DNS Made Easy Rocks!!!

Most of the time when we see a massive failure of a DNS Provider we see posts about how awful things happened. What I am about to say is a very different story.

DNS Made Easy was the target of a massive Denial of Service ( DOS ) Attack.

An attack that would have taken down any service. They did a great job of handling and supporting the users. The service was restored as fast as possible. What a great team. DNS Made Easy did a fantastic job.

The whole topic of High Availability is a very important cloud topic. Cloud needs a solid DNS service. DNS is, and will forever be, a target for DOS attacks.

Solutions:

Internal DNS for Cloud Deployments:

I use the local /etc/hosts file on each server. I know that this is a maintenance issue. For each change you make to the collection of servers you need to also update every server's /etc/hosts file. But the up side is that look ups of names in the hosts file are the fastest possible. No single point if failure exists. The solution scales with the number of servers.

What I do is create scripts that publish the /etc/hosts file from a table in the Database (read from the Slave).

When changes are made to IP values I just update the Database (write to the Master). Each server then updates the local /etc/hosts file from the database. Very simple, effective and fast.

For memcache arrays the performance of updates makes server replacements very simple and fast. The slow DNS look-ups are no longer an issue. The idea of TTL changes to update rate of the hosts file. Update on demand also works well.

External DNS:

Have more than one DNS service and set up a fall back service. This option my be a requirement for some projects. Most projects can live with one outage every 7-9 years. Not a bad up-time. Good work DNS Made Easy!!!

NOTES:

Watch out for TTL and other slow update issues. Keep a very good and detailed audit trail on all DNS related changes.

I use DNS Made Easy for lots of DNS needs. I will continue to use them now that I have seen the level of service that they provide in action. Congratulations DNS Made Easy you have exceeded my expectations.

As for the source of the DOS attack I will leave that to the FBI to address. This was a very serious wake up call that we need to have a strong Federal Investigation of these attacks and proper remediation.

Edward M. Goldberg
http://myCloudWatcher.com/
e.m.g.