I use EasyDNS, but this issue didn't affect me personally.
EasyDNS has built-in integration with Amazon's Route53, which will automatically push your DNS records to Amazon when you change them on the website. What I've done is used the 3 EasyDNS nameservers along with 3 from Route53. When one service is being DoS'ed, the requests will timeout and move to the next nameserver.
Thanks for the heads-up. I wasn't aware of the service before and just implemented this.
For others, here's the gist. This assumes you've already got things setup for your domain in the route53 management console. In the easyDNS web interface:
1. Menu "Your Info": edit, set the "Beta Access" to "Beta User"
2. Menu "Preferences": set "Enable Route53 Support" to "Yes"
3. Manage domain, Domain Overview, "External" tab, click "route 53"
4. Fill in AWS Zone ID, Access Key ID, and Secret Access Key
(you can create dedicated access/secret keys for EasyDNS)
5. Click "Export from DNS" link and confirm
Then go to your registrar and add the additional nameservers to your domain. Once setup, every change you make in easyDNS will propagate to route53.
TTL for news.ycombinator.com A record is 20 minutes. Such a small value doesn't lend it's self well to DOS attacks against DNS servers. Useful if you need to change your DNS records quickly though.
I wonder if it's the same Chinese source as the attack on DNSMadeEasy in November and December? It was a multiple-gigabit, sustained attack on hundreds of thousands of domains. 4 of my domains were part of it, and I had to move them to another DNS provider to avoid going over my 10 million monthly queries limit.
I didn't really hear anything about it except from another DME customer that posted on HN. DME never even informed anyone about the attack.
There is more information about that attack than on status blog:
"The attack is multi-faceted, multi-gb/sec SYN flood, ICMP and DNS flood.
Working with Prolexic to get DNS2 back online ASAP"
"We are still taking heat. We expect that to drop over time.
We are still putting in mitigation and workarounds."
It's still an issue for me. I'm using the IP addresses for now. They say on their blog that this is likely propagation issues though.... and it's back.
Do these type of attacks typically occur from some state-run organized cluster of computers, or are they from zombied/infected "run of the mill" boxes on everyone's desktop?
Yeah - I have just been able to mitigate by exporting to route53 (via their system) and then adding the additional route53 dns servers to the root chain. Ugh :(
Fortunately for me I had the aws identity already setup and just had to do a new "export" to update the records.
EasyDNS has built-in integration with Amazon's Route53, which will automatically push your DNS records to Amazon when you change them on the website. What I've done is used the 3 EasyDNS nameservers along with 3 from Route53. When one service is being DoS'ed, the requests will timeout and move to the next nameserver.