fornax.net

Mark Jeftovic from EasyDNS has posted a comment in response to my musings on their recent DDoS problems, and EasyDNS have also updated their blog since my first post on the subject. Looks like that trackback system works!

With regards to the setup at work, we've actually pulled the EasyDNS nameservers from our zone for the time being, and we're running on nameservers provided other providers. (Hey, that's why we pay more than one company to do the same thing.)

But why pull the EasyDNS nameservers? We had this discussion today about DNS - the idea is that, if one nameserver doesn't work, well, then you try the next one, and if that doesn't work, the next one, and so on, until you find a nameserver that does work. The problem we have at work is that all of our clients want things to load now. That means that, unfortunately, even when our domain is delegated to all 6 of the EasyDNS nameservers (as well as the other provider's nameservers), while the DDoS is going on, and EasyDNS has 2, or 3, or 4 nameservers with either slow response times, or timing out, then the DNS resolution is sometimes "slow" for our clients, when they happen to get those 2 or 3 or 4 servers in a row, and when that happens, they aren't satisfied.

Obviously, there will be times when nameservers go down. That's life, and you have to deal with it. Our clients also have to deal with the fact that, sometimes, that will mean slightly slower DNS resolution times from "normal". But it's a pain when a big provider like EasyDNS has such a widespread outage. No one can blame EasyDNS for it, but it would be nice if there was an easier way to deal with this than noting that there is a problem with your upstream nameservers (we noticed before EasyDNS first announced on the blog yesterday), and then manually removing the slow/non-responding nameservers for the period of the outage.

Is there an easier way?

From the EasyDNS blog:

"This morning's DOS attack was directed against ns1.easydns.com ... [the] rest of the nameservers ... are unaffected, overall DNS availability was not affected by this attack".

I'm sure it's not intentional, but nevertheless, that's not the truth. Yesterday, we saw their DNS service affected on more than just that one name server. Today, at times, it's been even worse than yesterday.

As an aside, has anyone else noticed that when a company decides to use a blog to disseminate information about mission critical services, the blog is the last thing to be looked at when there's trouble? It's been over 24 hours since the last update from EasyDNS; meanwhile, the DDoS on their DNS service continues without any word from them on what's happening, what they are doing to resolve the issue, or when we can expect normal service to resume.

It doesn't seem to have made it to the mainstream media, though, so maybe it's not being seen elsewhere...

One of the Max Media Manager users reported that s/he could not use Zend Studio's built in SVN to checkout the trunk of our repository.

I've got a bee in my bonnet at the moment about Zend, and so I'm on their case these days about making sure Zend does what it says on the tin, so, I reported it as a bug.

I've posted a modified version of their workaround back on the Max forum.

(Yes, I'm back from the dead! Huzzah!)