Learn about Centmin Mod LEMP Stack today
Become a Member

DNS DDOS Attack against DynDNS knocks out major sites including Github, Twitter & Reddit

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Oct 21, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    28,989
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,767
    Local Time:
    5:54 PM
    Nginx 1.13.x
    MariaDB 5.5
    Looks like Github.com isn't only one affected by DDOS attacks against it's upstream DNS provider, DynDNS. It seems sites including Twitter, Reddit, Spotify, Esty, Box, Wix and Squarespace were down DDoS Attack on DNS; Major sites including GitHub, Twitter Suffering Outage

    Centmin Mod code hosted on github.com repository is also affected - Centmin Mod github.com repo 504 Timeouts | Centmin Mod Community

    from Dyn, Inc. Status - DDoS Attack Against Dyn Managed DNS

     
  2. eva2000

    eva2000 Administrator Staff Member

    28,989
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,767
    Local Time:
    5:54 PM
    Nginx 1.13.x
    MariaDB 5.5
    Thinking about it, none of these major web properties/companies have secondary DNS deployed ?

    I guess one problem with deploying secondary DNS is if you used a DNS providers' proprietary features and services.

    • Like with Amazon Route53 they have GeoDNS and Latency based DNS routing features.
    • DynDNS has Traffic Director and Dynamic Steering.
    • DNSMadeEasy and their newer sibling Constellix has Geo DNS, Geo Proximity, Geo Priority features
    • Cloudflare has Traffic Control and Traffic Manager with Geo Steering/Geo Mapping and load balancing feature set.

    These unique features aren't exactly easy to replicate from a secondary DNS provider.
     
    Last edited: Oct 22, 2016
  3. eva2000

    eva2000 Administrator Staff Member

    28,989
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,767
    Local Time:
    5:54 PM
    Nginx 1.13.x
    MariaDB 5.5
    Apparently even Amazon themselves use DynDNS for some services AWS Service Health Dashboard - Oct 21, 2016 PDT or they also got attacked ?

    edit: okay AWS use DynDNS for their service resolution ! Some regions use several providers including their own Route53, DynDNS (dynect.net) and UltraDNS
    Code (Text):
    host -t NS us-east-1.amazonaws.com
    us-east-1.amazonaws.com name server ns4.p31.dynect.net.
    us-east-1.amazonaws.com name server ns2.p31.dynect.net.
    us-east-1.amazonaws.com name server ns1.p31.dynect.net.
    us-east-1.amazonaws.com name server ns3.p31.dynect.net.
    

    Code (Text):
    host -t NS us-east-2.amazonaws.com
    us-east-2.amazonaws.com name server u4.amazonaws.com.
    us-east-2.amazonaws.com name server u6.amazonaws.com.
    us-east-2.amazonaws.com name server u3.amazonaws.com.
    us-east-2.amazonaws.com name server u2.amazonaws.com.
    us-east-2.amazonaws.com name server u1.amazonaws.com.
    us-east-2.amazonaws.com name server u5.amazonaws.com.
    us-east-2.amazonaws.com name server ns2.p31.dynect.net.
    us-east-2.amazonaws.com name server ns1.p31.dynect.net.
    us-east-2.amazonaws.com name server pdns1.ultradns.net.
    us-east-2.amazonaws.com name server pdns5.ultradns.info.
    us-east-2.amazonaws.com name server ns3.p31.dynect.net.
    us-east-2.amazonaws.com name server ns4.p31.dynect.net.
    us-east-2.amazonaws.com name server pdns3.ultradns.org.
    

    Code (Text):
    host -t NS us-west-1.amazonaws.com
    us-west-1.amazonaws.com name server u1.amazonaws.com.
    us-west-1.amazonaws.com name server pdns5.ultradns.info.
    us-west-1.amazonaws.com name server pdns3.ultradns.org.
    us-west-1.amazonaws.com name server u2.amazonaws.com.
    us-west-1.amazonaws.com name server ns3.p31.dynect.net.
    us-west-1.amazonaws.com name server u5.amazonaws.com.
    us-west-1.amazonaws.com name server pdns1.ultradns.net.
    us-west-1.amazonaws.com name server ns1.p31.dynect.net.
    us-west-1.amazonaws.com name server ns4.p31.dynect.net.
    us-west-1.amazonaws.com name server ns2.p31.dynect.net.
    us-west-1.amazonaws.com name server u6.amazonaws.com.
    us-west-1.amazonaws.com name server u4.amazonaws.com.
    us-west-1.amazonaws.com name server u3.amazonaws.com.
    


    Github.com is DynDNS only
    Code (Text):
    host -t NS github.com
    github.com name server ns2.p16.dynect.net.
    github.com name server ns3.p16.dynect.net.
    github.com name server ns4.p16.dynect.net.
    github.com name server ns1.p16.dynect.net.
    
     
    Last edited: Oct 22, 2016
  4. eva2000

    eva2000 Administrator Staff Member

    28,989
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,767
    Local Time:
    5:54 PM
    Nginx 1.13.x
    MariaDB 5.5
    DDOS attacks against DynDNS started again so more impact on Github.com and thus Centmin Mod hosted git repo code Dyn, Inc. Status - DDoS Attack Against Dyn Managed DNS

     
  5. eva2000

    eva2000 Administrator Staff Member

    28,989
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,767
    Local Time:
    5:54 PM
    Nginx 1.13.x
    MariaDB 5.5
  6. eva2000

    eva2000 Administrator Staff Member

    28,989
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,767
    Local Time:
    5:54 PM
    Nginx 1.13.x
    MariaDB 5.5
    Github.com migrated to a different DNS provider GitHub System Status

    They moved to using Amazon Route53 DNS
    Code (Text):
    dig NS +short github.com
    ns-1283.awsdns-32.org.
    ns-1707.awsdns-21.co.uk.
    ns-421.awsdns-52.com.
    ns-520.awsdns-01.net.


    seems Tokyo & Sydney region has not yet propagated the change at DNS Propagation Checker from Multiple Locations - SolveDNS

    upload_2016-10-22_20-51-56.png

    and numerous locations tested at Global DNS Propagation Checker - What's My DNS?

    upload_2016-10-22_20-53-15.png upload_2016-10-22_20-53-45.png
     
    Last edited: Oct 22, 2016
  7. eva2000

    eva2000 Administrator Staff Member

    28,989
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,767
    Local Time:
    5:54 PM
    Nginx 1.13.x
    MariaDB 5.5
    looks like a few also moved to other providers Amazon Route53 DNS

    reddit
    Code (Text):
    dig NS +short reddit.com
    ns-1029.awsdns-00.org.
    ns-1887.awsdns-43.co.uk.
    ns-378.awsdns-47.com.
    ns-557.awsdns-05.net.

    heroku
    Code (Text):
    dig NS +short heroku.com
    ns-1253.awsdns-28.org.
    ns-1538.awsdns-00.co.uk.
    ns-405.awsdns-50.com.
    ns-975.awsdns-57.net.

    airbnb
    Code (Text):
    dig NS +short airbnb.com
    ns-1349.awsdns-40.org.
    ns-1548.awsdns-01.co.uk.
    ns-446.awsdns-55.com.
    ns-696.awsdns-23.net.
     
  8. eva2000

    eva2000 Administrator Staff Member

    28,989
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,767
    Local Time:
    5:54 PM
    Nginx 1.13.x
    MariaDB 5.5
    looks like the DDOS attack was another IoT based attack up to 1.2Tbps !

    New World Hackers claim responsibility for cyber attack via Twitter

     
  9. eva2000

    eva2000 Administrator Staff Member

    28,989
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,767
    Local Time:
    5:54 PM
    Nginx 1.13.x
    MariaDB 5.5
    Dyn has an update Dyn, Inc. Status - Update Regarding DDoS Event Against Dyn Managed DNS on October 21, 2016

    Dyn Statement on 10/21/2016 DDoS Attack
     
  10. eva2000

    eva2000 Administrator Staff Member

    28,989
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,767
    Local Time:
    5:54 PM
    Nginx 1.13.x
    MariaDB 5.5
    wow that was one big DDOS attack Report: Mirai Botnet DDoSed 17 Dyn Data Centers Globally