Tuesday, August 23, 2016

domain name system - DNS down in Anonymous attack



As I'm writing this our company website and the web-service we developed are down in the big GoDaddy outage resulting from an Anonymous attack (or so says Twitter).
We used GoDaddy as our registrar and we use it for DNS for some domains.



Tomorrow is a new day - what can we do to mitigate such outages?
Simply moving to, say, Route 53 for DNS might not be enough.
Is there any way to remove this single point of failure?



Answer



You can eliminate this single point of failure by using two DNS providers.
It might also be feasible to run your own DNS server on one of your servers.
GoDaddy allows you to do zone transfers from their servers (IIRC premium DNS is required for this).



Get a second DNS provider which allows you to run a slave server (or run it yourself).
Adjust NS/Nserver records so they point to both providers and you are done.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...