Continuing Issues with DNS Amplification Attacks

While we’ve had ongoing issues with our recursive name servers being used as part of DNS amplification attacks for the past few months,  they were severe enough yesterday that even with the rate limits and other mitigation techniques we have had in place that normal usage and performance was affected.  We finally had to resort to blocking the most popular DNS queries used in the attacks in order to prevent any impact to our regular services.  Customers may have noticed slow DNS requests, most likely experienced as slow loading of web pages, off and on until early afternoon.  We expect that we will also finally block all off-net access to our recursive DNS servers sometime in the next few days.  Once complete, it should prevent this from being an issue moving forward.

In addition, we’re working on identifying our customers that appear to have zombied systems that are being used to participate in the bot-nets that are responsible for the attacks.

Sorry for the MOTD delay.

-Kelsey and William

4 comments for “Continuing Issues with DNS Amplification Attacks

  1. Thanks! I’m seeing those DNS amplification attacks also, against my home DNS server (it serves a few vanity domains). I was very impressed with Sonic’s technical support. With pretty much any other ISP, the first line support wouldn’t even know what DNS amplification is, but Sonic was able to handle it nicely and give me good suggestions!

    I’m glad to see them making efforts to rate-limit it upstream: even though I am configured locally to lessen the traffic, I’m still seeing tons of requests occasionally come down my Sonic DSL line, and it would be nice to free up the bandwidth.

  2. Josh, we’ll provide secondary services for a (reasonable) number domains for you at no additional cost and you could run your server as a hidden master.

  3. Nice, thanks! I need to renovate my DNS setup, it’s been a while. When ready, how would I go about requesting your secondary services? That’s rather cool that you provide that, I didn’t know about it.

  4. The best thing to do is email support@sonic.net when you are ready. Include the list of zone that you’d like us to secondary and the ip address of your master name server.

Leave a Reply

Your email address will not be published.

*