If you're in the rare situation of using GoDaddy DNS but don't use them as a registrar, then you're in luck. Simply sign up with a new DNS provider. They will give you their DNS servers which you need to set as the DNS servers that are authoritative for your domain. Then sign into your registrar and change the authoritative DNS servers for your domain. There will be a propagation delay but once it's done you're all set.
If you are in the extremely common situation of having registered your domain through GoDaddy and also use their DNS service, then you have a problem because to move to another DNS provider you need to sign into GoDaddy.com to make the change I've described above i.e. change which DNS provider is authoritative for your domain. You can't do this until GoDaddy.com is back online. So what I suggest is that you sign up for a new DNS provider and then keep checking GoDaddy.com. As soon as it comes back online, sign in and make the change to your new provider as quick as you can.
Other data:
Whois requests for godaddy domains are currently failing because whois.godaddy.com is offline due to name resolution failure.
Godaddy's twitter feed is a good source of updates, although they are claiming to be making progress and all my godaddy DNS hosted domains are still offline, so it seems to be more marketing speak than real data: https://twitter.com/godaddy
As mentioned, Anonymous seems to be behind it as three tweets on their twitter account seem to indicate: https://twitter.com/AnonOpsLegion
I don't think the scale of this attack is fully understood yet. According to the CBC, GoDaddy hosts over 5 million websites (not sure if that's DNS, registrar, etc) so expect this to be big news and potentially the next political football.
"If you're in the rare situation of using GoDaddy DNS but don't use them as a registrar, then you're in luck. Simply sign up with a new DNS provider."
Assumes of course that people have their zone file to refer to. Which they should. Even if you don't know what a zone file is it's probably a good idea to at the very least make a screen grab of the information where the info is shown at your registrar. Or just use dig from the command line (see my comment further down for syntax).
General question here about upstream outages that can take down your site, e.g. DNS outage, AWS zone outage, etc.
What to tell your customers when an upstream service provider experiences an outage? I mean, if you're running ifttt.com your users might be savvy enough to understand that a DNS outage isn't your fault; but pinterest.com or whatever (painting with broad strokes here, forgive me) might not have a user base that would understand that events out of your control have made your site inaccessible.
How do you reassure your customers? What's the proper tone to take?
Good question. I believe in explaining as clearly as possible, but ultimately in taking responsibility. You chose the provider, decided on the level of risk you're comfortable with, and that ultimately failed. It was that choice that got in the way of your users.
If you can point to ways you'll improve the service in the future as a result of the outage, all the better.
When we had a large DoS attack at Posterous, I wrote two posts, one as soon as possible (http://blog.posterous.com/todays-outage-and-changes-for-cust...), and the next as a bit of a post-mortem (http://blog.posterous.com/moving-forward). Both explained that there were many factors beyond our control, but that the responsibility was ultimately ours, and we were working to learn from the event and improve our services as a result.
They weren't perfect posts, but I think they went a long way toward being open and honest with our users in the midst of a major negative event.
At the risk of professing an attitude that I generally dislike: there's no proper tone to take other than full responsibility. Like Steve Jobs said, when you're the janitor, reasons matter.
Once you're a service provider -- whether your services in turn rely on other services or not -- reasons stop mattering. As a practical matter, you and I know that there's no way you can build a fully scalable, fully redundant infrastructure from the ground-up in your first week. Hell, if you ever build that kind of infrastructure at all, you'll be way ahead of most companies.
But, that's the kind of infrastructure you should be working towards building, all the time. You should have a clear roadmap for ensuring data integrity, then dealing with security, then dealing with redundancy, and finally high availability.
If your service falls over for any reason, ultimately it's because you haven't done something on your roadmap yet. There's no way to explain that to your customers that doesn't sound like you're trying to pass the fault on to someone else -- because that's exactly what you're doing.
So just 'fess up to your customers: "one of the services that our business relies on had some serious technical problems that affected us today, but we recognize that ultimately it's our responsibility to make sure that our service is always available to you. We're constantly working on our infrastructure to make it more reliable, but we clearly still have more work to do. We will be changing some of our priorities so that this won't be a problem in the future. Thank you for sticking with us." (And then do it, otherwise this will backfire on you the next time you have an outage of similar cause.)
As an aside: I generally take a softer stance towards user responsibilities -- of course everyone should have backups, but Joe Schmoe just doesn't have time for that -- but a much harder stance towards businesses. Once you accept money from someone, you put yourself into a position of absolute responsibility for whatever it is that people rely on you for. If you can't guarantee the availability of your service or the safety of their data, then you shouldn't be taking their money.
Interesting, at the same time I both agree and disagree with what you wrote. You're saying that you want to offer 100% uptime, but how much does that cost? A client paying 5 USD/month has the same uptime expectancy as another one paying 2000 USD/month?
Oh man. I think I could write a long essay about this. Before I respond, I should mention that I've been running a business for several years that tries to break the rules of the price-quality-speed tradeoff, we've offered an alpha hosting service for a couple of years, and I've recently seen first-hand how bad it is for both you and your customers if you don't charge enough.
So, my reply in one sentence: a business should never charge less than it needs to meet its customers' expectations.
I don't think I've ever seen any hosted service brazenly advertise, "It only costs $4 a month and it's only down for a couple of days a year!" Instead, hosted services advertise their pricing, and then hide their uptime "guarantee" (in quotes because it's only a guarantee to the extent that there might be refunds involved if they don't meet it) somewhere in their fine print, or as a number that sounds impressive to people who don't know better, like, "99%!"
The problem with that is that your customers still expect your service to work. If your customers build a business of their own using your service -- and if you have enough customers, somebody is gonna try to do that -- then they can be seriously impacted if your service fails. At that point you have an adversarial relationship with your customer. As a business, you want to say, "but you're only paying $4 a month! What did you expect?", but as a customer, that's just about the worst possible response.
I think the race to the bottom in pricing is a really bad idea. GoDaddy's a really good example to use here. How many of their customers do you think couldn't afford an extra $1 a month, and at their scale, how much could they improve their service if they made an extra $1/month per customer? Conversely, how much damage does GoDaddy do to the hosting industry as a whole every time they piss off their millions of customers? I think you have to charge enough money to make your customer happy, and that includes a little extra to make sure your service continues to grow and improve and that you continue to be happy so that you'll continue to want to work on your business.
Once the business is up and running at some price point, and your infrastructure is, let's say, 75% complete, then start looking in to ways to reduce your price without compromising your service. Maybe if you find a thousand more customers, some network effects will kick in and you'll be able to charge everybody a little bit less. Great, go find those customers.
And, let's not ignore that the technology available to service providers right now is amazing. I first wanted to be an ISP in 1995. Back then, your startup costs were atrocious, the technology was unreliable, documentation was opaque (no such thing as howtoforge!), and you had to rely on industry fatcats that would shake with their right hand and shank you with their left.
Now there's Linode, Rackspace, Hurricane Electric, Slicehost, Heroku, Amazon, and a ton of others, all offering easy-to-use, low-cost, reliable services that you can build your business on. It's really amazing stuff. While individually they have sporadic issues, collectively they're rock-solid. So, unless you're offering a service that cracks hashes, I have trouble imagining that it would cost as much as $2,000 a month to provide a 100% uptime guarantee. If you just want to host a particular technology stack for customers, or provide SaaS, you should be able to engineer a really solid service for $50/month, tops.
Finally, I left room in my previous comment on this for businesses that are growing. I don't expect a business to have the perfect infrastructure in place the day that they launch. I do expect them to, at the very least, have solid backups in place and an idea of what to do if everything goes upside-down one day. Then, once they start getting customers, they should focus on improving their infrastructure. If a business is a year old and they have a few hours' downtime one day, I don't think to myself, "Pf, amateurs." But, if a business is two or three years old, and their customers' usernames and passwords just showed up on pastebin because they wrote their web app in PHP and didn't use PDO? Yeah, amateurs for sure.
As a thought experiment, imagine if GoDaddy took all the money that they sunk into Superbowl ads and pretty women and other stupid marketing, and instead put that money towards being the best damn domain registrar and hosting service on the internet. I bet you they could monopolize their market. There'd no longer be any reason at all for any of their customers to use any other service. There'd no longer be any reason for a potential new customer to not use their service.
So, want to own your market? Build an unbeatable service. (Or product.)
And you have to charge your customers enough money to do that.
I don't think there's a tone you can take that will make non-technical users understand that it's "not your fault". To the non-technical user your site is just down and, potentially, a service they're paying for is unavailable.
I'd argue that such an outage _is_ your fault. If you're worried about Customer perceptions as a result of outages of third-party services your site relies on then, I'd argue, you need to have redundancy in your choice of third-party services. If it's important enough to worry about it should be important enough to spend some money on and do something about. If that drives up your costs then your product's cost, to your Customers, needs to reflect that.
It looks like the root of the problem is that their DNS servers are unresponsive or offline. Web sites and mail whose DNS is hosted on GoDaddy appear to look "down" because they cannot resolve.
Good push for anyone to switch to DNSMadeEasy or Amazon Route53 if you're currently caught in this.
For DNS, I recommend dnsimple. They do DNS and domain registration for my three domains and their UI is amazing. Here's a referral link that, if used, gives both of us one month free DNS service (which is only $3 anyway). https://dnsimple.com/r/96a980397648e9
Agreed. I use them as well, and they've been great from day one.
Short anecdote: I have an Icelandic (.is) domain. Iceland's NIC has very strict rules regarding DNS records associated with an Icelandic domain. dnsimple's support team got the problem resolved within a few days. I can definitely see myself with them for the long haul.
We recently evaluated DNS options for our ~800 domains we host DNS for and decided to go with DNSMadeEasy. We're not switched over yet but the deciding factor for me was they're an anycast network and can offer a lot of cool regional responding if we grow to that size. We want to use vanity domains, e.g. ns1,2.ourcompany.com so w/ DNSimple that's only two locations that need to be DDoSed or fail and our sites are down.
It's a fair point (DNSimple is unicast). We're working on building out an Anycast infrastructure, but even that isn't a guarantee for surviving a DDoS. Bottom line on a DDoS: it's a war of bandwidth and the enemy has all the advantages. If you must buy bandwidth and you get DDoS'd you have to pay for that bandwidth, which can be very expensive (not to mention the ongoing operational costs and the ).
Still, we're going to do our best to switch over to Anycast and continue building out our infrastructure as we have the capital to do so.
I'm one of those people you call "stupid", who "deserves what I get". This is my first time posting here. I've used GD for years. Sure, they try to upsell me, but being in sales, I don't have a problem with giving them a firm "no thanks". If you do, that's your problem, not theirs. They're a business, for goodness sake. Realize that.
And not only my sites are now down, but all the sites I maintain for clients. If some individual (or group) has done this intentionally, then these people are responsible for taking hundreds, maybe thousands of small businesses off line today. They're cutting into their sales, hurting their bottom lines, and if it continues for too long, will probably lead to people being laid off.
So you can sit on your techie high horses and think you're oh so smart, but the fact is, these are real business people doing real business and criminals are hurting them. So you come down on the honest people for signing contracts and paying their bills on time?
Agreed. I've been out of work more than 6 months. Right as my family was packing to move to the closest bridge, I got a call from a company to setup their servers and finish their web app. With so much on my plate and no time to do it, I picked the easy and fast route. Use GoDaddy for cheap fast DNS and deal with it later. I brought our servers online this morning. Database and all. I was getting congrats and thank yours from the whole office. Now I might lose the job I just got. Thanks guys. Perhaps you can tell my kids.
Don't let the callousness of some posters on HN get to you. I think HN is full of decent, caring people, even if it's not always obvious. No one deserves blame for what a criminal did to them.
I'd imagine from their POV, when you continue doing business with a company they find morally reprehensible, you're no longer "honest people". If their end goal is killing GoDaddy, these collateral losses might be worth it. Also, it might have a positive side-effect of people associating more risk with dealing with shady companies.
Does anybody have a guide on how to migrate away from GoDaddy without downtime? And what would you recommend instead? We currently host a bunch of domains and use their DNS servers.
If you are only using them for DNS (and assuming their DNS works again) you can simply setup the new dns somewhere but not switch the DNS at your registrar. Until the dns is working at the new dns provider (and you would query it to find that out).
Example:
1) setup amixdomain.com at, say, zoneedit.com (not recommending them just using as an example).
2) Wait a bit, say several hours then use a dns utility like the one at kloth.net to query the two zoneedit.com dns servers directly. If both of them answer for your domain you are in good shape. I don't know what the lag is until zoneedit reloads their dns. It could be in a minute or it could take longer (which is why you can just wait).
Or you can use the OSX (or equivalent on other platforms) dig tool from the command line as follows, using ycombinator.com as an example:
Edit: What I meant to say was "if you have a mac open a terminal session and use dig" sorry for seeming to implying that dig is an OSX tool.
dig @NS1.EASYDNS.COM ycombinator.com 'A'
yc's servers are, so I picked one. You want to query all the dns servers:
Name Server: NS1.EASYDNS.COM
Name Server: NS2.EASYDNS.COM
Name Server: NS3.EASYDNS.ORG
Name Server: NS6.EASYDNS.NET
Name Server: REMOTE1.EASYDNS.COM
Name Server: REMOTE2.EASYDNS.COM
3) After the dns is active at zoneedit.com change the dns to the nameservers zoneedit.com gives you (change at your current registrar). You should have no downtime (since the old and new nameservers are answering with the same results.
In re-reading my comment I can see where someone would think I was implying that it was. Having worked with UNIX since V I am well aware of what you are saying. My mistake.
(What I was trying to say was "if you have a mac open a terminal session and use dig".)
Well, you're already in the midst of downtime, so you have a head start.
Aside from that, focus on two concepts: TTL and overlap.
1) On your old host, lower the TTL of all your records to something quite low, like 30 seconds. This will increase the burden on your nameservers, since records will only be cached that long, but it will make you more nimble as you make substantial changes.
2) Migrate your records over to the new provider. This can be a bit tedious for more complex zones, but rather straight-forward for many. Change your nameserver on your local machine to point to your new DNS host, just to test in a "real-world" scenario.
Then go to your registrar and flip the switch.
Switching DNS providers is much less prone to downtime than changing web hosts, since the records themselves aren't changing much -- just where to find them.
If you're switching registrars, the principal is similar, setting the TTL quite low during the transition to help you make changes more quickly should something go wrong.
Imo, having done this since the mid 90's, you don't have to mess with TTL since you aren't changing any of the records. And having someone do that is an additional thing to mess with that adds unnecessary steps.
TTL would be necessary if you are going from one IP to another or a different MX server etc. though.
Altering TTL won't do anything for you unless you do it before you start to make changes and far enough in advance that the current TTL will expire and servers will pick up the new TTL. Then when you alter DNS records the alterations should propagate much faster.
If you're literally just changing DNS providers why would there be any down time - the record showing the IP where to find your website just gets grabbed from a different location, if a stale record is used it's still right.
These are instructions on how to move your domain, not migrate to different DNS servers. Moving away from GoDaddy in general might be a good idea, but if you're just looking to migrate to another DNS service like Route53, this isn't what your looking for.
1) Get a new DNS server. I use http://dnspark.net/ and even though their website is very ugly and there's no API, they're tremendous value at $10 - $14 per year
2) In your registrar's page (godaddy) change your DNS servers for your domain to whatever your new ones are.
$0.50 per hosted zone / month for the first 25 hosted zones
$0.10 per hosted zone / month for additional hosted zones
$0.500 per million queries – first 1 Billion queries / month
$0.250 per million queries – over 1 Billion queries / month
I host about 70 zones and pay less than 20 dollars a month. There's no minimum, so I would expect a single zone to cost less than $2. You would need to get 10 million queries to reach $6.
[Edit: Facepalm - I just realized you said per year]
Moving DNS servers can usually be done with no downtime. All you need to do is copy your current dns records to a new provider and then change the name servers. Keep your old DNS configuration up at least for a few days.
Gradually clients will switch over to the new DNS servers, but as long as both servers resolve to the same IP you should be fine.
DNS services cost money, either in staffing or recurring charges, so it really depends on your budget. Neustar is a nice DNS provider ($50+/mo).
Generally you'll want to set up your new DNS, turn down the refresh on your existing DNS domains, wait $old_refresh or so, then change your primary/secondaries listed at your registrar to point at your new DNS.
I have to disagree with your 'Neustar is a nice DNS provider' statement. I used them for 2 years, most of that time I was unhappy but because I was locked into a contract I had to wait it out or else pay a hefty breakage fee.
Their website/UI wasn't any good, very dated, they even rolled out a new one before I left, but that was horrible, they used AJAX everywhere, just for the sake of using it, and it made usability horrible.
Their support sucked as well, you would need to submit a ticket, and they take forever to get back to you, and they don't say anything besides "it looks fine to me". If you try and call them, you end up talking with someone who has no idea what they are talking about (same customer support line, for multiple products), or they don't speak english well.
You end up paying per DNS query, which is a really expensive way to pay for DNS, we were paying thousands of dollars a month to them for DNS alone.
Their advanced DNS services (DNS load balanceer and DNS failover) where very basic, and getting them setup correctly was a PITA.
There DNS service was nice until it crashed, which didn't happen often, but when it did, it took down half the internet with them.
I personally wouldn't have picked them to be our provider if it wasn't for one of our investors telling us how great they are and we needed to use them. I should have listened to my gut, but I also didn't want to piss off the guy paying the bills.
YMMV, but I would say, stand clear, and go to one of the newer folks doing the same thing for much less the cost, and more features.
This recommendation suprises me. Do you have particular reason to recommend them? $50 per month for DNS strikes me as ludicrous, but I suppose it's worth it for some sites if they truly can provide a more reliable service.
But I don't find the quotes on their website to be confidence inspiring: "UltraDNS manages and maintains its own industry leading resolver platform; as a non-open source platform it isn't prone to hijacking, spoofing or viruses".
And their industry positioning scares me:
The revised bill would place a ".kids" subdomain under the
control of NeuStar Inc., the Washington-based
telecommunications company that won the contract to manage
the ".us" country-code domain last fall.
NeuStar would be expected to police the subdomain to ensure
it remains free of inappropriate content, and it would
answer to the Commerce Department's National
Telecommunications and Information Administration.
Web sites in the domain would be prohibited from linking to
sites outside it, and they could not set up chat rooms,
instant messaging or other interactive services unless they
could certify that they did not expose children to
pedophiles or pose other risks.
If privately held NeuStar were to lose money on the
venture, it could give control back to the Commerce
Department, which would seek another operator.
ps. You're probably aware, but I was checking if the site listed in your profile was served by them, and noticed that many9s.com looks to have expired over the weekend.
" I would've thought you could simply set up your various DNS records in advance with the new service you use, and then switch the nameservers in the GoDaddy control panel."
Yes, see my comment.
"does anyone have any experience of using them?"
I don't but it wouldn't be a bad idea to setup other servers (as secondaries) at another provider. The only downside to this is that you are then susceptible to anything that happens at the extra provider (not if they don't answer or are down, but if your dns gets hacked there.) Keeping my previous statement in mind, if you are picking a reliable dns vendor I would say it probably pays to setup secondaries elsewhere for extra redundancy. It's not that expensive to do.
I don't but it wouldn't be a bad idea to setup other servers (as secondaries) at another provider.
Thanks, that hadn't occurred to me in the slightest. You're right that it's not expensive, and as a direct result of your advice, this is the road I'll be going down. Thanks!
I do use a domain registrar for domain registering, and a DNS hoster for DNS hosting. From my - limited - experience it's not a good idea to have this with one service provider (registrars have not 100% uptime, DNS hosters are limited with domains or expensive)
We've been migrating people to internet.bs
Once you pay for the transfer, you can set up all the DNS records, so when everything transfers over it is already configured.
And by "these guys," it's most commonly anyone with an internet connection and a bone to pick. Saw some ridiculous attempt the other day to brand an attack on 9GAG with the anon logo.
> implying this isn't just a random fake account
> implying there is a spokesperson for Anonymous
> implying there is a trace of credibility to this claim
This thread demonstrates that HN needs a comment collapse button a la reddit. The first comment thread, mostly useless, is taking most of the page, and no way to collapse it.
As much as I dislike GoDaddy, and am glad I've switched away, I can't see how this kind of attack can possibly result in progress towards Anonymous's goals. It serves only to make them seem like radical thugs, far from being aggressive protectors of internet freedom.
That's kinda the point though isn't it? Why is anyone still using GoDaddy after SOPA / elephant killing / earlier outages / etc? For me at least, there's no excuse in supporting this company with my business.
I'd switched half of my domains to Namecheap. I was waiting to migrate the other half. I do not support them, but I had hired their service before SOPA and I just didn't want to pay twice.
I'm all for anonymous activism, but come on. Do they even have a reason for this attack, or was it purely to be able to gloat in having taken down half the internet?
Godaddy has been a powerful supporter of limits on internet freedom. Given the size and influence of the company and the arrogance of its (politically reactionary) owner, I understand why they would be considered a target. Even though I have close to 100 domains registered with Godaddy, I fully support this action by anonymous.
I'm assuming they're adding the Verisign DDoS protection service, but this change should make EVERY single Godaddy client very, very, very nervous (from the current whois):
That's a very interesting observation. When you say it should make current clients nervous, what angle are you thinking of? The angle that they should be nervous because GoDaddy had to go to someone else for this type of service or that Verisign is now involved?
The angle that a company responsible for hosting DNS, site hosting, SSL and similar services is incapable of bringing their own site back up without resorting to using a competitors services.
I'd say (although until seeing the DDoS numbers, I suppose I can't assume anything) that any large hosting provider like this should have an infrastructure in place for taking care of a large attack like this. To have any less at this late a stage in the game for them, speaks of a general enough incompetence as to be enough reason to move services, let alone 'political' type reasons.
I've seen (and experienced) 10Gigabit+ DDoS attacks and generally they end up taking down the entire data-center, but that's smaller provider levels. I can't imagine that level of attack should take down Godaddy, but then who knows what they're actually running behind the scenes. Essentially, what I'm saying... is this is a large enough issue with the internet today that a provider this large should have had at least SOME protections in place for this already (And perhaps Verisign might have been a decent enough choice, or Prolexic...).
Yes.. it is very bad of them, I agree. I just don't see the point in being very nervous. They will sort it out and I can switch. It is not like my domain is stolen and can't be taken back.
Status Alert: Hey, all. We're aware of the trouble people are having with our site. We're working on it.
That understates things by several orders of magnitude. It's not just their site that is down, it's their domain name servers, so most websites that bought their domain from GoDaddy are unreachable (unless you are working off of cached domain data).
I don't use GoDaddy, nor do I particularly like them, so this doesn't really affect me or my business directly.
But I got a call earlier today from my less tech-savvy buddy who was freaking out because his GoDaddy website was down. Yea it is probably "his fault" for choosing them, and he probably "deserves it".
Still, not everyone is born a leet computer hacker, and sometimes this is the only way people will learn, so I'm trying not to be too hard on people for that.
That's an artifact of the way whois information is pulled up. Basically for any domain registered you can create a third level domain and have it come up when someone searches for that domain using a command line whois utility.
What you are seeing above (and some of the examples) are the result of clueless customers who got some instruction and entered into the wrong field at their registrar. Other cases are people trying to get hits or bring attention to their site. This has been around since the mid 90's at least.
I just got an email from GoDaddy beginning: 'Todays Lesson -...'. I thought this might go into their service being down, backups or failover protection.
But no, it carried on to: 'Today's Lesson - SAVINGS! 20% OFF*'
Literally just transferred all of my domain names and DNS hosting away from GoDaddy last night. Should have done it after the SOPA fiasco - glad I didn't wait until today!
GoDaddy has been providing me with excellent customer support for a decade. I'm not sure what the hate is all about.
Sure, they didn't take my side in the SOPA debate, but I'd rather live in a world where everyone is entitled to their opinion.
I'm also not comfortable with a group calling themselves "Hackers" giving my profession a foul name by activities like this. This is like bombing a nation which doesn't have same views as yours. Hackers, they are not. Shameful.
My experience with GoDaddy has been nothing but negative.
The latest being a SSL certificate I purchased 9 months ago. They auto renewed the certificate at full price 90 days in advance, without any warning whatsoever. Partially my fault for not opting out (but I was unaware that I ever opted in). Most services that auto-renew give you a warning prior to the imminent date.
When I asked for a refund, I was told I could only get in store credit. In store credit for a virtual good that hasn't been activated/used and arguably charged without my consent? Joke of a company.
This has been a known vulnerability for dns, as they are susceptible to DOS. We use network solutions for DNS but they can be taken down in a similar manner as GoDaddy.
BTW one of the servers we needed to access did not resolve, but I was able to connect via IP instead of DNS. Host file baby!
GoDaddy's registrar service
GoDaddy's authoritative DNS service
GoDaddy's hosting service
GoDaddy SSL certificates
etc.
They are all different services. When you link them all together and give GoDaddy control over your entire setup, if there's a problem with any one service, you can't recover as easily as if they were each handled independently. meme: "Do one thing well."
"All-in-one" solutions, though they might provide convenience, might come at a cost in terms of disaster recovery. meme: SPOF
I wonder if this thinking might also apply to software: using a single, large "all-in-one" program versus using lots of smaller, independent (and replaceable) programs.
Why is GoDaddy excluded from the requirement to provide port 43 whois service? Are they special? To my knowledge you can only get whois information on GoDaddy domain names from their website. Why only HTTP whois? Are they front-running?
I recently rented a VPS specifically so I could run my own DNS. I use tinydns[1] on the VPS as a stealth primary to host my zones and then use BuddyNS[2] as my secondary. It works seamlessly and wasn't that hard to set up if you know how to work a command line.
Of course, if someone were to do this same thing to BuddyNS I would be up a creek for a little while, but I could just login to Namecheap and point to a different secondary.
Mostly for the knowledge that only comes from doing it myself. I looked into using Route53 but I would have had to build something for my dynamic DNS anyway.
Sure someone will post this as a new story, but it appears DNS services are back online. I checked a few of the sites I manage and they are now working.
Now I need to bust a nut and get things moved off ASAP.
Someone (I'm looking at you, gandi.net) should give a "GoDaddy is Down" discount for domain registration. I'm ready to migrate the domains I didn't change during the SOPA fiasco ...
I found this hoping to gather some information about the DNS attack. And instead all I found was that as a nonprofit without enough money to invest in IT staff who might "know better", it's just too bad that we can't accept donations on our website for our homeless children we support because by using GoDaddy we got what we deserved. Was hoping to find information, but that isn't quite what I got.
I had domains with them marked "auto renew" that mysteriously had that status changed. Since all my domains were "auto renew" I wasn't monitoring my renewal notices. Suddenly I discovered that several domains had expired and had been purchased by others. Now that sucks and is a good reason for me to find another registrar, in addition to the moral misgivings I already had about them!
I'm against SOPA and these laws as much as the next guy and I don't agree with many of stances that godaddy takes, but assuming they were really hacked, it's because of idiots like anonymous that our freedom on the internet is in jeopardy. This kind of stuff will simply promote the governments around the world to pass laws regulating the internet.
I don't much care for blame as much as I care for alternatives. Who do some of the largest sites register their domains with? And I mean reliable and fast. For example, a whois showed me ycombinator.com is with EASYDNS TECHNOLOGIES. Google is with MARKMONITOR INC, which is totally overkill I bet. Suggestions? Recommendations?
I def. would recommend dnsimple.com (I think I pay only $3 a month). They have a lot of templates to easily add records for heroku, blogs, and google apps.
I have a kind of unvoluntary ping to my mailbox hosted at Gmail / Google Apps, "Buy Vigara" (sic) messages that arrive with a few minutes intervals since months ago. Google sorts them as spam correctly, but it is interesting to see how they are less and less frequent over the past hours. (Yes my domain is on godaddy)
Is there any word on if this is a DDoS type attack (I've seen things like request saturation attacks on DNS servers before)? Or, is it an actual exploit issue? Seems perhaps that it might be the latter from what I've seen so far... Anon is claiming it is only one of their guys responsible for this outage.
FWIW I run the DNS hosting service SlickDNS (https://www.slickdns.com). The focus is ease-of-use, but there is also good redundancy with multiple name servers located in the US, UK and Japan.
I tried to set up my site on CloudFlare but it say's that it's not a valid domain name. I think they might be checking the DNS records for the site before you can set it up so it appears to be invalid. Does anyone know a way around this?
I moved the bulk of the sites I manage off of GD when the SOPA thing happened but left a couple because the pain of transferring was to much (read, client didn't want to).
Surprisingly, all the reasons to stay on GD vanished this afternoon :-P
Looks like the primary server cluster that handles all the incoming traffic at godaddy for all their went down. This caused the traffic failover to secondary servers which where unable to handle the load and crash.
GoDaddy never struck me as a particularly evil corporation, just practical. But I would be interested to hear any recommendations for an alternative hosting company, and the logic behind the choice.
For hosting alternatives, you'd have to describe what you want. Heroku for rails is nice and is built on Amazon's EC2 stuff (which you could use for other apps)... for VPSes, I like Linode a lot.
For DNS, I recommend dnsimple. They do DNS and domain registration for my three domains and their UI is amazing. Here's a referral link that, if used, gives both of us one month free DNS service (which is only $3 anyway). https://dnsimple.com/r/96a980397648e9
!) Look for hosting companies that are targeting developers (Linode and Heroku are both good at this). The tools and UI will be more sane and you'll have a more pleasant interaction.
2) Avoid bargain bin VPS services for anything that's not a playground. If it can't disappear tomorrow forever, it's not bargain-bin material.
So.... just to get the ball rolling here... what did GoDaddy do to piss everyone off so much that they raised the ire of Anonymous? Other than the choice of Danika as a spokesmodel, I mean.
GoDaddy's service is non-exceptional, their Web UI is clearly focused more on up-sales than on helping customers get work done, their [advertisements are sexist][1], their [attempts to police the Internet][2] are an affront to free speech, they [lobbied for the horrible SOPA until it appeared likely that continuing to do so would hurt their bottom line][3], and their [founder/former-CEO][4] is a hyperaggressive douchebag who [kills elephants for fun][5].
Most (properly configured) MTAs will queue and retry, so any unsent mail shouldn't be blindly discarded. Postfix, for example, defaults to a queue lifetime of 5 days.
For those who don't read Chinese, the first column "Last 5 Minutes", the second is "Last 10 minutes", the third is "Last 15 Minutes" and the fourth is "Today,the failure rate".
For DNS, I recommend dnsimple. They do DNS and domain registration for my three domains and their UI is amazing. Here's a referral link that, if used, gives both of us one month free DNS service (which is only $3 anyway). https://dnsimple.com/r/96a980397648e9
If you are using GoDaddy for anything, you deserve what you get. If you are using GoDaddy for not just registration but also for DNS, I would just fix it as soon as possible and not tell anyone.
Also, do backups, use good password practices, and everything else that everyone knows and the lazy will still fail to do.
Oh, 20 seconds in and a downvote. I can take them, I didn't ignore the last 8 problems GoDaddy has been responsible for lately and am not hurting from this outage.
So, I had both upvoted that guy's comment and flagged this entire thread (as in, the top-level post). To me, and I think to many other people, what is actually the core problem with HN is that it is being flooded with a ton of what is pretty much "spam": posts that are either repetitive (either to content from years ago, or even to content from last week) or content that are informing people of things that should be prerequisite knowledge.
In this case, the problem is that DNS is a distributed database, and the idea that people are hosting websites with all of their DNS from a single provider that is at the same time acting as their registrar (whose only purpose in the DNS infrastructure is to mediate your ability to change your DNS servers and renew your account) is horrific: it means something horrendously wrong has occurred in this community.
Meanwhile, the comments here are just strange: people talking about "switching providers without downtime" when the whole point of how DNS works is that you can have arbitrarily many servers and thereby have multiple providers hosting your zones at once. To even have a webpage in the first place you had to setup DNS, and if you somehow skipped that step then you probably skipped tons of other important steps. :(
Reading this entire thread is thereby just depressing: this isn't some advanced corner case of A/B testing leading to improved knowledge of how to do pricing, this is web hosting 101. Yet, somehow, we have 308 upvotes and 238 comments that have been left about an outage of a single provider for the only component in the entire stack of a website where you almost have to go out of your way to not have fault tolerance.
Then, as opposed to trying to get this discussion out of the way as soon as possible, we are just being flooded with a combination of people claiming that this is important, and that those who disagree are being "snarky", combined with opportunistic bloggers submitting tutorials like the "GoDaddy Outage: How to Migrate to AWS Route 53" that was just posted.
Therefore, I will claim that it isn't drivebyacct2 that is indicative of a loss of HN quality: it is instead that somehow any of this was relevant in the first place, and that once posted it keeps spreading. I can understand people being interested when AWS or Heroku or even GitHub goes offline, but no one on Hacker News should care if GoDaddy DNS goes offline.
There is so much that "should" be prerequisite knowledge, that people simply can't know it all.
I admit that I know very little about DNS, to the point where I don't understand large parts of your post. I have a website, and I vaguely remember doing stuff to get the domain name to resolve, years ago. I know roughly that DNS translates domain names to IP addresses, but not much more. I'm okay with not knowing much more than that. I'm confident I can learn if necessary, but so far I've been learning the prerequisite knowledge of other fields.
If I was using godaddy, this thread would be helpful to me.
Unfortunately lack of hosting-related knowledge is indicative through and through here even to the actual startups out of YC. Is it too much to ask for someone to know the latest buzz about Rails but can't spell DNS? Good luck if you choose this as your crusade to educate.
You don't find it interesting that one of the largest DNS service providers has had a major outage rendering browsing many websites virtually impossible for several business hours? Not every site I am interested in using is maintained by readers of HN who should (perhaps) know better.
Are you trying to say that it is ironic because my post is also snarky? If so, I think you need to a) go do some research on the concept of irony and then b) point out where I claimed to not be snarky...?
> (informal, sometimes proscribed^)[1][2] Contradiction between circumstances and expectations; condition contrary to what might be expected. [from the 1640s]
> ^ Some authorities proscribe the last sense, "contradiction of circumstances and expectations, condition contrary to what might be expected"[2], but it has been common since the 1600s.[3]
Close enough for government work.
Definitional pedantism aside, I think my point is clear.
To be really pedantic, your assumption that there was some expectation that my post would not be snarky is fallacious. Why do you hold that expectation? See, I wasn't the one calling out the snark, I was just pointing out what from the OP could be considered snarky, and I did it in a snarky way. That isn't irony just because you held the (incorrect) belief that for some reason (again, what reason?) my response post could/should not be snarky. That is all besides the fact that you had to dig up a proscribed definition of irony from god knows where to support your faulty premise.
I agree. As much as I don't like GoDaddy and have already moved most of my domains away from them, I don't like seeing someone say "you got what you deserved for using them". What a mean thing to say.
How come others get to downvote my comments but I don't like-wise? This is what's hurting HN. Black box phenomenon like this. No information about the commenting process. Maybe reddit is on to something after all. The designer of this site is one arrogant sob.
At the risk of further degenerating into meta discussion, I'll answer your question: Downvoting privileges are opened up at a certain karma threshold. The number has changed a number of times in the past and I believe it's currently at around a floor of 500-600 karma.
This just in: "Pointless Arguments Over What's Hurting Hacker News are Hurting Hacker News."
Just knock it off and get back to posting interesting discussion. If you're not doing that, you're contributing to the "hurting of HN." And I'm well within my understanding of hypocrisy and irony to be aware of the fact that I'm committing this exact fault, so thanks for pointing that out, you're so intelligent.
What does Paul Graham have to do with people downvoting you. It's a policy to help with people reflexively downvoting and it encourages people to become positive contributors before they can moderate others. It's a public policy. It's no conspiracy.
Negative karma. There's nothing wrong with your comments, but they're better suited for the more casual atmosphere of Reddit. (which is why I like Reddit more)
And yet every other month we have posts about password breaches with tons of HN users complaining about having to change their passwords. Or we have posts from people who didn't back up their data and their cloud provider lost it, or experienced hardware failure. Or we have technically savvy people who dismiss GoDaddy problems or have literally in the past said "It's good enough, we'll just stay because it's easy".
Sure, it may be snark but I sure as hell hope it motivates at least one more person to switch. And apparently it has, unless I'm failing to detect sarcasm on one of the other replies.
This entire conversation should be useless because there shouldn't be people here still using GoDaddy.
The reasons not to use GoDaddy in the past have been entirely moral/political, not technical. I've been using them for 10 years without a DNS issue like this, so it's not quite the same thing.
Moral/political reasons aside, have you ever seen their UI?
Try registering for a domain and get an idea of how aggressively and unabashedly they try to upsell you things you have zero need for, how difficult they make it to "transfer" domains. Generally, these practices are good signs of trouble, and a good hint that it's better to take business elsewhere. I should not have to spend hours upon hours wading through BS to do trivial tasks.
While those things are certainly annoying, they take up about 10 minutes per year of my time. Yes, GoDaddy has lots of issues, but it's not like other registrars are any better. E.g. on the front page of NameCheap they advertise that .com domains are 3.99, but when you actually do a lookup they in fact cost $10.69.
It is slightly misleading (since the default search box is for .com), but all it says is "DOMAINS FROM 3.99"
which is absolutely true. Some .info domains go for as low as $3.99
That is nowhere near as bad as GoDaddy's upselling crap PLUS namecheap's configuration and control panels are really nice to use.
Comparing GoDaddy to NameCheap is like comparing MySpace (before the last major redesign) to Facebook. They both have to make money somehow (and so have certain lame tactics to be competitive), but NameCheap is obviously lightyears beyond godaddy in any informed persons mind (ESPECIALLY when actually using the service after having paid for it... NameCheap's control panels are the best i've ever seen anywhere)
Namecheap is a fabulous hosting provider. Love 'em. That said, highly-redundant DDOS-resistant DNS infrastructure is not their focus--they offer it as a free service with hosting, but it's best to cough up a few extra bucks and move your DNS to something more robust with AnyCast (DNS Made Easy, Route53...) when you can if uptime's important to you.
Wow - you're seriously a hero. Thanks so much for building the test and thanks (even more) for the blog post (especially the legwork on pricing). I look forward to the day when "can we jump on a call?" sales processes are well and truly dead and self-service and transparent pricing is the norm.
Right below there it says web hosting starting at 2.95 per month, and if you click on the link the lowest price listed is 3.45 per month and that's only with a 24 month commitment. Why would I go with a company that is outright trying to steal money from me? I ask because they seem to be the most recommended GoDaddy alternative.
Their UI is AWFUL. But you know what...it's intentional. All of the upselling. The current hiding exactly where the "My Account" stuff resides. It all feels very intentional as to mislead people into buying unwanted services.
Their UI is there to provide one purpose, confuse user's into buying stuff. It seems to have worked for the most part.
I think we just need to remember that most people reading HN is not the target audience GoDaddy is looking for (IMO).
Wow, someone tried to sell me something...oh, it was so hard to say 'no' to things I did not want to buy and did not need. Oh wait, that's right, I don't care at all. I have no problem not buying those things.
It's actually not that bad and is only getting better since they've taken on investors. Even when it was bad, it was only bad on the first few visits, once you learned your way around the clutter, I never spent any more time on the GD site than I did on any other registrar or hosting provider site. For instance, just going to dcc.godaddy.com to go right into my domain manager when needing to update a domain.
Completely agree. The small business I work for has used GoDaddy from the start and has had outstanding uptime. Sure the interface is horrible but that doesn't affect our customers.
Probably a little early to be advertising this, since we're a couple of days from an "official launch", but I'm launching NameCan.com to specifically address the problems in what I perceive to be an unethical domain management space, namely:
I run my own DNS, so this outage isn't affecting me.
But I've also been migrating my domains away from GoDaddy for purely technical reasons.
One is that the UI is constantly changing, with its sole goal to be deliberately counterintuitive. There are key places where it tells you click on a link, without just offering the link right there, so you have to hunt it down on the page. Crazy.
But the worst one is that I can no longer read their emails in mutt. At all. It was refreshing to get simple notifications from Namecheap that were short and easy to read.
That's simply not true. And even if you ignore strictly technical problems they've had in the past (and the technical issues I had helping a non-profit with a hacked GoDaddy instance on a shared box that they disclaimed responsibility for), their moral/political problems are technical problems as well. As far as I'm concerned, failing to follow a DMCA properly and instead simply re-routing DNS requests in the meantime is a technical issue just as much as political one.
It was a hosted WordPress blog. That by default makes it their fault. If WP weren't up to date, it's their fault. If the host for the shared instance were hacked and files were added to all of the shared installations (which is what happened), it's their fault.
The problem was, the malware was only visible when the referrer was "Google", so they claimed there was nothing wrong. For weeks.
I'm not sure I follow your logic. GoDaddy may make it easy for you to install WordPress but it's still up to the owner to go in and update WordPress and Plugins. I'm not saying it wasn't GoDaddy but claiming it was definitively seems a little silly...
I don't know as I didn't set it up, but I've used shared cpanels in the past and they give you one-click WordPress installs and advertised as a "one-click full solution".
Either way, when it came down to it, one of their other shared clients were compromised and their sandboxing was rather insufficient leading to most of the clients on that box having some sort of malware installed. I'm sure the person in question was targeted because it looked like a standard install and frankly, if I was targeting shared hosting providers, I'd create my malware to be easy to integrate with WordPress.
I hope that makes it more clear why I find it to be GoDaddy's fault. In the end of the day, they understood what was wrong, apologized and fixed it.
Well here's how it works. GoDaddy and all other host's "one-click" is installation only. It doesn't auto-update your WordPress install so yours likely contained an old security exploit and was easily hacked. This is by design, it would be bad to install a WP theme and then have your website broken because it auto-updated WP.
Even so, you never answered my original question. How'd you determine it was a sandboxing problem rather than your own WordPress installation being compromised? Seems even less so considering you didn't realize you had to update WordPress yourself.
Your initial comments snarkyness to usefulness level was pretty low. It was a lot of "look how oppressed I am by being downvoted," and "you are so stupid for using godaddy."
You can communicate constructively and effectively without being so asinine. Here is an example of your initial comment with a bit kinder language:
Unfortunately, GoDaddy's services are often quite lackluster. I would urge current users to switch all their Godaddy-hosted services to other, more reliable providers.
Also, always remember to follow security best-practices such as using secure passwords, conducting regular backups, and the like.
Millions of normal not-too-savvy folks use GoDaddy because to them it's synonymous with domain registration. They profoundly do not deserve their sites to be down for that.
What's shameful is that millions of not-too-savvy decided to make a serious decision without becoming savvy about domain registration. Profound? No, just pathetic.
There are timeouts in place to prevent rapid back and forth flamewars/arguments. You can bypass the timeout (at least most of the time) if you know how (for example, I just did to respond to you) though that should be considered bad form. This functionality is not something targeted against you.
I don't care for the tone of "deserve" in this context, but there are two ways to look at the term.
One is in a moral sense - something along the lines of "If you use GoDaddy, you share its guilt for its bad acts and deserve punishment". That's unfair, of course.
Another possible meaning is that anyone who fails to research something as important as a domain name registrar is suffering the natural consequences of their actions when a poor choice causes them problems. A person doesn't have to be very savvy to read the Wikipedia article and see that GoDaddy has been involved in several high-profile controversies regarding mistreatment of customers.
I don't think someone asserting the second should be shamed, though it doesn't seem to be very valid. I didn't come up with much negative information outside of the Wikipedia article when I avoided search terms specifically related to known issues.
I'm not trying to be a jerk, but anyone would say the same thing if I complained about QoS on one of those hugely over-sold shared PHP hosting sites.
Are there really a lot of "not-too-savvy" folks who understand that they need GoDaddy to provide them DNS servers but know better than to use someone else for DNS services and/or registration? Maybe I underestimate the size of that population.
I should and do apologize... I'm getting a lot of flak for my tone. No one deserves for their sites to be down, but I have no sympathy for HN readers who experience downtime. This issue has been discussed to death too many times for it to be an honest surprise to anyone here.
I totally understand what you meant-- definitely, anyone reading that comment had a chance to avoid this. But "you deserve it" is very harsh language for what is for the vast majority a well-intentioned mistake at worst.
So, no more shame, but just consider that it is possible to be sympathetic towards someone without endorsing their behavior.
I would would guess there are is a huge population of not-too-savvy folks who use GoDaddy for registration... and they aren't even aware that registration and DNS can be separated.
At least, I assumed they aren't putting Danica Patrick in Super-Bowl commercials for the benefit of the HN crowd.
Agreed. All of my domains have used alternatives for the last few years (Google and Name.com). But my less tech-savvy self registered my legal name domain (and variants) around six years ago with GoDaddy and never switched the DNS management over. Big mistake. Now my blog is unreachable via DNS during a job search. Better update my resume links!
No, you're right. It was off the cuff and non-specific and honestly, motivated by a frustration of GoDaddy more than of people here (though I do still hope that they consider this the last straw and move if they haven't already). I just think that someone who's as much a behemoth as GoDaddy could get their shit together and offer a decent quality of service and a tiny ounce of transparency.
I'm a bit upset because this subthread is so vitriolic as a result of my tone and I am sorry for that.
Just pointing this out, it is entirely possible to be a HN reader and deal with clients who have set up their hosting and ignore your suggestions (pleas) to move to a better service. Sometimes clients with low budgets and non profits like to just "figure it out themselves" instead of let their developers handle the hosting arrangement (we do charge for that sort of thing). Enter: GoDaddy's incessant advertising.
Ok, snark aside, I think you would have contributed better if you rephrased this:
> If you are using GoDaddy for anything, you deserve what you get. If you are using GoDaddy for not just registration but also for DNS, I would just fix it as soon as possible and not tell anyone.
...to something like this:
"GoDaddy has a history of not only being bad with customer support, but also being the target for many politically motivated attacks for business practices which are not forthright or above-board. If you use them for registration and DNS, you are likely to get burned, so I suggest moving to another provider in short order once this clears up."
You could do a lot to benefit people without the vitriol, snark and associated venom.
Thousands of mid-sized to small business, run by people too busy to read hacker news or other sources of geekery, have no idea why they should consider not using GoDaddy. A response like this is part of the problem, and not even close to being a solution or advice.
But you might have gotten downvoted because you said "If you are using GoDaddy for anything, you deserve what you get." w/o giving links or further information. The things you are thinking might not be obvious to everyone.
From what I gather you should take your money elsewhere because: (1) they love SOPA (even though they redacted their support) (2) they have awful customer service and seedy sell tactics (3) have ads which are sexist and (4) have a CEO who likes hunting elephants.
If those don't bother you then you can now add have DNS servers go down for significant portions of time.
Even wikipedia ditched GoDaddy several months ago.
GoDaddy might not have been in the news for a few months, but their issues are well documented. If I had been the one to post I would have added links like you suggested, but when choosing someone to do business with it's prudent to find out if they're a shady company. A Google search will present their issues right up front.
Citing sources for your opinion is good practice, I agree, but so is independent due diligence.
Except that everyone doesn't use HN. The people that registered their domains with GoDaddy generally don't frequent HN. Informative decisions about domain registration is basically preaching to the choir here on HN. OP's comment is perfect given the context. Had this been CNN or someother popular news outlet, then the OP would have been "snarky"
For all the people recommending “use this thing instead, dummy!”: can you share evidence which supports the claim that your thing is less susceptible to a denial of service attack than GoDaddy’s?
Because it seems like there are a lot of suggestions to move to alternate services that are in almost every case more expensive, but may or may not be any more reliable. It is well known that there are entities in control of botnets
large enough to DDoS just about anything for some period of time.
If you're in the rare situation of using GoDaddy DNS but don't use them as a registrar, then you're in luck. Simply sign up with a new DNS provider. They will give you their DNS servers which you need to set as the DNS servers that are authoritative for your domain. Then sign into your registrar and change the authoritative DNS servers for your domain. There will be a propagation delay but once it's done you're all set.
If you are in the extremely common situation of having registered your domain through GoDaddy and also use their DNS service, then you have a problem because to move to another DNS provider you need to sign into GoDaddy.com to make the change I've described above i.e. change which DNS provider is authoritative for your domain. You can't do this until GoDaddy.com is back online. So what I suggest is that you sign up for a new DNS provider and then keep checking GoDaddy.com. As soon as it comes back online, sign in and make the change to your new provider as quick as you can.
Other data:
Whois requests for godaddy domains are currently failing because whois.godaddy.com is offline due to name resolution failure.
Godaddy's twitter feed is a good source of updates, although they are claiming to be making progress and all my godaddy DNS hosted domains are still offline, so it seems to be more marketing speak than real data: https://twitter.com/godaddy
As mentioned, Anonymous seems to be behind it as three tweets on their twitter account seem to indicate: https://twitter.com/AnonOpsLegion
I don't think the scale of this attack is fully understood yet. According to the CBC, GoDaddy hosts over 5 million websites (not sure if that's DNS, registrar, etc) so expect this to be big news and potentially the next political football.
Edit: And finally, http://www.downforeveryoneorjustme.com/ is down for everyone because it's over quota. Via Reddit which is also covering this: http://www.reddit.com/r/technology/comments/znvwk/godaddycom...