[ Yesterday we started sending this in an email to all members on the system. We are posting it here for reference. ]
The number of DDoS attacks directed against the easyDNS system (indeed across all DNS providers) has escalated this year and we wanted to bring you up to speed on measures we are taking to deal with this.
The big problems we face when a domain here is attacked is that we initially have to figure out who the target is, and while the attack is in progress, all the domains sharing the same name server delegations are impacted, sometimes moreso, sometimes not so much depending on the intensity of the attack and the seamlessness with which we can activate mitigation strategies with our mitigation partners.
We are admittedly not satisfied with how the last two DDoS attacks went. The August 12th attack was not very intense and should have been easily handled. It wasn't and it was the final straw in a string of disappointments here. As a result we've made a fundamental change in our mitigation partner strategy and it had already proved worthwhile during the Aug 28th attack. We continue to implement more improvements.
Additionally, starting this fall we will be moving to a new name server numbering scheme, one that will drastically reduce the number of domains that share a particular name server delegation.
This will give us the ability to instantly identify the target of a given DDoS and at the same time, limit the impact of the DDoS to the targeted domain(s).
Doing this requires some re-engineering on our part and the last of those updates are scheduled to be completed this fall.
We will send another email when we are ready to implement the new naming structure.
In the meantime, if you operate a mission critical domain which must have 24×7 DNS availability at all times, please read the following carefully: Read more »