Rackspace restored after DDOS takes out DNS servers for 11 hours
Rackspace has stated that it has recovered from a severe distributed denial of service attack which took down its flagship rackspace.com domain and 11 other subdomains connected to it.
The company in its status report says that DDoS attack on its DNS servers DNS, that were sending both legitimate and DDoS traffic to Rackspace were blacklisted. Thus during this 11 hour period, even genuine Rackspace visitors were inadvertently blocked.
Rackspace
Rackspace Inc. is a managed cloud computing company based in Windcrest, Texas, USA with branches in Australia, the United Kingdom, Switzerland, Israel, The Netherlands, India, and Hong Kong, and data centers operating in Texas, Illinois, Virginia, the United Kingdom, Australia, and Hong Kong. Rackspace provides Cloud Servers and Dedicated Servers to individuals and enterprises. In addition, Rackspace helps design, build, and operate workloads across both environments to enterprise customers.
DDoS attack
The trouble Rackspace started just before lunchtime on Monday, US central time, and persisted until 11 hours later. The company said in a status report filed on its site that,
On December 21st, at approximately 23:54 CST, backbone engineers identified a UDP DDoS attack targeting the DNS servers in our IAD, ORD, and LON data centers. As a result of this issue, authoritative DNS resolution for any new request to the DNS servers began to fail in the affected data centers. In order to stabilize the issue, our teams placed the impacted DNS infrastructure behind mitigation services. This service is designed to protect our infrastructure, however, due to the nature of the event, a portion of legitimate traffic to our DNS infrastructure may be inadvertently blocked. Our teams are actively working to mitigate the attack and provide service stability.
In a later update, Rackspace stated that, “Our engineers have fully resolved the impact to our DNS infrastructure.” However Rackspace customers may still face some problems with the website because “after blocking the majority of the inbound DDoS attack earlier in the morning some DNS servers that were sending both legitimate and DDoS traffic to Rackspace were blacklisted.” The status adds, “If you continue to experience adverse impact, please reach out to your support teams and provide trace route information for further investigations.”
No one has yet claimed responsibility for the DDoS attack while Rackspace is investigating into the probable reasons for the attack.
