09/10/2012

The GoDaddy Outage (Part 1)

GoDaddy hasn’t publicly said what’s going on yet, but the rumors are swirling. A hacker associated with Anonymous has claimed credit, but who knows. So what’s happening? Essentially, GoDaddy is having trouble responding to DNS (Domain Name System) requests which means millions of websites are inaccessible.

You don’t even have to be hosted by GoDaddy to be affected. Lots of people buy their domain through GoDaddy but host the site themselves, leaving GoDaddy to host the domain itself. That means GoDaddy DNS servers are authoritative for the domain so all DNS requests for the domain have to go through GoDaddy even though the site itself is hosted elsewhere.

So, it’s been busy around Alertra today, we’ve been sending out lots of alerts. The biggest problem is sometimes our customers don’t believe alerts like these are legit. They get our alert, pull their site up in their browser, and it works just fine. This happens because the IP address is cached by the browser, O/S or ISP and the site will continue to work like that until the domain’s TTL expires, which could be days.

Customers also see traffic in their web logs and conclude everything is fine. It’s not! What they’re seeing is visitors who also have the IP address cached. Anyone who hasn’t been to the site, or hasn’t been to it in a while can’t get to it.

To complicate things, many customers use a cheap monitoring service (gasp!) in addition to us, as a backup. Well, you don’t need a backup, but that’s for another day. The problem with these cheap services is they aren’t sophisticated. They are caching DNS responses just like your ISP is. It may take them days to figure out you have a real problem!

Anyway, the people at GoDaddy are working as hard as they can to get this attack mitigated, and we feel for them. It’s no fun. We’ll have a lot more to say about this outage later in the week.