New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@GoodHosting
You know news?
what is the address for the portal?
[email protected] should work.
seems to be happening a lot lately
Hello @OP,
It's actually been down 11 hours now (not 2 days). We're moving our panel and other related services off of OVH's poisoned network; and onto our Chicago network. We experienced a rather annoying attack today that came from OVH's own servers, and they refuse to comment on the issue; so we've chosen to move.
The DNS records were set to update 2 hours ago, and should propagate within 24 hours. We have multiple DNS servers setup this time (some on Wable, two with Serverian, two with RamNode, etc.) so should not have many repeat problems as we have in recent weeks with DNS failures.
Looks like it's still pointing to ns1.goodhosting.co and ns2.goodhosting.co. Are you sure you have changed them?
What about OVH is poisoned?
A little iptables magic and you can alleviate this all, forward traffic for your old IP's to your new IP's and things are back online.
Not to mention, if you show me a network that OVH servers don't attack I'll do your laundry for a month.
@GoodHosting It could be good to inform your clients or/and LET for the move, before you started it, so there were no speculations and people know that their client area will be unreachable at a time window.
@jvnadr: True that.
Transparency, man... Transparency
Not many here do that (announcements) so its kinda like okay at LE* ;-)
More should
Everyone should.
It's actually kind of interesting, I had to send thirty notifications to OVH Abuse, as various IPs from their infrastructure at OVH.net were found attacking our panel at OVH Canada.
More specifically, I had to set the following firewall rules in the OVH firewall; which only lessened the attack:
And for the crap that OVH's firewall can't block (as it simply doesn't have a rule for it), the following had to be implemented on EBTables isolation at the host level:
And finally, in the guest via regular old IPTables
Sadly it seems we need to notify LET when our employees sneeze. As per our clients, we did send a notification out to our active clients. I'm not sure about OP ever being a client, but considering our mail server was on OVH, fairly few of our clients were able to receive E-Mails at all (go figure.)
I'm manually configuring all the name servers in our registrar's host management system now, since they have yet to kick over the regular way ("Child Nameserver") . I'll update this thread (since apparently I have to) when the changes have propagated.
How about using some DNS Service like CloudFlare for your own website and incorporate StatusPage.io or something
Why don't you use Mandrill or Mailgun to send your client communication emails?
Anytime you make a change to a nameserver you need to replicate the changes at your registrar. Meaning if you have ns1 on 1.1.1.1 and change it to 1.1.1.2 you need to update your registrar also.
Welcome to DNS 101.
I don't know man, I see a lot of nonchalant ness from you about this situation. EVERYONE knows not to use OVH for sending mail, yet you were. It is your fault when someone doesn't get a mail because you actively chose to host your outgoing mail server with OVH. Once again, everyone knows that is a nono. God it should be apparent you should be using some sort of transactional service so you have an amazing record of emails being delivered etc.
You also posted three IP's. One at OVH FR, Hetzner and Leaseweb... That is not a giant attack from OVH servers... That is one IP sir.
In addition to the knowledge shared above, it'd be a good idea for you to familiarize yourself with PIPEDA:
Done.
Why are there more "I don't want to deal with it" paths then there are actual problem solving and correct reporting paths on this diagram? The biggest (what SingleHOP does for every single issue) being "Complaint by Individual" => "Intake" => "Declined to Investigate"
EDIT Typo'd.
Showing incerno and steadfast. NS1 & NS2 are on steadfast and NS3 - NS8 are on incerno.
Incerno == Wable . Steadfast is our Chicago cluster (The local ones) . We ended up using the servers from Serverian for backups instead.
I'm setting up the ones on RamNode now (waiting for cPanel DNSOnly to finish intalling.)
How many DNS servers are you planning to have exactly?
8 apparently? Maybe Anycast would be a better solution here?
http://vincent.bernat.im/en/blog/2011-dns-anycast.html
Seems to be the only way to make LowEndTalk happy. That and, if you check the locations of the DNS servers, each pair is located in a different state.
ns1 / ns2 - Chicago, Illinois
ns3 / ns6 - New York, New York
ns4 / ns7 - Seattle, Washington
ns5 / ns8 - Dallas, Texas
He has 8 already, adding two with ramnode and two with serverian makes 12. YAY I haz add.
Seems like 8 too many.
NS1 -> incerno / wable
NS2 -> steadfast
NS3 -> ramnode
NS4 -> serverian
If you are going to continue with 300 nameservers, I'd definitely suggest spreading them out more. Don't put ns1 and ns2 in same DC. Maybe NS1 and NS8 in same DC.
ns3 / ns6 - New York, New York
ns4 / ns7 - Seattle, Washington
ns5 / ns8 - Dallas, Texas
This doesn't make sense. Just assign 4 nameservers then, not 8.
Can't haz addition, math too challenge, many hard. Read previous post.
Can not agree more, throwing NS at it will not make it better. More complicated yes, but that doesn't equal amazing.
http://tools.ietf.org/html/rfc2182#section-5