Major DOS Attack Against DreamHost’s Nameservers

DreamHost is currently experiencing intermittent DNS outages on all nameservers, which is causing problems with both websites and email.

It appears they are the victims of an Easter Denial-of-Service attack against their nameservers.

In October and November last year DreamHost had several minor DOS attacks against one server at a time (Selma, Whopper and Jalapa), but this seems more severe like the DDoS attack in December 2005, since it’s affecting the entire network.

6 Responses to “Major DOS Attack Against DreamHost’s Nameservers”

  1. Tim says:

    This is a little off topic, but I was curious if you knew when DreamHost plans to upgrade it’s shared hosting environment to Debian 4.

    http://www.debian.org/News/2007/20070408

    You have a great blog!

  2. Unofficial DreamHost Blog says:

    Tim – I’ve no knowledge of DreamHost’s plan to upgrade, but I think you can expect that it will at least take 2-3 months and probably more like 5-6 month before they will upgrade to the newest Debian.

    My assumption is based on the last major upgrade of Debian to version 3.1 (Sarge). I found an old thread in the forum http://forum.dreamhosters.com/beginners/24099-Debian-3.1-Release.htm where Jeff explains why an upgrade takes so long:
    - lots of testing required before upgrade
    - customers need to be notified before major server changes
    - upgrading 1000+ servers will take several weeks

    As an example was Debian Sarge released in June 2005. DreamHost started the roll out in July, had a 1/3 done by August and finished the roll out in October.

  3. Tim says:

    Thanks for the link. That was an interesting read about the Debian 3.1 roll out.

  4. Henrik says:

    It is wise of Dreamhost to put the Debian update on hold until all is tested and the branch of Debian is “mature”.

  5. Chad says:

    @Henrik

    Did you just say that DreamHost should wait on updating Debian until the branch is more “mature”.

    Do you seriously have any idea how long it takes for a release of Debian to be named “stable”. The QA process is more in-depth and lengthly than any other Linux distro out there, including commercial vendors.

  6. Henrik says:

    @Chad (nice country btw): What I mean is that when the branch has been deployed in their system and perhaps by other people in the same business (aka webhosts).

    It’s not exactly the same thing (yeah, apples/pears) – but RHEL 4 caused issues for certain ISPs, to mention one thing.

    It is always nice to wait and see how it behaves in a test-environment before launching it live. No matter what piece of software it is.

    Then again; I might seriously need to reconsider that too! :)