Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Incident Report: DNS Outage due to DDoS Attack (dnsimple.com)
36 points by aeden on June 4, 2013 | hide | past | favorite | 11 comments


Another reminder: If you're running DNS servers, make sure you are not providing recursion: http://openresolverproject.org/


Had dnsimple failed to do so? Did it help?

Because Easydns http://blog.easydns.org/2013/06/04/post-mortem-of-the-june-3... said "While most of these typically use open resolvers, it is also now common to use authoritative nameservers in reflection attacks".

Can we end the "War on 'Open' Internet (Resolvers)" now?

Because I don't think an organized crackdown on "open" authoritative nameservers is in the best interests of our freedom.


No, this was not due to open resolvers in this case. We do not run public resolvers - we only provide authoritative DNS.


We can end the war on open revolvers when we stop getting hit with multi-gigabit DDOS attacks from open revolvers.


Is there something "going on" with DNS DDOS right now, or have I just happened to notice several in the last few days? cloudns.net, EasyDNS, and now dnsimple.com - all in the last week...


I don't think it's anything out of the ordinary. Attacks happen quite regularly, most are mitigated quickly and quietly.


I want to apologize for my earlier downvoted comment by saying that, I only said what anyone in a software organization would say. eg your boss.

If you dont know how to run DNS, then your the wrong guy to be running it.

Dont come out in public and whine about hackers. Its your job and yours alone to know how DNS works and what to do.

Its not even mildly interesting anymore than TCP/IP is interesting. So do your job.

Thats what my boss would tell me and thats what your boss should tell you.

Its not mean what Im saying. Its the truth.


There's nothing whiny about it. They're explaining to their customers what happened which is a part of their job.


Dont care about DNS, its your problem, fix it and stop whining about hackers.


What do you use a massive /etc/hosts file?


I just use IPs and netcat. Accessing sites via SSL is a good mental workout.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: