DDOS on Namecheap Free DNS and Default DNS V2 (opens in new tab)

(status.namecheap.com)

58 pointshmart12y ago113 comments

113 comments

74 comments · 15 top-level

ted012y ago· 38 in thread

We are in the process of mitigating a large scale DDoS attack against our global DNS platform. We expect service to return to normal very shortly. Stay tuned and let me know if you have any questions. ted@namecheap.com

jik12y ago

Just for future reference, it's usually considered a good idea to put your status page on completely independent infrastructure so that it stays up even when the rest of your stuff goes down. A status page that doesn't work during an outage isn't particularly useful.

ted012y ago

Good point. The status page is on another cloud but since this is a DNS issue, the subdomain is down. In the future, we'll investigate running this page on a secondary DNS.

3 more replies

ilikesnowflakes12y ago

If the hackers really want to take you down, adding another server in isn't very hard...

2 more replies

kennhardy12y ago

Like!

1 more reply

t3ra12y ago

WOOH the Akamai realtime attack visualization is completely red at the moment: http://www.akamai.com/html/technology/dataviz1.html

aroch12y ago

Someone is apparently pissed at the state of Indiana, 105 attacks in the last 24hours

User712y ago

370,000 attacks/hour, but that is still 56% below average.. hmmm interesting!

nc-customer12y ago

Most DDOS attacks against a company like yours are actually attacks against a specific customer. If:

a) you had a pool of DNS server names, say 20, all with unrelated hostnames

b) you assigned 2 to each customer, randomly, when they configured a domain to use your servers.

Then, a DDOS attack would impact 10% of your customers instead of 100%. (Assuming other practices, like null routing the target until resolved)

irontoby12y ago

Yes, this. Hopefully they take heed after this painful experience.

nubela12y ago

Yes please, thank you :) All my domains are down now but I understand how shitty (the panic!) it feels to have things going down. I'll be checking this.

ted012y ago

I'd also like to add that we have redunancy on our DNS V1. I advise switching over to this, in the meantime. Please find the tutorial here: https://www.namecheap.com/support/knowledgebase/article.aspx...

fw0rd12y ago

I tried this and now for some reason my apache server is returning the default page. also I think it wiped out my mailserver settings -- my mail is hosted on namecheap. i guess i gotta wait till everything is fixed.

edwhitesell12y ago

I had a couple of domains to try this on. One domain switched over within a minute. The other has been almost an hour. I'm assuming the TLD makes a difference?

.com was < 1 minute, .cm is > 55 minutes.

Jailout200012y ago

ETA how long it will take for the transfer to be completed? I know that editing host records usually is instantaneous (unlike other providers), but we're talking about changing the DNS servers here.

1 more reply

hypnotist12y ago

Thanks! I just did the switch and the website was up in few minutes.

kelton502012y ago

Was going to switch to route 53 while you guys were down and switch back, but the page says it'll take a day...Might as well just wait at that point. I know it's panic mode over there, but some kind of failover record would be awesome for when this happens in the future(or an option for one).

irontoby12y ago

Everything related to DNS says it'll take a day but that's "worst case"... I've successfully transferred DNS for 5 Namecheap-registered domains to Route 53 since this all started a couple hours ago, and they're now up & running smoothly.

Their "update DNS server" page was acting a bit wonky, kept saying some of my nameservers were invalid when they weren't, but I eventually got them all switched.

This isn't a dig against Namecheap, it sounds like this attack is pretty bad, but for important domains Route53 just seems like a much better setup (geographically dispersed, different nameservers for each hosted zone, etc).

1 more reply

w0ts0n12y ago

You guys should really put a notice on your homepage or something.

Good luck.

tamar12y ago

The homepage wasn't accessible until just a bit ago. We're still working on it.

tamar (also at Namecheap)

trevorc12y ago

I took your advice and transferred a domain to DNSv1. That domain is still not back online, but all the domains I left as DNSv2 have come back!

ilikesnowflakes12y ago

You guys should add an option for us to put in an optional backup DNS record in the settings.

ted012y ago

DNS V1 is available and functioning.

1 more reply

dywtk12y ago

The quick tut on switching to DNSv1 is nice however the option doesnt exist in my account

derwiki12y ago

Thanks for posting here!

njyx12y ago

Kudos for using a HN page to stay in touch

User712y ago

Ho quickly will the switch to v1 execute?

ted012y ago

It generally takes less than an hour.

1 more reply

kitnos12y ago

hi already have OK's, but the DNS are all using the same IP :( bad sign?

mindo312y ago

When did this attack start ?

ted012y ago

a little more than 2 hours ago

sprouticus12y ago

Thanks for the update, guys.

ChrisDiNicolas12y ago

Good luck guys!

megakf12y ago

Down again My domain down again

kitnos12y ago

do you have ETA?

ted012y ago

We're working hard to resolve this and we will keep you posted with updates here. Unfortunately, I can't give you an exact ETA.

MuratC12y ago

You need to provide some gift to your customers for this downtime. I am using NC for 10 years, every time on bad issues I continue to use. But this outage very bad, I lost money...

ilikesnowflakes12y ago

DDOS attacks are not up to Namecheap. You want money, go talk to the people doing it. These are very hard to prevent.

3 more replies

sparagi12y ago

If they messed up your cheeseburger, I could see this. How does this help this situation? It doesn't. Namecheap should take that money and invest in their infrastructure.

1 more reply

avb12y ago· 11 in thread

Any good suggestions for alternative DNS providers?

daigoba6612y ago

Instead of putting all of your eggs in (yet another) one basket, for a site with critical availability requirements I would distribute DNS over multiple providers. If any one provider goes down it is less likely to hurt overall site availability.

avb12y ago

Yes, multiple DNS providers should be the way to go.

jgrahamc12y ago

You can use CloudFlare's free plan as DNS-only.

eli12y ago

It makes me nervous to rely on something that's a side benefit of a free service.

That said, I've heard Cloudflare's DNS network is faster than many paid alternatives.

blissofbeing12y ago

DNSMadeEasy, I just posted about them in this thread: https://news.ycombinator.com/item?id=7275538

zrail12y ago

I moved most of my stuff to Route53 awhile back and for the most part I don't regret it.

jmreid12y ago

Yes, Route 53 has been great for me as well. I have my crucial DNS zones hosted there. But all the other stuff was on Namecheap's name servers.

I'll probably continue with that setup, but just make sure my TTL is set fairly high.

jschuur12y ago

Pricing doesn't seem too bad. $0.50 for a zone (domain) and $0.50 for a billion queries: http://aws.amazon.com/route53/pricing/

3 more replies

sparagi12y ago

We looked at Route 53, but would that make a difference today if your domain is registered at Namecheap?

If Namecheap is down, it does not get redirected.

2 more replies

benmorris12y ago

I've considered doing this also!

cobrabyte12y ago

We've been stoked with DNSimple.

motoford12y ago· 4 in thread

If your site is down and you are on v2, Switch to v1. It only takes a minute and it works.

jsm38612y ago

Yeah - at least right now this worked for me. Thank you for the tip!

julianc12y ago

I switched and it's the same, still down.

motoford12y ago

At first I thought the same. I went in to edit records, and I hit save. I checked again and it was working. I assumed there was just a delay of a minute or so and that clicking save was a coincidence.

My domain is on v1 now and its still working.

eli12y ago

Well even if you switch to a different (working) nameserver, the old nameserver will still be cached all over the place so it will still appear down for many people.

tinco12y ago· 2 in thread

Weird, I haven't researched DNS as well as I should have. I always lived under the impression that there was this extensive DNS cache network where intermediaries responded to queries with cached results from root DNS servers.

Instead, the second that this DDos hits is the second we have websites stopping working.

How is it that in this day and age we can't have distributed caches of DNS entries at our providers of full dns databases. I mean there can't be more than like a few billion dns entries in the world total, which fits easily in a modern desktop computers RAM.

If that is an underestimate, I can't believe a single modern server wouldn't be able to mirror the world's DNS queries for at least a providers worth of users.

jschuur12y ago

Depends on the TTL (time to live) settings for the DNS entries, doesn't it?

tinco12y ago

Yes, perhaps there lies our folly. It's the choice between being flexible in ability to move our servers really quick, or being tolerant of DNS servers going down.

I sort of hoped that a DNS client would just use an expired DNS result in case the servers would not respond, but perhaps that is naieve/dumb.

1 more reply

plasma12y ago· 2 in thread

How would one add (say) AWS Route53 as a secondary DNS?

I assume you'd make sure the DNS records are the same in both DNS portals; and then add Route53 as 3rd & 4th nameservers with the first and second still being Namecheap?

wes-exp12y ago

It seems like secondary DNS is not supported, but you can change your primary DNS with the "Transfer DNS to Webhost" option.

IgorPartola12y ago

Yes, or just switch completely to Route53.

naiyt12y ago· 1 in thread

Best of luck to their support team. Outages can make tech support's life miserable. If you call in, just remember the person on the other side of the phone has likely been yelled at all morning for something that wasn't their fault. Totally reasonable to be upset at the situation, just don't take it out on the tech you're talking to!

User712y ago

Job security ;).. j/k! I imagine it must not be fun

derwiki12y ago· 1 in thread

Is there any point in freaking out or do we just have to wait this one out?

tinco12y ago

If it's absolutely critical that your users get service right now, it might be a good idea to at least prepare a migration to other DNS servers, like perhaps those of Linode. If the situation doesn't improve within an hour or so, it might be that they don't have a good way to deal with it, and the outtage might take long, depending on the depth of the DDoSers pockets.

blissofbeing12y ago

I recently switched most of my domains to DNSMadeEasy because they are constantly in the top for speed[1], provide a top tier anycast network and for what you get are a great value.

If you want speed and readability I suggest switching to a paid DNS provider.

1: http://www.solvedns.com/dns-comparison/2014/01

BTW I'm not in any way affiliated, just like the service.

kennhardy12y ago

May this have been a problem lasting for a week?

I am monitoring a few servers with DNS records. And the last week I have found all the servers unresponsive (by DNS, not tried directly) from time to time. And after an extensive amount of troubleshooting I am unable to find a problem.

hmartOP12y ago

If you're affected, you can switch your domains to their DNSv1. Seems pretty quick for most people.

Via https://news.ycombinator.com/user?id=edwhitesell

User712y ago

I don't know how this website works, but I can't see the latest posts at the top of the page! I'm looking for the latest info on the issue. Are you up and running? Should I move back to v2? Thanks

srik12y ago

This is so embarrassing for me. We just put out our school computer group's website up and boom - murphys law.

MichaelTieso12y ago

That would explain why I'm getting a massive amount of tickets from my clients why their site is down.

kennhardy12y ago

Down for me as well. Lost access to absolutely all of my company's services. TTL 60...

micah6312y ago

yup, our app is down : (

j / k navigate · click thread line to collapse

113 comments

74 comments · 15 top-level

ted012y ago· 38 in thread

jik12y ago

ted012y ago

Good point. The status page is on another cloud but since this is a DNS issue, the subdomain is down. In the future, we'll investigate running this page on a secondary DNS.

3 more replies

ilikesnowflakes12y ago

If the hackers really want to take you down, adding another server in isn't very hard...

2 more replies

kennhardy12y ago

Like!

1 more reply

t3ra12y ago

WOOH the Akamai realtime attack visualization is completely red at the moment: http://www.akamai.com/html/technology/dataviz1.html

aroch12y ago

Someone is apparently pissed at the state of Indiana, 105 attacks in the last 24hours

User712y ago

370,000 attacks/hour, but that is still 56% below average.. hmmm interesting!

nc-customer12y ago

Most DDOS attacks against a company like yours are actually attacks against a specific customer. If:

a) you had a pool of DNS server names, say 20, all with unrelated hostnames

b) you assigned 2 to each customer, randomly, when they configured a domain to use your servers.

Then, a DDOS attack would impact 10% of your customers instead of 100%. (Assuming other practices, like null routing the target until resolved)

irontoby12y ago

Yes, this. Hopefully they take heed after this painful experience.

nubela12y ago

Yes please, thank you :) All my domains are down now but I understand how shitty (the panic!) it feels to have things going down. I'll be checking this.

ted012y ago

fw0rd12y ago

edwhitesell12y ago

I had a couple of domains to try this on. One domain switched over within a minute. The other has been almost an hour. I'm assuming the TLD makes a difference?

.com was < 1 minute, .cm is > 55 minutes.

Jailout200012y ago

ETA how long it will take for the transfer to be completed? I know that editing host records usually is instantaneous (unlike other providers), but we're talking about changing the DNS servers here.

1 more reply

hypnotist12y ago

Thanks! I just did the switch and the website was up in few minutes.

kelton502012y ago

irontoby12y ago

Their "update DNS server" page was acting a bit wonky, kept saying some of my nameservers were invalid when they weren't, but I eventually got them all switched.

1 more reply

w0ts0n12y ago

You guys should really put a notice on your homepage or something.

Good luck.

tamar12y ago

The homepage wasn't accessible until just a bit ago. We're still working on it.

tamar (also at Namecheap)

trevorc12y ago

I took your advice and transferred a domain to DNSv1. That domain is still not back online, but all the domains I left as DNSv2 have come back!

ilikesnowflakes12y ago

You guys should add an option for us to put in an optional backup DNS record in the settings.

ted012y ago

DNS V1 is available and functioning.

1 more reply

dywtk12y ago

The quick tut on switching to DNSv1 is nice however the option doesnt exist in my account

derwiki12y ago

Thanks for posting here!

njyx12y ago

Kudos for using a HN page to stay in touch

User712y ago

Ho quickly will the switch to v1 execute?

ted012y ago

It generally takes less than an hour.

1 more reply

kitnos12y ago

hi already have OK's, but the DNS are all using the same IP :( bad sign?

mindo312y ago

When did this attack start ?

ted012y ago

a little more than 2 hours ago

sprouticus12y ago

Thanks for the update, guys.

ChrisDiNicolas12y ago

Good luck guys!

megakf12y ago

Down again My domain down again

kitnos12y ago

do you have ETA?

ted012y ago

We're working hard to resolve this and we will keep you posted with updates here. Unfortunately, I can't give you an exact ETA.

MuratC12y ago

You need to provide some gift to your customers for this downtime. I am using NC for 10 years, every time on bad issues I continue to use. But this outage very bad, I lost money...

ilikesnowflakes12y ago

DDOS attacks are not up to Namecheap. You want money, go talk to the people doing it. These are very hard to prevent.

3 more replies

sparagi12y ago

If they messed up your cheeseburger, I could see this. How does this help this situation? It doesn't. Namecheap should take that money and invest in their infrastructure.

1 more reply

avb12y ago· 11 in thread

Any good suggestions for alternative DNS providers?

daigoba6612y ago

avb12y ago

Yes, multiple DNS providers should be the way to go.

jgrahamc12y ago

You can use CloudFlare's free plan as DNS-only.

eli12y ago

It makes me nervous to rely on something that's a side benefit of a free service.

That said, I've heard Cloudflare's DNS network is faster than many paid alternatives.

blissofbeing12y ago

DNSMadeEasy, I just posted about them in this thread: https://news.ycombinator.com/item?id=7275538

zrail12y ago

I moved most of my stuff to Route53 awhile back and for the most part I don't regret it.

jmreid12y ago

Yes, Route 53 has been great for me as well. I have my crucial DNS zones hosted there. But all the other stuff was on Namecheap's name servers.

I'll probably continue with that setup, but just make sure my TTL is set fairly high.

jschuur12y ago

Pricing doesn't seem too bad. $0.50 for a zone (domain) and $0.50 for a billion queries: http://aws.amazon.com/route53/pricing/

3 more replies

sparagi12y ago

We looked at Route 53, but would that make a difference today if your domain is registered at Namecheap?

If Namecheap is down, it does not get redirected.

2 more replies

benmorris12y ago

I've considered doing this also!

cobrabyte12y ago

We've been stoked with DNSimple.

motoford12y ago· 4 in thread

If your site is down and you are on v2, Switch to v1. It only takes a minute and it works.

jsm38612y ago

Yeah - at least right now this worked for me. Thank you for the tip!

julianc12y ago

I switched and it's the same, still down.

motoford12y ago

My domain is on v1 now and its still working.

eli12y ago

Well even if you switch to a different (working) nameserver, the old nameserver will still be cached all over the place so it will still appear down for many people.

tinco12y ago· 2 in thread

Instead, the second that this DDos hits is the second we have websites stopping working.

If that is an underestimate, I can't believe a single modern server wouldn't be able to mirror the world's DNS queries for at least a providers worth of users.

jschuur12y ago

Depends on the TTL (time to live) settings for the DNS entries, doesn't it?

tinco12y ago

Yes, perhaps there lies our folly. It's the choice between being flexible in ability to move our servers really quick, or being tolerant of DNS servers going down.

I sort of hoped that a DNS client would just use an expired DNS result in case the servers would not respond, but perhaps that is naieve/dumb.

1 more reply

plasma12y ago· 2 in thread

How would one add (say) AWS Route53 as a secondary DNS?

I assume you'd make sure the DNS records are the same in both DNS portals; and then add Route53 as 3rd & 4th nameservers with the first and second still being Namecheap?

wes-exp12y ago

It seems like secondary DNS is not supported, but you can change your primary DNS with the "Transfer DNS to Webhost" option.

IgorPartola12y ago

Yes, or just switch completely to Route53.

naiyt12y ago· 1 in thread

User712y ago

Job security ;).. j/k! I imagine it must not be fun

derwiki12y ago· 1 in thread

Is there any point in freaking out or do we just have to wait this one out?

tinco12y ago

blissofbeing12y ago

I recently switched most of my domains to DNSMadeEasy because they are constantly in the top for speed[1], provide a top tier anycast network and for what you get are a great value.

If you want speed and readability I suggest switching to a paid DNS provider.

1: http://www.solvedns.com/dns-comparison/2014/01

BTW I'm not in any way affiliated, just like the service.

kennhardy12y ago

May this have been a problem lasting for a week?

hmartOP12y ago

If you're affected, you can switch your domains to their DNSv1. Seems pretty quick for most people.

Via https://news.ycombinator.com/user?id=edwhitesell

User712y ago

I don't know how this website works, but I can't see the latest posts at the top of the page! I'm looking for the latest info on the issue. Are you up and running? Should I move back to v2? Thanks

srik12y ago

This is so embarrassing for me. We just put out our school computer group's website up and boom - murphys law.

MichaelTieso12y ago

That would explain why I'm getting a massive amount of tickets from my clients why their site is down.

kennhardy12y ago

Down for me as well. Lost access to absolutely all of my company's services. TTL 60...

micah6312y ago

yup, our app is down : (

j / k navigate · click thread line to collapse