Saturday, March 28, 2026
Ongoing Name Server Attacks
FurrIX is seeing attacks on our name servers that have not let
up for a few hours now and as a result we have had to tighten
our rate limits and start dropping excessive traffic.
The way things are going, we will not be letting up on our rate
limits any time soon.
If you are being affected by these changes, you can send an
email off to ‘nameservers at marbledfennec dot net’ and request
a whitelisting that will bypass the limits. We will require knowing
you use case, however.
Wednesday, March 25, 2026
[Name Servers] Updated Configuration
We have been seeing a lot of DNS amplification attacks ongoing
during the past few weeks and have adjusted our name server
configuration to start rate-limiting and dropping request a fair
bit sooner.
We have also changed the graphs that we are showing for
the server status page.
Tuesday, March 3, 2026
[Incident Report #028][DNS] Name Server Attack
Update Two:
Going scorched Earth wasn’t the best approach and resulted
in our servers falling off of the OpenNIC list. We have removed
these network rules for the time being.
Update:
AS20473 is still attempting to throw a large amount of traffic at
our name servers, but our drop rules are in place and appear to
be working as intended.
What Happened?
From around 0600 to 0730EST this morning, our name servers
were hit with a large amount of traffic originating from a data center
in the Netherlands under AS20473. The traffic was spread across
multiple IPv6 subnets and volume was high enough the it saturated
the virtual bridges that our name servers are operating behind. This
is the fourth attack of this kind that our network seen in the past
two weeks.
Upon looking at the traffic reaching the name servers, it appears that
a handful of IPs originating from AS20473 are performing scattered
shot lookups for all kinds of domain NS records with no rhyme or
reason to the data they are requesting and they are doing so at a
rate that is affecting the usability of our network rate limited services.
What damages Resulted?
During the attack, we saw the following issues:
- Accounting service lost contact with NS2
- Legitimate name lookups were being dropped or timed out
- The NMS lost SNMP contact with NS1 and NS2 momentarily
- High CPU load on Nardoragon router
What are we doing to deal with this?
As a result of repeated abuse from this provider, we have:
- Applied drop rules at edge router for Phy One, dropping AS20473
- Applied drop rules at edge router for Phy Two, dropping AS20473
The FurrIX vIX will not tolerate abuse of our services to the point in
which it affects our operations internally or causes issues for members
of our exchange and going forward, we will be quicker to start dropping
abusive traffic all together.
Tuesday, February 24, 2026
Control of the LIR Subnets Assumed
As of this morning, FurrIX has assumed control of what was MFN’s
subnets. WHOIS and operational information has been updated, but
name server zones for PTR will have to be updated as time permits.
We are also in the process of redoing our agreement with MFN to
ensure that they can transition to a nested environment and stay
operational as a community web and game server host.
As part of the network changeovers, FurrIX is looking to renumber
and reconfigure the network as well as creating full documentation
of how each router, subnet and member connection is configured and
maintained.
We will release more information as plans finalize.
Updating Records
Half awake in the NOC because I can’t sleep, so I’m taking some
time this morning to work on some of our networking records and
to bring the zone files for FurrIX up to date.
Shouldn’t affect anything in our routing gear.
- Adrian