Dear colleagues, The traffic that we reported about yesterday, Thursday 14 January, (see below message) came to an end shortly after the announcement was sent. The attack traffic was overwhelming our incoming links. As this was impacting other services, we had started to ask our upstream peers to filter traffic to the specific address we use for the .ps ccTLD service. However, the traffic load returned to normal fairly quickly. Later in the afternoon we have removed any upstream filtering. As mentioned in an earlier message to this list, the frequency of incidents we see with our DNS services seems to be part of a more general trend, which leads us to further investigate necessary improvements to our DNS infrastructure. Kind regards, Romeo Zwart On 16/01/14 13:08 , Romeo Zwart wrote:
Dear colleagues,
As of approximately 11:20 UTC this morning, Thursday 14 January, we are seeing an unusually large amount of incoming traffic on the servers for the RIPE Authoritative DNS services. The traffic is specifically aimed at the ccTLD secondary service that we host for .ps and is of such a high volume that it is impacting other DNS services.
We are contacting the domain owners and are investigating mitigation capabilities at the moment. We will inform you further when we have more information.
Kind regards, Romeo Zwart