TIMELINE: 14:36 UTC 05/25/2016 to 07:00 UTC 05/26/2016
TIMELINE OF ACTIONS:
The following is a summary of actual downtime on each DNS server over the course of the period of the DDoS attack from 14:36 UTC 05/25/2016 to 07:00 UTC 05/26/2016. The times indicated represent a sum total of availability impact for the duration, and do not represent a continuous period.
While this attack was sizeable (the attack took out one of our geo-partners entire infrastructure in that region) and having multiple pan-global sources, the impact to customers was generally low with little effect on service usage levels for majority of PointDNS customers.
However, for a limited number of users of the service exclusively using the affected DNS servers, the impact was greater. And for some of those affected, the issue was being compounded due to some using the IP addresses of the DNS servers instead of the canonical names.
During this period, our response times to tickets was far from ideal, which was also further exacerbated by our status page updates not reflecting the progression of the incident, which was down to human error and communication oversight in an attempt to resolve the issue quicker. This had a knock-on effect of causing customers to be left without appropriate updates to progress to allow them to take decisions to minimise impact on them. Following this, we have added an internal review for DDoS incident management to guarantee better communication levels.