Original URL: https://www.theregister.com/2009/04/01/ultradns_ddos/

UltraDNS back online after DDoS assault

Back off the canvas

By John Leyden

Posted in Security, 1st April 2009 14:04 GMT

A distributed denial of service attack knocked NeuStar's UltraDNS managed DNS service offline for several hours on Tuesday.

NeuStar runs high-availability DNS services for customers such as online retailers and IT giants, including Oracle and Juniper. In a statement, NeuStar told Networkworld that the attack affected only a small (unspecified) subset of its customers.

Early this morning [Tuesday], our monitoring systems detected a significant denial of service attack, which affected a small subset of our customers, in some cases for as long as a few hours. While we continue to investigate the cause, the extent, and the duration of the attack, service was completely restored by 10am EST.

Glitches in the UltraDNS services were first noticed by competitor Dynamic Network Services, which claimed sites including Amazon.com and SalesForce.com were affected by the outage.

"The Dynect Team quickly began to analyze the situation by checking the resolution chains for these popular web sites," said Tom Daly, chief technology officer at Dynamic Network Services. "Our analysis revealed that multiple UltraDNS PDNS (a special class of UltraDNS server) nodes were failing to respond to all DNS queries."

"When we were able to successfully query UltraDNS servers, responses were slow to come back, or largely timed out. The problem began to clear itself up around 10:00am Eastern, when we saw DNS responses returning quickly again," he added. ®