An extraordinary, focused attack on DNS provider Dyn continues to disrupt internet services for hundreds of companies, including online giants Twitter, Amazon, AirBnB, Spotify and others.
The worldwide assault started at approximately 11am UTC on Friday. It was a massive denial-of-service blast that knocked Dyn’s DNS anycast servers offline, resulting in knock-on impacts across the internet. Folks immediately started reporting problems; millions of people are affected.
After two hours into the initial tidal wave of junk traffic, Dyn announced it had mitigated the assault and service was returning to normal. But the relief was short lived: just about an hour later, the attack resumed and at the time of writing (1800 UTC), not only is Dyn’s service still down but its website is too.
(Aptly, Dyn researcher Doug Madory had recently given a talk on DDoS attacks.)
By blasting Dyn offline, public DNS providers – such as Google and broadband ISPs – are unable to contact Dyn to lookup hostnames for netizens, preventing people from accessing sites using Dyn for DNS.