• Like
How GoDaddy Brought Down Millions of Sites – and How to Avoid Being a DNS Outage Casualty
Upcoming SlideShare
Loading in...5
×

How GoDaddy Brought Down Millions of Sites – and How to Avoid Being a DNS Outage Casualty

  • 2,610 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
2,610
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
5
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. How GoDaddy Brought Down Millions of Sites – and How to Prevent Becoming a DNS Outage Casualty Yottaa Inc. 101 Summer Street Boston MA 02110 http://www.yottaa.com © 2010 - 2012 Yottaa Inc. All Rights Reserved.© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential
  • 2. GoDaddy Outage • Outage started around 1pm ET on Sept 10 2012 • Resolved around 7pm ET on Sept 10 2012 • Lasted about 6 hours • Impact: • ALL sites being hosted by Internet domain registrar GoDaddy were down • 45 million domains registered on GoDaddy…© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 2
  • 3. What Happened? GoDaddy DNS servers failed to resolve DNS requests… All GoDaddy registered domains use GoDaddy DNS servers by default.© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 3
  • 4. What Caused It? Hacktivist @Anonymous Own3R quickly claimed responsibility© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 4
  • 5. Who Is Anonymous Own3r and Why? Anonymous typically announces their attacks on twitter and Facebook before hand, especially DDOS attacks. For example, in August, Anonymous brought down many EU government websites to protest for WikiLeaks founder Who is Anonymous? We are Anonymous, We are legion, We never forgive, We never forget, Expect us. • A global hacktivist group • Twitter handles: • @youranonnews, @anonymous • Site: • http://youranonnews.tumblr.com/© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 5
  • 6. Who Is Anonymous Own3r and Why?© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 6
  • 7. What Caused It (Again)? Official statement from GoDaddy on September 11th: “We have determined the service outage was due to a series of internal network events that corrupted router data tables” The service outage was not caused by external influences. It was not a “hack” and it was not a denial of service attack (DDoS). Throughout our history, we have provided 99.999% uptime in our DNS infrastructure. This is the level our customers expect from us and the level we expect of ourselves. We have let our customers down and we know it. - Scott Wagner Go Daddy Interim CEO© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 7
  • 8. What? Not Me?© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 8
  • 9. What Is DNS? • DNS, Domain Name System, is the most fundamental building block of the Internet • The Internet will not function without DNS • DNS is responsible for translating domain names into IP addresses • Human beings work at domain name level – you don’t remember a website by its IP address • Internet routing system only work at IP address level – it knows nothing about domain names • Connecting between the two is DNS: • DNS translates human understandable domain names into IP addresses • DNS is hierarchical • It is a large distributed database for all Internet records • Organized as a tree structure • Your domain is a node on that tree© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 9
  • 10. Your Domain and the Internet Root Root level .com .org .net .uk … Top level mycorp.com 2nd level www Blog mail Boston … 3rd level 4th level www …. Your Domain Records© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 10
  • 11. How DNS Name Resolution Works • DNS Server (name server) Is the glue for the entire Internet; • Each level can have its own DNS server • Maintains its own records • Answering calls at this level Source: http://www.windowsitpro.com/content/content/48527/Figure_01.gif© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 11
  • 12. How Do You Manage Your Domain Records? • Your can host your domain DNS records using any DNS service Root • Domain registrars provide Root level the default ones .com .org .net .uk … Top level mycorp.com 2nd level www Blog mail Boston … 3rd level www …. 4th level Your Domain Records© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 12
  • 13. Why and How to Choose A DNS Service© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential
  • 14. Your Domain’s DNS Server • When you register your domain name • GoDaddy automatically set up GoDaddy DNS server for your domain • When someone visits a website • The browser will ask the name server of the domain “who is this domain name”? • Name server will answer the IP addresses of the domain name • The browser gets the address and connects to it • The visitor sees the returned web page • When someone sends you an email to yourname@yourcompany.com • The sender will ask the name server “where is the mail server for yourompany.com?” • Name server will return the IP address (“MX” record) DNS failure means the failure of your entire domain© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 14
  • 15. DNS Service - What To Look For • Geographic distribution? – Single location? • Reliability – Multiple location? • Performance – Global locations? • Security • IP Anycast? • Security – DNS attack prevention? • Easy of use UI© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 15
  • 16. DNS and Network Stack A DNS query is carried on the TCP/UDP stack, typically over UDP. It is routed as typical TCP/UDP packet Source: http://i.technet.microsoft.com/dynimg/IC198104.gif© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 16
  • 17. IP Anycast • Multiple locations are needed for Anycast • Each location share the same Anycast IP address • Internet Routing (BGP) chooses the closest location© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 17
  • 18. DNS Spoofing© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 18
  • 19. DNS DDOS Attack DNS Server© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 19
  • 20. Yottaa Global DNS Service Enterprise-class Anycast DNS network for free© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential
  • 21. Global DNS for Speed & Scale Yottaa DNS Features: • Global IP anycast • Globally distributed data centers Web Optimization Network • Globally redirects request to closest geographic server Benefits: • High performance DNS service • Enterprise-grade traffic management • DNS Shield for protection© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential
  • 22. Yottaa Anycast Network Europe North America Amsterdam Dublin Seattle Chicago Frankfurt San Francisco Ashburn London Asia San Jose New York Madrid Paris Washington, DC Los Angeles Tokyo Atlanta Hong Kong Miami Osaka Dallas Singapore South America Australia Sao Paulo (Coming) Sydney’© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 22
  • 23. Yottaa DNS UI© 2010 - 2012 Yottaa Inc. All Rights Reserved. Company Confidential 23
  • 24. Don’t let your website fail you To Make Your Website Fast, Reliable and Secure Visit: www.yottaa.com For More Information Contact: Coach Wei Email: coach@yottaa.com Phone: +617.896.7818 Web: www.yottaa.com Twitter: @yottaa 24© 2010 - 2012 Yottaa Inc. All Rights Reserved. © 2011 Yottaa Inc. All Rights Reserved. Company Confidential