[outages] Dyn outage continuing

Kun, Mike mkun at akamai.com
Fri Oct 21 13:53:10 EDT 2016 

Does anyone have volume or attack information? What sort of attack(s) are suspected?

-Mike Kun
> On Oct 21, 2016, at 1:40 PM, Sajal Kayan via Outages <outages at outages.org> wrote:
> 
> It appears most of the world cant reach Dyn : https://pulse.turbobytes.com/results/580a5178ecbe402e2201a74c/ <https://urldefense.proofpoint.com/v2/url?u=https-3A__pulse.turbobytes.com_results_580a5178ecbe402e2201a74c_&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=JKX8L6GOKvRiNpSp-mnjjQ&m=NlUSnBfE_pOQTYFrnNz03CXHFDf-thc56BitRGGX2HE&s=xo1rCQZipTQbUei0LoYKV-rqVaj3BIcZ11klJCE8lIM&e=>
> But for the most part, its resolving thru Google DNS/OpenDNS : https://pulse.turbobytes.com/results/580a51ceecbe402e2201a74e/ <https://urldefense.proofpoint.com/v2/url?u=https-3A__pulse.turbobytes.com_results_580a51ceecbe402e2201a74e_&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=JKX8L6GOKvRiNpSp-mnjjQ&m=NlUSnBfE_pOQTYFrnNz03CXHFDf-thc56BitRGGX2HE&s=QGOdvuwYNF_7tdMiWdrf0JaBxlalMIIdfStw8rcnLDE&e=>
> 
> 
> On Sat, Oct 22, 2016 at 12:31 AM Andrew Bunde via Outages <outages at outages.org <mailto:outages at outages.org>> wrote:
> Don’t forget https://bit.namecoin.info/ <https://urldefense.proofpoint.com/v2/url?u=https-3A__bit.namecoin.info_&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=JKX8L6GOKvRiNpSp-mnjjQ&m=NlUSnBfE_pOQTYFrnNz03CXHFDf-thc56BitRGGX2HE&s=rJP7Os_7EgCO59pliAnbnIx4WmpVRgaKUsTNRUIgIG8&e=>
> 
> 
> 
> 
> From: Outages [mailto:outages-bounces at outages.org <mailto:outages-bounces at outages.org>] On Behalf Of Jason Antman via Outages
> Sent: Friday, October 21, 2016 1:25 PM
> Cc: outages at outages.org <mailto:outages at outages.org>
> 
> Subject: Re: [outages] Dyn outage continuing
> 
> 
> 
> This is just a horribly painful example of why we/they should all follow the route of NetFlix ( http://techblog.netflix.com/2013/05/denominating-multi-region-sites.html <https://urldefense.proofpoint.com/v2/url?u=http-3A__techblog.netflix.com_2013_05_denominating-2Dmulti-2Dregion-2Dsites.html&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=JKX8L6GOKvRiNpSp-mnjjQ&m=NlUSnBfE_pOQTYFrnNz03CXHFDf-thc56BitRGGX2HE&s=Z8GkKqlEGlieBt3NindCLAcFVWecC-y9JLtSKzsWPxg&e=> ) and use multiple DNS providers. Denominator ( https://github.com/Netflix/denominator <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Netflix_denominator&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=JKX8L6GOKvRiNpSp-mnjjQ&m=NlUSnBfE_pOQTYFrnNz03CXHFDf-thc56BitRGGX2HE&s=5IyT0KIl6YhsW30mOHzSC6O5nLy_kYKPNEzYvg2Nr7U&e=> ) the tool NetFlix uses for this and open-sourced, currently supports managing (mirrored) DNS records across AWS Route53, RackSpace CloudDNS, DynECT and UltraDNS.
> 
> 
> 
> -Jason
> 
> 
> 
> On Fri, Oct 21, 2016 at 1:09 PM, Patrick W. Gilmore via Outages <outages at outages.org <mailto:outages at outages.org>> wrote:
> 
> It is a shame in that PagerDuty is affected.
> 
> 
> 
> However, Dyn is far, far better positioned to withstand attacks than a company like PagerDuty could possibly be on their own. So I think PagerDuty did the right thing in using Dyn.
> 
> 
> 
> Remember, Twitter, Pingdom, github, and lots of other people use Dyn. And this is the first major outage I have heard of their service.
> 
> 
> 
> Let’s all be clear that Dyn has to be in the top 10 DNS infrastructures on the planet. Possibly the largest that sells DNS as a service. This is a serious attack, and the entire community should help track this miscreant down, then crush them like a bug.
> 
> 
> 
> --
> 
> TTFN,
> 
> patrick
> 
> 
> 
> On Oct 21, 2016, at 1:00 PM, Terry Hardie via Outages <outages at outages.org <mailto:outages at outages.org>> wrote:
> 
> 
> 
> It's a shame services like PagerDuty use Dyn. Now they're down too...
> 
> On Fri, Oct 21, 2016 at 9:57 AM, Justin Krejci via Outages
> <outages at outages.org <mailto:outages at outages.org>> wrote:
> 
> 
> Previously it was not affecting upper midwest for me, traces went to
> Chicago.
> 
> Now traces to twitter DNS servers in Chicago are failing.
> 
> 
> ________________________________
> From: Neil Hanlon via Outages [outages at outages.org <mailto:outages at outages.org>]
> Sent: Friday, October 21, 2016 11:16 AM
> To: Terry Hardie; outages at outages.org <mailto:outages at outages.org>
> Subject: Re: [outages] Dyn outage continuing
> 
> The attacks appear to be continuing again. We are experiencing issues in
> Europe/Asia.
> 
> On Fri, Oct 21, 2016 at 12:13 PM Terry Hardie via Outages
> <outages at outages.org <mailto:outages at outages.org>> wrote:
> 
> 
> 
> Even though their page says the outage is resolved, I'm still getting
> DNS failures (return SERVFAIL, not no answer) to their anycast
> networks from California:
> 
> $ dig @ns2.p34.dynect.net <https://urldefense.proofpoint.com/v2/url?u=http-3A__ns2.p34.dynect.net&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=JKX8L6GOKvRiNpSp-mnjjQ&m=NlUSnBfE_pOQTYFrnNz03CXHFDf-thc56BitRGGX2HE&s=nYgZcWsJA0qHxpscoM-las_Fkv2f_TC9OWy-twSs530&e=> video.twimg.com <https://urldefense.proofpoint.com/v2/url?u=http-3A__video.twimg.com&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=JKX8L6GOKvRiNpSp-mnjjQ&m=NlUSnBfE_pOQTYFrnNz03CXHFDf-thc56BitRGGX2HE&s=3YtpUj_uVR1HzhOlgLFT2JMnLwLB4rzUWdpUQq61Ht0&e=>
> 
> ; <<>> DiG 9.3.2 <<>> @ns2.p34.dynect.net <https://urldefense.proofpoint.com/v2/url?u=http-3A__ns2.p34.dynect.net&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=JKX8L6GOKvRiNpSp-mnjjQ&m=NlUSnBfE_pOQTYFrnNz03CXHFDf-thc56BitRGGX2HE&s=nYgZcWsJA0qHxpscoM-las_Fkv2f_TC9OWy-twSs530&e=> video.twimg.com <https://urldefense.proofpoint.com/v2/url?u=http-3A__video.twimg.com&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=JKX8L6GOKvRiNpSp-mnjjQ&m=NlUSnBfE_pOQTYFrnNz03CXHFDf-thc56BitRGGX2HE&s=3YtpUj_uVR1HzhOlgLFT2JMnLwLB4rzUWdpUQq61Ht0&e=>
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 170
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;video.twimg.com <https://urldefense.proofpoint.com/v2/url?u=http-3A__video.twimg.com&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=JKX8L6GOKvRiNpSp-mnjjQ&m=NlUSnBfE_pOQTYFrnNz03CXHFDf-thc56BitRGGX2HE&s=3YtpUj_uVR1HzhOlgLFT2JMnLwLB4rzUWdpUQq61Ht0&e=>.               IN      A
> 
> ;; Query time: 3103 msec
> ;; SERVER: 204.13.250.34#53(204.13.250.34)
> ;; WHEN: Fri Oct 21 17:11:36 2016
> ;; MSG SIZE  rcvd: 33
> _______________________________________________
> Outages mailing list
> Outages at outages.org <mailto:Outages at outages.org>
> https://puck.nether.net/mailman/listinfo/outages <https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_outages&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=JKX8L6GOKvRiNpSp-mnjjQ&m=NlUSnBfE_pOQTYFrnNz03CXHFDf-thc56BitRGGX2HE&s=XPLQiTtTSnqFkQpyPWGEQCbi4k2BRGuDxT51QCjhMpY&e=>
> 
> --
> 
> KAYAK
> 
> Neil Hanlon
> 
> Devops Engineer
> 
> 
> +1 978 902 8171 <tel:%2B1%20978%20902%208171>
> 
> _______________________________________________
> Outages mailing list
> Outages at outages.org <mailto:Outages at outages.org>
> https://puck.nether.net/mailman/listinfo/outages <https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_outages&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=JKX8L6GOKvRiNpSp-mnjjQ&m=NlUSnBfE_pOQTYFrnNz03CXHFDf-thc56BitRGGX2HE&s=XPLQiTtTSnqFkQpyPWGEQCbi4k2BRGuDxT51QCjhMpY&e=>
> _______________________________________________
> Outages mailing list
> Outages at outages.org <mailto:Outages at outages.org>
> https://puck.nether.net/mailman/listinfo/outages <https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_outages&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=JKX8L6GOKvRiNpSp-mnjjQ&m=NlUSnBfE_pOQTYFrnNz03CXHFDf-thc56BitRGGX2HE&s=XPLQiTtTSnqFkQpyPWGEQCbi4k2BRGuDxT51QCjhMpY&e=>
> 
> 
> 
> _______________________________________________
> Outages mailing list
> Outages at outages.org <mailto:Outages at outages.org>
> https://puck.nether.net/mailman/listinfo/outages <https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_outages&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=JKX8L6GOKvRiNpSp-mnjjQ&m=NlUSnBfE_pOQTYFrnNz03CXHFDf-thc56BitRGGX2HE&s=XPLQiTtTSnqFkQpyPWGEQCbi4k2BRGuDxT51QCjhMpY&e=>
> 
> 
> _______________________________________________
> Outages mailing list
> Outages at outages.org <mailto:Outages at outages.org>
> https://puck.nether.net/mailman/listinfo/outages <https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_outages&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=JKX8L6GOKvRiNpSp-mnjjQ&m=NlUSnBfE_pOQTYFrnNz03CXHFDf-thc56BitRGGX2HE&s=XPLQiTtTSnqFkQpyPWGEQCbi4k2BRGuDxT51QCjhMpY&e=>
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20161021/2f1f08a9/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://puck.nether.net/pipermail/outages/attachments/20161021/2f1f08a9/attachment.sig>

More information about the Outages mailing list