Sunday, March 27, 2011

Connectivity Problem With Some GoDaddy Hosted Custom Domain Published Blogs

This weekend, a few owners of blogs published to custom domains are reporting problems viewing their blogs.

We are seeing various reports, such as unhappily reporting
I can't view my blog!
If we view the blog ourselves, or maybe if the blog owner uses one or more proxy servers to view the blog, the blog will be seen with no problem. Apparently the blog is actually online, regardless of the original observation.
Now what?

In many cases, the blog in question uses GoDaddy hosted DNS, and a specific set of GoDaddy servers, to provide domain addresses to the blog readers.

If we use a WhoIs Log, we can see the defining factor in this problem.

http://who.is/whois/mydomain.com/

REGISTRY WHOIS FOR MYDOMAIN.COM
Domain Name: mydomain.com

Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Status: clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited

Expiration Date: 2012-03-15
Creation Date: 2011-03-15
Last Update Date: 2011-03-15

Name Servers:
ns63.domaincontrol.com
ns64.domaincontrol.com

The domain in question does not have an expired registration, and it is live other wise. This domain is using "ns63.domaincontrol.com" and "ns64.domaincontrol.com" for DNS - and one or both of those servers appear to be subject to a DDOS attack by unknown parties.

I'll note here that not all domains hosted by GoDaddy are affected by the attack. If you're reading this article (I hope that you are reading this article), you should know that "nitecruzr.net" is also a GoDaddy hosted domain - "nitecruzr.net" just uses a different set of DNS servers.

http://who.is/whois/nitecruzr.net/

REGISTRY WHOIS FOR NITECRUZR.NET
Domain Name: nitecruzr.net

Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Status: clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited

Expiration Date: 2012-03-24
Creation Date: 2008-03-24
Last Update Date: 2010-03-23

Name Servers:
ns11.domaincontrol.com
ns12.domaincontrol.com
ns53.domaincontrol.com
ns54.domaincontrol.com

A Distributed Denial Of Service ("DDOS") attack involves massive amounts of garbage traffic, from multiple computers all over the world - possibly from various members of a botnet - attacking specific networks or servers. GoDaddy Network Technicians, detecting the attack, are restricting access to the specific servers that are under attack. Instead of shutting down those servers completely, they are surgically isolating the attacking computers by IP address - and are blocking only those specific computers (and their immediate neighbours, including the blog owners observing the problems) from access to the specific servers under attack.

By blocking only small portions of the Internet from access, and only from access to "ns63.domaincontrol.com" and "ns64.domaincontrol.com", GoDaddy is continuing service to the majority of their customers - and to some portion of the readers of the blogs affected by the attack. This is why the domains affected can be viewed by various proxy servers and (some, not all) readers. A few proxy servers may, like a few blog owners and readers, be blocked - but many will not be blocked.

People who use proxy servers, along with many normal readers of the blogs affected by the attack, will like the readers of other blogs using GoDaddy hosted DNS, be unaware that there is any problem. Eventually, the attack will end, and life will go back to normal.


(Update 2011/03/27 06:00 PDT): We're seeing a few comments in the rollup discussion that indicates that GoDaddy is successfully repelling the attack. That does not mean that the attack is over, necessarily - but it does show that there is hope, for some of the blog owners.

>> Top

2 comments:

The Vintage Polka Dot said...

Thank you for posting this. I could not view one of my blogs(domain hosted by GoDaddy) for approximately 24 hours. So far, it seems to be working fine this morning.

Nolan said...

Same here—my blog is up and running now!

Thanks for all the information that you've conveyed to us. I would have been banging my head on my keyboard all day yesterday if there wasn't anyone to tell us what was happening. =)