Continuing Issues with DNS Amplification Attacks

While we’ve had ongoing issues with our recursive name servers being used as part of DNS amplification attacks for the past few months,  they were severe enough yesterday that even with the rate limits and other mitigation techniques we have had in place that normal usage and performance was affected.  We finally had to resort to blocking the most popular DNS queries used in the attacks in order to prevent any impact to our regular services.  Customers may have noticed slow DNS requests, most likely experienced as slow loading of web pages, off and on until early afternoon.  We expect that we will also finally block all off-net access to our recursive DNS servers sometime in the next few days.  Once complete, it should prevent this from being an issue moving forward.

In addition, we’re working on identifying our customers that appear to have zombied systems that are being used to participate in the bot-nets that are responsible for the attacks.

Sorry for the MOTD delay.

-Kelsey and William

4 comments for “Continuing Issues with DNS Amplification Attacks

Leave a Reply

Your email address will not be published. Required fields are marked *