Sophos Cloud Optix
Go Daddy, the largest internet domain registrar in the world, was largely offline today for more than four hours. In addition to being the largest supplier of domains, Go Daddy also services many of those domains with DNS, email and web hosting services, all of which were sporadically available.
Immediately the rumor mill kicked into high gear and people were speculating that Anonymous must be DDoSing the internet giant. Go Daddy has been a popular target for the “99%” since they publicly announced support for the Stop Online Piracy Act (SOPA) in late 2011.
While it isn’t known whether they were under attack or simply suffering from a hardware or software failure en masse, that didn’t stop a Twitter account from Brazil that is loosely affiliated with Anonymous from taking credit for the outage.
As Go Daddy has slowly been coming back online it is becoming clear that the failure is in their DNS infrastructure. Unfortunately for Go Daddy customers, most of them are using Go Daddy DNS, even if they host their websites and email servers elsewhere.
According to Wired, Go Daddy has migrated its DNS records to their chief competitor, VeriSign. I am not seeing any evidence of this at the moment, but different people are experiencing different results from around the world.
Unfortunately attacks on the DNS infrastructure are nothing new. It is possible for a relatively small number of hosts to perform a DNS reflection attack against poorly configured DNS hosts.
There are ways of mitigating DNS attacks, but we are still not sure that is what occurred here. It might be a good time to review your critical infrastructure and ask your service providers what capabilities they have to ensure your business stays online if you are targeted or have equipment failures.
Chester – a quick nslookup on the name server records for godaddy.com shows that they are indeed using Verisign's DNS services.
Lately, it seems like there have been a number of high profile outages. Whether it is the numerous outages at Amazon AWS, Google Apps, or this recent GoDaddy outage – one trend is that these are all very large infrastructures. With size comes attention. And with that attention, one must be vigilant.
Verisign is not a Go Daddy competitor.
Verisign is the .com registry, and Go Daddy is one of its registrars.
Anon member claimed responsibility in this tweet: https://twitter.com/AnonOpsLegion/status/24521863…
…so saying "…people were speculating that Anonymous must be DDoSing the internet giant" seems like misreporting.
If you wanted to go with "speculation," something such as "People speculating that the Anonymous member claiming to have taken the internet giant offline might be telling the truth" would have been accurate.
This page checks the SOA from many resolvers and some of them are still showing Verisign:
Global DNS Propagation Checker – http://www.whatsmydns.net/#SOA/Godaddy.com
<flame>
This is another good reason not to use Go Daddy. There are plenty of other companies that provide better service, some of which have customer service people who actually answer the phone. Go Daddy is the last company I would ever use to register a domain or host my web site.
I have heard from business owners that Go Daddy is heavy-handed about confiscating domains from the businesses that registered the domains if there is any allegation of wrong-doing, without making any due diligence to substantiate the claims. How would you like your company web site taken down because a competitor thought it would be fun to tell Go Daddy that they were receiving spam from your domain?
</flame>