Re: UltraDNS Failure?
Richard A Steenbergen wrote: On Wed, Dec 23, 2009 at 05:38:21PM -0800, Shrdlu wrote: I'm still seeing the DNS servers at udns down, hard. Amazon's cloud will need a reboot when this is over. Dang, what the heck happened to all that anycast stuff? We have some DNS providing type customers (not UltraDNS) receiving a few million packets/sec of UDP/53 DoS traffic, starting at about the same time as the UltraDNS problems. No clue if it's related, but it certainly sounds suspicious. :) I saw close to a hundred hits on my local dns servers for one request, and they were mostly due to the crazy amazon cloud stuff. You looking at the packets? -- Oh, mairzy doats and dozy doats and liddle lamzy divey A kiddley divey too, wooden chu? Three little fiddies in an iddy, bitty pooh, Three little fiddies and a mama fiddy too...
Re: UltraDNS Failure?
There have been several DNS based DDoS observed throughout the day targetting Ultra as well as a few other companies. They were first observed earlier in the morning on the East coast. --Original Message-- From: Richard A Steenbergen To: Shrdlu Cc: Nanog Subject: Re: UltraDNS Failure? Sent: Dec 23, 2009 8:42 PM On Wed, Dec 23, 2009 at 05:38:21PM -0800, Shrdlu wrote: > I'm still seeing the DNS servers at udns down, hard. Amazon's cloud will > need a reboot when this is over. Dang, what the heck happened to all > that anycast stuff? We have some DNS providing type customers (not UltraDNS) receiving a few million packets/sec of UDP/53 DoS traffic, starting at about the same time as the UltraDNS problems. No clue if it's related, but it certainly sounds suspicious. :) -- Richard A Steenbergenhttp://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) Sent from my Verizon Wireless BlackBerry
Re: UltraDNS Failure?
On Wed, Dec 23, 2009 at 05:38:21PM -0800, Shrdlu wrote: > I'm still seeing the DNS servers at udns down, hard. Amazon's cloud will > need a reboot when this is over. Dang, what the heck happened to all > that anycast stuff? We have some DNS providing type customers (not UltraDNS) receiving a few million packets/sec of UDP/53 DoS traffic, starting at about the same time as the UltraDNS problems. No clue if it's related, but it certainly sounds suspicious. :) -- Richard A Steenbergenhttp://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: UltraDNS Failure?
I'm still seeing the DNS servers at udns down, hard. Amazon's cloud will need a reboot when this is over. Dang, what the heck happened to all that anycast stuff?
Re: UltraDNS Failure?
Mark Pace wrote: Anyone else having problems resolving DNS from UltraDNS? I'm seeing this: $ dig www.ultradns.com @8.8.8.8 Yeah, they went belly up in the last 20 or so. Hard. Looks like it's hitting some of Amazon's Cloud stuff too. It seems west coast related, by the way. On the west coast here. They went at 4:44pm (Pacific). Recovered at this point... Not from Seattle WA via Comcast HSI: js...@spunky:$ dig www.ultradns.com @8.8.8.8 ; <<>> DiG 9.6.1-P2 <<>> www.ultradns.com @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21733 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.ultradns.com. IN A ;; Query time: 65 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Wed Dec 23 17:29:41 2009 ;; MSG SIZE rcvd: 34 Also images on my web site are not loading from s3.amazonaws.com - John
Re: UltraDNS Failure?
Clarification: www.ultradns.com is back. There are still other problems afoot, like amazon: $ dig amazon.com @8.8.8.8 ; <<>> DiG 9.6.0-P1 <<>> amazon.com @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56390 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;amazon.com.IN A ;; Query time: 2042 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Wed Dec 23 17:28:10 2009 ;; MSG SIZE rcvd: 28 On 12/23/2009 5:22 PM, Mark Pace wrote: > >> >> Anyone else having problems resolving DNS from UltraDNS? I'm seeing this: $ dig www.ultradns.com @8.8.8.8 >>> Yeah, they went belly up in the last 20 or so. Hard. Looks like it's >>> hitting some of Amazon's Cloud stuff too. It seems west coast related, >>> by the way. >>> >>> >>> >> On the west coast here. They went at 4:44pm (Pacific). >> >> >> > Recovered at this point... > > > pace >
Re: UltraDNS Failure?
> >>> Anyone else having problems resolving DNS from UltraDNS? >>> >>> I'm seeing this: >>> >>> $ dig www.ultradns.com @8.8.8.8 >>> >> Yeah, they went belly up in the last 20 or so. Hard. Looks like it's >> hitting some of Amazon's Cloud stuff too. It seems west coast related, >> by the way. >> >> > On the west coast here. They went at 4:44pm (Pacific). > > Recovered at this point... pace
Re: UltraDNS Failure?
>> Anyone else having problems resolving DNS from UltraDNS? >> >> I'm seeing this: >> >> $ dig www.ultradns.com @8.8.8.8 > > Yeah, they went belly up in the last 20 or so. Hard. Looks like it's > hitting some of Amazon's Cloud stuff too. It seems west coast related, > by the way. > On the west coast here. They went at 4:44pm (Pacific). pace
Re: UltraDNS Failure?
Mark Pace wrote: Anyone else having problems resolving DNS from UltraDNS? I'm seeing this: $ dig www.ultradns.com @8.8.8.8 Yeah, they went belly up in the last 20 or so. Hard. Looks like it's hitting some of Amazon's Cloud stuff too. It seems west coast related, by the way. -- Oh, mairzy doats and dozy doats and liddle lamzy divey A kiddley divey too, wooden chu? Three little fiddies in an iddy, bitty pooh, Three little fiddies and a mama fiddy too...