Information – DNS DDoS – 23rd July 2012
Yesterday our DNS supplier suffered an extremely rare and serious Distributed Denial of Service (DDoS) attack over a sustained period. This is where someone floods the systems of a company with so many requests it simply can’t cope.
DNS is essentially the phone book of the internet, translating domain names (like example.com) in to an IP address. The IP address is the address of services such as servers. By attacking the suppliers’ services and bringing them offline browsers wouldn’t have been able to look up the server address for a given domain name.
The attack was quite large, and certainly resulted in our longest outage ever for some of our customers. Our current set-up relied upon this one supplier but with 3-4 name servers across the world. We use one in London, Amsterdam, Denver (USA) and Singapore. By having so many in different locations means that it usually wouldn’t result in downtime if one or two were attacked or suffered other major issues – essentially providing global fall backs and ensuring the highest uptime possible.
However, on this occassion our supplier was attacked globally and had to bring services back online in a staged way.
What did we do yesterday? We were able to move all core services to another set of name servers and also moved several clients with business critical websites. We also updated twitter.com/mdkwebmedia with status information like most companies.
What are we doing now to further mitigate? Well we are going to create additional back-up services that isn’t reliant on our main DNS Partner 100%. Whilst it is unlikely such a large scale issue will reoccur we are taking further steps beyond our already otherwise robust set-up.
Was anything working? We recommend and utilise Google Applications as the email provider of choice. Their email systems were unaffected and it was possible for customers to login and send emails – however receiving emails will have been disrupted. Our actual servers were also unaffected and as such customers would still have been able to access their FTP and other management services using our IP address directly. No personal or business data was ever at risk.
We apologise for any inconvenience that was caused by this issue and can assure all customers that we are working on additional safeguards to minimise further risks. If you have any comments or questions then please do contact us.