1 edit | DNS ddos?I have web servers in data centers, I have experienced a number of ddos ( distributed denial of service) attacks. During the outage there was some response from the COMCRAP DNS Servers, so it was not a case of the DNS records being lost or "poisoned".
News from AREA 51:
"... there are thousands of infected zombie computers owned by Comcast subscribers making DNS requests for Google.com at the maximum burstable COMCRAP upload rate, the zombies are being run from an IRC channel by Russians being paid by a telco ..."(humor - unconfirmed)
Thanks for posting the LEVEL3 DNS Servers, guess I will try them but they seem to be just 2 IP's ( clustered I am hoping ). 2 ips and an old Motorola DOCSIS1 modem $66.94 a month. For that kind of money the crap should work.
After the 1st outage last week I got a ConCrap e-mail saying your speed has been increased to 4,000/384 which is bullcrap. That is a burstable speed that they can only maintain for a few seconds or so it seems.
Unfortunately, my only alternative is Ameritech's SBC-Yahoo DSL, which is a cobbled together ATM network with terrible latency, ever try a loaded ping? use control + c to stop the test,
ping xxx.com -f -l 1024 -t
Reply from xxx.109.xxx.135: bytes=1024 time=30ms TTL=51
Looking good right now but then it is 6 AM.
I was able to communicate with all of my servers using their IP addresses. I guess it is time to make favorite links to other critical sites using their IP namespace instead of the human readable blabla.com addresses.
»www.couponsworth.com Buy something I need money to pay my cable bill HAHA |
|
| Level3 DNS I could maybe dredge up the post (and I'm pretty sure it's not here - was on nanog, I think) but there's lots of good magic happening behind the Level3 DNS IPs; as someone else posted earlier, clueful DNS engineers are not a mass-market commodity. Level3 definitely has more than their quota.
Comcast's demonstrated that they can't run DNS as a production capability. If I felt like wasting some time, I'd go after them on a lost-connectivity basis; if they can't provide me DNS, bandwidth doesn't matter. (Presuming, of course, that I/we don't go poach someone else's servers...) |
|
| Make it easy on yourself and check out »DynDNS.org as they just started a new Recursive DNS that is working really well. And it's a good company for other stuff as well. |
|
