DNS DDoS Attack
Incident Report for CloudfloorDNS
Postmortem

The root cause of our DNS issue on 2022-09-08 was a customer receiving a large-scale Dictionary DDoS against their domain name. Dictionary scans are not cacheable and use huge amounts of resources on our DNS Servers because every lookup is fresh and not sitting in our cache pools ready for immediate answer. Once the target domain name was identified we limited the amount of queries allowed for the domain name across the platform via our DNS firewalls and then responses returned to normal for all other domains on the platform. Our Enterprise DNS networks was severely degraded between the hours of 07:00 - 09:12 UTC 2022-09-08.

Posted Sep 08, 2022 - 19:41 UTC
Resolved
CloudfloorDNS was hit with a large DDoS attack against a domain name on the platform starting at approximately 07:00 UTC. Once this was identified and confirmed we worked to limit the attack surface and mitigate the traffic against this domain. DNS resolution was delayed and may not have been available for short periods of time in some regions due to BGP route changes during the mitigation process. At approximately 09:12 UTC DNS resolution returned to normal response times.
Posted Sep 08, 2022 - 07:00 UTC
Current Status Powered by Atlassian Statuspage