EveryDNS Under DDoS Attack

One of the things that is worse than having your web site going off-line — DNS servers for your domain are under DDoS attack that renders your entire domain resolvable. That’s something HostingFu is facing at the moment.

EveryDNS DDoS notice on the home page EveryDNS, which I reviewed here, are currently under DDoS attack, which causes domain resolution either very slow, or not working at all. I only noticed it when the site uptime monitor I used started showing false positives, i.e. reporting sites down when the servers are actually up. Seems to be going on for more than 12 hours now.

Currently I have around 6-7 domains on it (most important ones I have actually). Worse, my main MX is on it which causes bad delays on all the emails that are supposed to be delivered to my inbox. Web sites appear to be down when they are not, and the traffic served today dropped dramatically.

None of these is EveryDNS’s fault. And it is not the first time EveryDNS is under DDoS attack. Sometimes you just wonder why people do such things.

Any Solution?

Looks like EveryDNS guys are working hard tuning the network to remedy the issue. However DDoS is really tricky to resolve, and I personally have not seen anything that can work effectively, separating attacks from legitimate packets. Most of them just throw more bandwidth at it.

So, would commercial DNS provider be a better solution here? Maybe I shouldn’t be that cheap, as commercial DNS providers can usually afford more sophisticated network. Maybe EveryDNS’s “free-ness” attracted scumbags that got attacked by other scumbags. Maybe EveryDNS’s high-profile sister sites, OpenDNS and PhishTank, are too much a “good guys” on the Internet…

That does not make commercial DNS providers immune from DDoS attacks. It’s still the ultimate weapon on the Internet.

A good strategy that I should have deployed is, using multiple DNS providers, and having one as secondary as another. For example, use EveryDNS as my primary DNS, and ask ZoneEdit as slaves to EveryDNS. The chances that multiple free DNS providers DDoS’ed should be much slimmer.

Hopefully it is coming back soon. Last time it lasted a few days.

Update

2 December 2006 09:51pm AEDT

EveryDNS seems to back online now, with Update #3 on the website. All my domains are resolving again, although I’ve just moved 2 critical ones to another DNS provider.

3 December 2006 02:46pm AEDT

EveryDNS’s outage got slashdotted, and David U is promising to write up something about how they work around the DDoS. Awesome!