Ask HN: How to mitigate DNS provider issues?
Everything appears to be back to normal for us right now, but this has definitely rattled us a bit. We've never had problems with Namecheap before. Admittedly, DNS / Nameserver routing is not something I have a lot of expertise in. Like many developers/ dev ops people, DNS is something I set once and mostly leave alone. I had not considered it a vector for failure.
Several question:
1) What are the best practices in mitigating something un-forseen like a DDOS attack on your DNS / Nameserver provider? It seems like redundancy is the only good option, since any provider we go with could get DDOS-ed. What are good redundancy setups?
2) I've heard people say 'don't do DNS with your registrar'. But I'm not clear on exactly why not. Are registrars just inherently worse at DNS & nameserving?
3) Out of curiosity, does anyone know why Namecheap was DDOS-ed? Was it just for the lolz?
8 comments
[ 0.26 ms ] story [ 33.1 ms ] threadI usually don't like to host DNS with the registrar because they tend to be kind of bad as far as flexibility. GoDaddy's DNS controls are pretty good, but I still tend to host my DNS elsewhere.
If that looks like overkill, you might consider this plan: http://www.dyndns.com/services/upgrades/
I'm using route53 from Amazon. It's dirt cheap and they no slouches when it comes to reliability. It's still relatively new though.
As for why Namecheap got hit, who knows. Could be a malicious attack on a site using the service, could be a prank. Maybe just for lolz. There's any number of reasons. Unless they release that info, I don't think you'll find a clear answer any time soon :-/.