from Hacker News

DNSimple target of DDoS attack

by markprovan on 6/3/13, 1:05 PM with 28 comments

  • by the9to5 on 6/3/13, 6:10 PM

    Bravo to the folks at DNSimple for being on top of communications during this time. It's something that they themselves brought up less then a year ago during the Zerigo DDOS (https://news.ycombinator.com/item?id=4280515) so it'd good to see them sticking to it.

    But it also seems as though the same advice proposed in that thread should have been used by their customers: Namely, utilize multiple DNS providers to mitigate risk, and choose providers with IP anycast. Heck, even setting up your own secondary DNS on a $5/mo cloud server would keep your site up (unless of course your site is the main target of the DDOS).

  • by whafro on 6/3/13, 3:23 PM

    It's not a great long-term solution, but DNSimple has been disabling their ALIAS support, which many Heroku and AWS users are likely to depend on, especially if you use SSL.

    Short term, keep your ALIAS record and add an additional A record for your root domain pointing to one of the IPs indicated by your hostname. DNSimple says they'll treat the A record as a fallback when ALIAS isn't working, and will return both sets of records when it is (https://twitter.com/dnsimple/status/341574753276002304).

    For the next 3/12/24/96 hours or however long it takes for the threat to subside, this should increase your availability, and the likelihood that your A record will work for that time is probably reasonable. Longer term, you'll want to get rid of the A record.

  • by yesimahuman on 6/3/13, 1:41 PM

    Ah, got bitten by this. Just added Route 53 as redundancy, should have done that a long time ago.

  • by soci on 6/3/13, 1:45 PM

    DNSimple seems the best way to go if you want to host your service with Heroku using a root domain (no www at the beginning of the domain name) [1].

    Unfortunately, DNSimple is now the weakest layer of our stack. And at http://KiteBit we are suffering it right now!

    [1]https://devcenter.heroku.com/articles/custom-domains#root-do...)

  • by jwarzech on 6/3/13, 2:15 PM

    Our site (and others) seem to still be working through the 'www' domain. We have had nothing but great experiences with DNSimple up to this point and will probably stay customers, just sort of frustrating as we wait for our domain to resolve to another dns provider as a quick fix...

  • by zrail on 6/3/13, 5:27 PM

    Is anyone else seeing a sustained level of trashy DNS queries to their own servers? I've been seeing a sustained level to mine that's way above normal, for the last few days. I wonder if this is a broader problem than just DNSimple.

  • by thejosh on 6/3/13, 1:36 PM

    This seems to happen quite often to DNS hosts, I remember ClouDNS getting hit often.

    It's easier to hit these sorts of "smaller player DNS hosts" if the website you want to take down is otherwise protected?

  • by randall on 6/3/13, 3:03 PM

    Anyone know how to make DNS redundant? Is it as simple as adding them as extra nameservers, and then copying all the records? I'm thinking about using Linode's DNS as a failover.

  • by dexcs on 6/3/13, 1:35 PM

    That makes sense. rubygems.org was down for me for a few minutes....