I can't see the latest posts at the
top of the page! I'm looking for the latest info on the issue. Are you up and
running? Should I move back to v2? Thanks

------
derwiki
Is there any point in freaking out or do we just have to wait this one out?

~~~
tinco
If it's absolutely critical that your users get service right now, it might be
a good idea to at least prepare a migration to other DNS servers, like perhaps
those of Linode. If the situation doesn't improve within an hour or so, it
might be that they don't have a good way to deal with it, and the outtage
might take long, depending on the depth of the DDoSers pockets.

------
avb
Any good suggestions for alternative DNS providers?

~~~
zrail
I moved most of my stuff to Route53 awhile back and for the most part I don't
regret it.

~~~
jschuur
Pricing doesn't seem too bad. $0.50 for a zone (domain) and $0.50 for a
billion queries:
[http://aws.amazon.com/route53/pricing/](http://aws.amazon.com/route53/pricing/)

~~~
jyap
Correction on the queries pricing:

$0.500 per million queries – first 1 Billion queries / month

$0.250 per million queries – over 1 Billion queries / month

------
srik
This is so embarrassing for me. We just put out our school computer group's
website up and boom - murphys law.

------
MichaelTieso
That would explain why I'm getting a massive amount of tickets from my clients
why their site is down.

------
kennhardy
Down for me as well. Lost access to absolutely all of my company's services.
TTL 60...

------
micah63
yup, our app is down : (

