[SAC] [Hosting] NXDOMAIN DNS DDoS Issues


We’ve been experiencing NXDOMAIN DDoS attacks on our DNS servers today and yesterday that have been impacting resolving many of the domains we host. So far, this seems to mostly impact our authoritative DNS for external access. Our recursive query caching on our internal network seems to function fine during the attacks.

The following are the time frames when our services have been impacted by these attacks:

Jan 18, 2023: 8:58AM - 10:41AM PST (1758 - 1841 UTC)
Jan 19, 2023: 7:21AM - 9:21AM PST (1521 - 17:24 UTC)

We have been doing our best to mitigate the issues but have been unable to do so when the attack happens. As of right now, it seems the attack starting this morning has stopped, but I’d imagine it may happen again unfortunately.

We will do our best to continue to work on mitigation solutions for future attacks and apologies for the issues this has caused. If anyone has experience mitigating NXDOMAIN attacks using ISC BIND, please send me a direct email to see if there are any additional measures we can take.

Thanks for your patience.


Lance Albertson

Oregon State University | Open Source Lab