Hallo,
wie jeder denke ich mitbekommen hat, hatten wir seit Sonntag dem 08.12. bis
einschl. gestern den 10.12.2002 mit erheblichen DNS-Problemen zu kämpfen.
Hauptproblem an der Sache, wir konnten nicht direkt eingreifen und mussten
uns auf die Arbeit des DNS-Anbieters verlassen (siehe Original-Statement
unten).
Um auf solche Ausfälle in Zukunft besser vorbereitet sein zu können, sind
wir nun dabei einen eigenen Primery Nameserver aufzusetzen, um nur noch für
den Secondary DNS auf afraid.org zurückgreifen zu müssen.
Zitat:
4 day ns1.afraid.org outage, and 330 day all time high uptime lost...
Well ns1.afraid.org was packeted with 700 megabit of traffic this last
weekend, which resulted in my IP and subnet being blocked off in multiple
places by my ISP and one of their ISP's, the attack was large enough for
them to notice, it basically took 4 days, multiple telephone calls, and
multiple emails to un-block ns1.afraid.org from the Internet because no one
could login to my server from the console to find out why it still wasn't
online even after they thought they un-blocked me in their routers, I guess
my keyboard port on ns1.afraid.org no longer works according to the tech,
so
that made it incresingly difficult to resolve the situation, and
ns1.afraid.org almost got de-racked and looked at by a hardware tech.
Fortunately they found the additional null routes in their routers and I
can
get to my server once again.
This is the first time I have had to rely on ns2.afraid.org to actually
carry the load of the DNS traffic, initially ns2.afraid.org was
mis-configured, and with Allen's help at spysatcentral.net who is hosting
ns2.afraid.org I was able to get it functioning to serve DNS with the last
transferred zone files from ns1.afraid.org while ns1.afraid.org was
unreachable for the last few days.
What I have really been wondering, is Why on earth would someone packet this
server? Who did I upset? Due to the way the Internet works (a public network
we all share) it is impossible to block these types of attacks when they
originate from comprimised machines from all over the Internet. Fortunately
though the worst that packeting can do to a system is make a system
unreachable for a period of time, but with the communication issues I had
with my ISP, the downtime was a bit longer the I hoped for. I don't know
if
the attack was directed at me, or directed at someone who was using an
afraid.org hostname. DNS traffic on afraid.org consumes a (comparitively)
very small amount of traffic, and could get by with having the server on
a
cable modem but it wouldn't be as responsive to dns requests, and subject
to
outages much more regularly, I chose to put the server in a nice 100 megabit
burstable facility instead, for better response times and rock solid power
protection.
Well thats all the news I have, sorry for the outage, it was totally out
of
the blue but I can't stop my ISP from turning me off when my server uses
a
volume bandwidth they don't expect me to pay for. At least I didn't get
stuck with a huge bandwidth bill like some other ISP's would probably try
to
do. The folks at he.net are great.
Siehe:
http://uptime.chat-reports.net/forum/viewtopic.php?t=20
_________________
MeTRiX
MeTRiX@uptime.chat-reports.net
http://uptime.chat-reports.net
