News!
For Members:
[Main Menu]
[Domains]
[Subdomains]
[Web Forward]
[Dynamic DNS]
[IPv6 Reverse]
[Backup DNS]
[Preferences]
[Registry]
[Logout]


For Everybody:
[Home]
[FAQ]
[News]
[DNS Stats]
[AUP/TOS]
2009-10-06 19:43:31
I have been thinking lately that a sincere thanks for those who have been supporting the site is in order. Premium memberships are the only thing which make it possible to get the equipment that is necessary to keep this project going, and maintained properly on a daily basis.

If you are able to join as a premium member, please do. I will make the most of your support, and ensure your contributions are put to proper use! Your feedback is always welcome.
 
2009-10-06 12:08:07
In an effort to further add stability and diversity, an additional server will be added to the east coast soon.

Servers distributed like so:

Los Angeles / Texas / Illinois / Washington DC

I will post an update when it becomes available.
 
2009-09-12 14:17:18
There was an interruption in DNS this AM, unexpected traffic levels were the cause.

It appears a member of the site's domain came under heavy attack, and a malicious individual decided to attack the DNS servers, rather then the site its self.

The attack is still ongoing, the effects have been reduced with the help of one of afraid.org's upstream providers.
 
2009-08-22 03:54:43
I have been tweaking some settings on the server tonight in response to some non-typical traffic patterns. Still evaluating the changes, but I think things are in reasonably good shape now.
 
2009-07-26 20:21:26
The stats page, and queries per second counter has been fixed, and retroactively backfilled.

When the new backup servers were added, only a portion of the DNS traffic was being counted until now.
 
2009-06-17 01:16:37
ns2.afraid.org is online at 66.252.5.14
 
2009-06-16 00:42:39
ns2.afraid.org is offline for the moment as it reached a software/OS based process size limit.

I am in the process of retiring this machine. I will be bringing up a new ns2.afraid.org in its place, with a different IP shortly.
 
2009-05-23 22:15:02
ns3.afraid.org has moved to 72.20.15.62
 
2009-05-01 22:59:11
A particular customer's domain was under attack tonight, unfortunately it reached the point of disrupting afraid.org's normal traffic.

The customer has removed the domain, however possible filtering solutions for this are being researched.
 
2009-03-18 18:49:01
Looks like a fsck fixed the disk issue that was occurring, so there was no major problems.
 
2009-03-18 01:41:54
The disk issue that is happening is that the primary disk is reporting more available space, then what could be possible.

This could be an indicator of possible file system corruption, though there does not seem to be any operational problems aside from an inaccurate reading of available disk space. There are no SMART errors being reported.

This event was reported nearly immediately via health monitoring checks.

Worst case scenario, is re-installation of the operating system, and possible disk replacement.

Diagnostics are scheduled to be ran on the server.

Should have more news soon.
 
2008-11-30 12:26:19
ns3 has been upgraded to 2GB of RAM.

This has greatly reduced its unresponsive durations while it reloads its DNS database.
 
2008-10-10 22:10:34
A new security certificate was added today, signed from a actual trusted certificate authority.

This means no more pop up boxes and security warnings when visiting the site using SSL.

To use the site over SSL, the URL is:

https://freedns.afraid.org/
 
2008-07-16 10:16:53
ns2.afraid.org has been upgraded from 1GB to 2GB of RAM.

This has drastically improved its performance.
 
2008-05-21 00:14:38
The nightly backup system at 1:29AM PST each night for 10 to 20 minutes would cause a severe performance hit to the site, (yet perform a very important task).

This method of backing up the site's database has been abandoned in favor of live offsite database replication.

The site will no longer have this routine interruption, as the slave server will always synced up any given moment to the second.

The international users of this service may especially appreciate this change. Though backups were performed early in the morning in the US, it is always peak time somewhere.
 
2008-04-20 14:43:47
A locking issue with the zone syncing system has been fixed.

This issue was responsible for many "reload queue is full" error messages in the event of any one of the slave servers was running slow, or held up during a server reconfig which can take a few minutes.

The queue performance now shouldn't be impacted in any way whatsoever by the state of slave servers, (unlike before).

A future change / note to self might be to offload the queue to something that does not have such limited capacity and use message queues for event notification only. However right now if the queue is full (indicating > 30 users changes are pending) there is probably something going on that having a bigger queue won't fix given today's change, so we'll see how this does.
 
2008-02-15 19:39:02
A few hundred accounts got banned this morning unintentionally, they are unbanned now.

My provider had started proxying my HTTP traffic due to an attack, and anyone who had any activity to their account started coming from the same IPs, which was triggering the ban system. I'll be whitelisting their IP space, as soon as they tell me their range.

I turned off the webserver until I could write a script to repair the database and clean out the ban triggers that had spread like wildfire to limit the damage.

A bit of a freak incident. There's been a couple this week.
 
2008-02-13 10:01:38
Yesterday a script with a socket error was writing to a log file very aggressively, this filled up the hard disk very quickly, and caused interruption to the web interface and URL redirection portion of the site.

It was corrected later that evening when I had access to a laptop again. I apologize to those who were affected. It took about 2 minutes to fix.
 
2008-02-05 19:22:36
The domain broken checking should be back to normal. Some sort of a.root-servers.net anomoly, that only happens when using that particular root server, still not sure why, but the problem I experienced seems to be limited to a.root-servers.net only.
 
2008-02-04 10:40:17
Most domains have fallen into a broken state for reasons that are not entirely known yet.

The tool used to check domain authority stopped working, and also does not work from different servers, this indicates no one is blocking afraid.org's nightly bulk checks.

I'll see what I can figure out / find out about it.
 
2007-12-25 09:10:43
The primary server (web interface) had gone unresponsive around 5:30 AM CST from what I could gather through my providers traffic statistics.

I put in a reboot request at 8 AM, once discovered, all daemons were running by 9:30 AM CST or so. The cause of the problem is yet to be determined.
 
2007-11-17 17:11:45
For users of the 'web forward' section:

At approx 7AM PST the URL redirection IP was blackholed by my upstream provider, due to a network attack against afraid.org.

10 hours later (5PM PST) it is still blocked after my attempts over the last 2 hours to get it removed.

I'm going to force the URL redirection IP to be changed, this requires all zones to be re-generated, and re-loaded into the DNS software, this can take a bit to do. They should all be up shortly, one way or another.

Given today's incident and duration, it is clear this is not an adequate structure for the URL redirection.

Changing the IP of every URL redirect system wide on a moment's notice for everyone presents some challenges. The use of CNAMEs instead of A records as web forward destinations would be ideal. CNAMEs however, can cause conflicts with other record types in the same glue path (such as NS records) of which A records do not. I may begin using a combination of both.

I will continue to think on this problem, and see if I can work on a solution that will utilize all DNS servers for web forwarding in addition to just DNS and web interface access.

As with most of the inbound attacks, I generally don't get to know who, what, or why they occur. It very likely has nothing to do with me. I can only suspect someone upset someone else, and I got the cross-fire.

I will post a follow-up to this post. But that's today's news.

Josh
 
2007-11-16 17:38:17
Users may be able to notice an increased responsiveness to the website, and performance during the last couple of days.

The average CPU load for the primary afraid.org server has been reduced to 30 to 40% of what it was.

Statistical analysis of traffic is being moved to a non-production server all together.

This is after 2 complete rewrites of this portion had been done in the past to accommodate ever increasing traffic.
 
2007-10-19 15:45:19
Memory upgrade success!

real memory = 4227727360 (4031 MB)
avail memory = 4139905024 (3948 MB)
 
2007-10-18 17:23:02
Every once in a while, dynamic dns updates stop happening to a single zone.

Users sometimes notice this and contact me, letting me know they have been waiting X hours for their IP change to show up.

When I hear about such a thing, I would often go through the logs, and see there are errors which the DNS server software is rejecting. I would then (by hand) go to the zone and find the line number, then go find the record in the database that causes the conflict, and remove it and force the zone to be re-generated.

Today a new daemon has been built which watches for any such errors automatically, and sends both me and the creator of the mal-formed record an email informing us both that any conflicting record has automatically been removed.

This will not only keep a zone functioning if somehow a malformed record makes it through the web interface, but also send me helpful diagnostic information to build a tighter system of error checking.

This was somewhat of a rare problem, but when it would happen to a zone like mooo.com which over 30,000 subdomains use, it has widespread affect on members who are unable to update their IP. This should now no longer be possible.

This sort of a setup is also going to be especially useful when allowing support for new record types.
 
2007-10-17 17:08:11
I'm in discussions with my provider to have the primary server upgraded from 2GB of RAM to 4GB of RAM. There will be a brief interruption of service to the web interface when this occurs... stay tuned.
 
2007-09-20 21:44:39
MySQL has been upgraded from 5.0.37 to 5.0.45 tonight in response to some undesired behavior. Upgrade fixed it.
 
2007-04-24 06:34:51
All servers were upgraded to the latest stable version of BIND 9.4.0 last week from 9.3.4.

In the process, the query stats output has changed slightly (for the better). This change has been throwing my numbers (queries per second and DNS stats page) off for the last week, as it was not reading all the counters.

I've updated the stats scripts to accurately read the new values they added, and am re-parsing all of the old stats dumps, to repair the DNS stats section with accurate data for the past week.
 
2007-04-22 23:21:27
Nameservers now are no longer instantly reconfigured upon domain addition. This should have a substantial impact on the previous DNS timeout problem that would occur randomly throughout each day.

While I much like the idea of providing instant zone additions, the reachability of the DNS servers is most paramount.

This should not impact IP changes/adds/updates, they will continue to occur in the order in which they are received (real time or near real time).

When a new zone/domain is added, a configuration reconfig must take place on the nameservers before a new zone can be served up. This process causes a nameserver to become unreachable for a short period of time while it analyzes its configuration for change.

This is still true, I cannot change how the DNS server its self is designed (though I understand much work is going into a threaded model that can answer queries while simultaneously updating its configuration, so I doubt this will be true forever).

As for now, this is a problem that has only increased with the growth of zones hosted. The problem translated into all sites receiving a DNS timeout when all nameservers do this at the same time. The problem was somewhat short, and random, but I'm sure several have noticed it, I know I have.

The add/delete a domain pages have been tuned for higher performance in the process of things, and the 'execute queue' button has been removed.

The domain additions/deletions should be fully propagated to all servers within 5 minutes at any given moment. Each nameserver will reload their configurations on their own staggered 5 minute interval (but never simultaneously, via a shared network lock, thereby preventing a total mini-blackout randomly throughout the day).
 
2007-04-17 23:50:24
The add a domain page has been tuned a bit.

After some analysis and benchmarking, it was found that the domain namespace collision detection code specifically was the culprit for some unnecessary slowdown.

For example, this is the code that would prevent 'test.mooo.com' from being added as a domain, when mooo.com is already an existing domain, and vice versa.

Incase anyone might be interested, domains are now stored indexed in reverse, and each section of a domain 'com', 'mooo.com', 'test.mooo.com' is searched for as exact match, then searched on with a wildcard character.

Storing and searching for collisions in reverse (Example: 'moc.ooom.tset.*' vs '*.test.mooo.com') allows a great leverage of the database indexing capability, since domains/subdomains depth grows from the front.

Before this change, it was loading the entire list into an array, and performing a regular expression search inside of the application, for each and every time someone added a domain. There was a point in time where that was not a impactful method. Today I noticed a 100 MB httpd process and seen it was executing a domain addition, and that led to today's rewrite.

Josh
 
2007-04-14 02:00:44
The last day or two there has been an issue which surfaced. The DNS server software has grown in RAM consumption to manage to hit a single process RAM limit in the OS. The FreeBSD default per-process limit of 512MB has been bumped up to 1GB.

Since raising this value, things seem to be performing better.

Josh
 
2007-04-11 19:27:54
Database server has been upgraded to the latest stable version.

The site was disabled during the back-up process, prior to installing MySQL 5.0.37 from 4.0.20.

An attempt was made to do an initial sync off the live binary files to minimize downtime, however that seemed to load the server down to the point of being unresponsive anyways, so it made sense to shut down the web and database server all together, which made it go about 10x quicker.

Josh
 
2007-02-26 21:43:07
Server transfer has been completed.

ns1.afraid.org has moved to -> 67.19.72.206
Previously: 67.19.238.248

ns4.afraid.org has moved to -> 67.18.179.15
Previously: 70.87.151.119

Josh
 
2007-02-25 22:40:50
The site will be transferred to a different server soon.

The initial data syncs/testing phase has now begun.

Hope to cut over to the other new server within the next few days, or less.

Will post an update when completed.

Josh
 
2007-02-20 20:29:52
Some site stalling / database locking conditions have been alleviated by a rewrite to a set of internal statistical maintenance scripts.

Web interface / update performance should be improved from last week, where some members may have experienced stalling, and timeouts.

Josh
 
2007-02-20 15:38:45
ns3. is back with a new hard drive and OS.

Josh
 
2007-02-19 11:16:44
ns3.afraid.org has had a failing hard drive replaced in it.

I'm working on rebuilding it now, it should be back soon.
 
2007-01-31 15:45:58
Latest OS/kernel snapshot is now running live on the primary server.

Josh
 
2007-01-31 10:51:46
Hardware or OS?

After the incident this morning (woke up to a load average of 200+), I am having thoughts about the issues with the server not necessarily being hardware related.

During the nightly backup (around 01:30 PST) the server ran out of disk space, however it was not showing it was out, which is *very* unusual, it was as if something in the OS was hanging it up.

The server is going to be brought down again to re-update the OS and kernel on it. We'll roll with that and see how it does. Its in the process of compiling the latest snapshot.

There is good news though, the ISP has recently agreed to do a chassis swap on the server just incase it is a actual hardware issue. I'm going to delay this route for now though, and see if a rebuild of the OS/kernel fixes these issues.

With these changes, this issue should be isolated soon.

Josh
 
2007-01-23 03:06:29
The diagnostics have been completed, nothing interesting was found.

Still trying to sort the issue.

Josh
 
2007-01-20 11:34:58
Greetings...:

I have scheduled the diagnostics run, the site/server will be taken down beginning January 23rd 2007, (Tuesday morning) @ 1 AM CST for diagnostics by the server provider to attempt to locate the source of the crashing thats been happening every 2 weeks or so.

The expected downtime is roughly 4 hours.

Josh
 
2007-01-01 09:48:12
Hey guys.

I've been having some crashing issues with the server. (about once or twice a month). Going on for 3 months or so. Previous server never crashed, and it was much less powerful. I can't seem to re-create or induce it (but I also don't want to take the site down trying to break it either).

I'm working with the provider to try and get it resolved/diagnosed.

A simple reboot of the server takes about 1 hour to get all daemons and processes operating correctly at minimum.

It was taken down a few moments ago to setup some remote console/DRAC up on it to see if there are any further indications of the cause there.

Sometime in the future it will need to be taken down for some extensive tests, when this happens it will be done during the night time in the US which is the least busy time.

I've been trying to get a loaner server to minimize the outage/problems while this is figured out, but the provider is convinced its not a hardware issue currently, and I can't prove it otherwise, since no interesting log messages are written to the disk.

All the best... happy new year everybody.

Josh
 
2006-12-05 00:55:25
ns3.afraid.org has moved from 69.39.226.22 to 72.20.25.134

Josh
 
2006-10-15 16:35:38
ns4.afraid.org has temporarily moved to 70.87.151.119 while some hardware issues are resolved.
 
2006-10-05 01:20:51
ns2.afraid.org has moved to 66.252.1.255

Please update your configurations accordingly.

Josh
 
2006-09-30 03:55:26
Databases have been moved to 2nd disk.

Josh
 
2006-09-30 02:46:15
2 nights in a row the primary server has crashed.

The hard disk is almost full, I'm going to try and free up some space, and move the databases to the 2nd SCSI disk.

It happened both nights at about the same time, during the nightly backup.

Even with a full disk, things shouldn't go down though.

The server is a leased rental, I am working with the provider on the issue.

Josh
 
2006-07-05 23:39:14
New server now live!

The web interface, and URL redirections were interrupted during this cut-over / database sync transition.

I apologize for any inconvenience caused.

DNS itself suffered no interruption.

Josh
 
2006-07-04 00:40:59
New server has been ordered!

Should be ready to go within the next week or two.

This will be replacing the current one, and therefore will be issued some new IP space, which should only impact those using DNS branding, whom I will email.

OLD] P4-3.2 GHz HT / 2 GB / 80 GB IDE hard disk
NEW] Dual Xeon 2.8 GHz / 2 GB / 2-SCSI 10k RPM drives

This should result in a web interface performance boost, now that I'll be able to offload some slow statistical analysis programs onto a 2nd hard disk (and SCSI to boot!).

Though it has a slower clock speed, it is a dual with larger caches, so the processing power will be signifigantly increased.

I'm also in the process of re-designing the nightly backup system which is the cause for about ~1 hour of more-then-necessary sluggish web interface performance that I've been getting a taste of first hand (oddly enough no one else has really mentioned noticing).

Josh
 
2006-07-04 00:36:54
The XML Programmer's API has been changed to support SHA-1 hashing, so plaintext passwords are no longer sent over HTTP

The old plaintext method will still continue to work, however.

Josh
 
2006-04-20 16:13:32
There's been a IP change at freedns.afraid.org.

Please update your DNS configurations/ACL's in accordance with
the following:

-> ns2.afraid.org is now 69.94.133.163 (AXFR's will come from here)
-> ns3.afraid.org is now 69.94.134.20

Josh
 
2006-04-12 12:13:41
The system no longer bans domains for 30 days upon deleting your own domain.

Should a member re-add their domain to the system, their previous configuration will be restored.

This also makes it easy to move domains and their configurations to other accounts, the configurations will be restored in the new account.

Josh
 
2006-03-27 19:09:51
There's been an emergency IP change for ns2/ns3.afraid.org

Please update your configurations accordingly.

ns2.afraid.org has address 64.125.152.224
ns3.afraid.org has address 64.125.156.124

These are temporary IPs while a server is in transit, and will change again in a couple of weeks or so.

Josh
 
2006-03-14 14:54:46
It is now possible for users to maintain their own blacklist of members to which they do not wish to share their domain with.

This has been linked within the queue section of the site.

Josh
 
2005-11-18 15:11:27
Dynamic DNS updates will now also update other records pointing to the same IP address, so the use of CNAME records is not required, nor multiple HTTP requests to the web interface.

Josh
 
2005-07-16 11:27:25
Moved from 69.93.44.248/29 to 70.84.177.192/29

If you have 69.93.44.248/29 in any of your old configurations, you can update them accordingly.

Josh
 
2005-07-05 18:22:35
If you lock yourself out via the ACL protection, the email it sends you will now also include a activation URL so that you may allow yourself back into your account, URL will be valid for 2 weeks, or until visited.

This should also strip away any fear of using the ACL tool, since you cannot lock yourself out unless you fail to keep your email address current.

Josh
 
2005-06-30 01:19:27
New server has now gone live.

The primary server has been upgraded from 2.4 GHz with 1 GB of memory to a 3.2 GHz HT with 2 GB of memory. Site was down for the move to a new physical server, DNS remained uninterrupted.

I'm currently syncing DNS changes once every 5 minutes to the old server until the IP change fully propigates.

Josh
 
2005-03-31 21:43:24
Email notifications now sent out when accounts protected with ACL protection have been breeched.

Josh
 
2005-03-31 21:17:04
Support for SRV records has been added by request

Josh
 
2005-03-24 19:06:15
ACL protection added

This new feature allows you to specify your IP ranges so that no one but you can access your account in the event someone manages to get your password.

You can edit/maintain your ACL lists in the preferences section.

Josh
 
2005-03-22 21:37:47
http://freedns.afraid.org/safety/ is where I send malicious thieving traffic to. I re-wrote this document, and added some new stuff in an attempt to make it as informative as possible.

It's also an all around good read if you are concerned about identity theft, so thought I would make it publicly accessable to help raise awareness here.

Josh
 
2005-03-22 15:00:05
New Feature: Support for Brandable Nameservers has been made public.

Josh
 
2005-02-25 19:16:06
Account hostname limit behavior has been changed a bit.

Due to abandoning the live NS authority check upon a domain addition, this opened up the ability for people to gain unlimited hostnames in their account by adding non-existent domains into their accounts.

As a result, the system has been changed to still allow 20 hostnames per domain, but the 20 hostnames are restricted to each individual domain. The 5 'free for all' hostnames can be used on existing domains, OR via the shared system.

More 'free for all' hostnames can be acquired by becoming a premium member, amongst other benefits!

Josh
 
2005-02-17 17:36:07
DynDNS clients now supported

I've been seeing strange updates in my webserver logs, so I tried to adapt to them as best as I could.

BASIC support for 'dyndns' updates is now added and functional

Feedback welcome
 
2005-02-17 12:22:04
ISP will be performing maintence where primary server is located.

Should an outage happen during this time, alternate slaves will continue to operate and function should the web interface to afraid.org become unreachable.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Global Network Maintenance - Monday 2/21/2005 01:00 am CST (UTC -0600)

Planet Engineering will be conducting maintenance on a TippingPoint Intrusion Prevention module beginning at 01:00 am CST (UTC -0600) on Monday, 2/21/2005 and
lasting until 03:00 am CST (UTC -0600) the same day.

We do not anticipate any extended downtime. However, because fiber connections are being moved, customers may experience intermittent packet loss or
increased latency for a brief period of time. Planet Engineering will do everything possible to prevent a loss of connectivity.

This work is applicable to Planet Bandwidth customers only. MatriXtreme customers (unmetered Cogent-only network) will NOT be affected by this work.

Thank you,

Planet Engineering and Security Teams
 
2005-01-11 17:14:00
In preperation for the electrical maintence being performed tonight at midnight by my ISP, ns2.afraid.org has been moved to an alternative server so that it won't be impacted.

Josh
 
2004-12-31 17:34:24
Backend system has been rewritten.

Configuration changes are handled much more intellgently now, this will reduce load on the server, and increase response time.

This also allows users to mass-add domains without creating undo stress on the server with the new ability to load changes into the nameserver when they're done.

Those who don't use CNAME's and do mass dynamic updates are also reduced/consolidated, the queueing system is shared, so if 2 people add domains at the same time, and 1 executes the queue, the other person when they execute the queue will not do the same redundant task.

Josh
 
2004-12-19 16:12:36
Moved site back to original server after working it hard, unable to cause it to crash. Server seems solid.

Found other provider to not be well suited for my needs, I will instead use them for secondary services.

Josh
 
2004-12-13 20:31:28
Site and content have been moved, due to repeated connectivity/outage problems with last server.

I am uncertain if it's hardware related, or their filtering mechanisms falsely kicking in, so I've decided to make the move, and once all traffic is shifted over, do more extensive testing.

Josh
 
2004-07-12 03:40:14
Upgraded from BIND8 to BIND9.

2 benefits from this are:

  • FreeDNS can now support Microsoft Caller ID records, a newly emerging technology of blocking spam.
  • FreeDNS can now ignore the TTL cache period when adding domains. Independent process for handing DNS authority checks. (Highly requested).

    Josh
    •  
    2004-05-16 23:58:39
    For anyone having trouble recently with CNAME's not resolving, this problem has been fixed.

    Due to the transition phase of moving to the new ISP, their temporary server ran out of inodes on /, which required me to move all DNS data to another partition on the server with more room.

    In this process, the path pointing to the root hints file was not updated properly, causing glue problems of CNAME to A records.

    I apologize for any inconvenience.

    Josh
     
    2004-04-03 02:14:30
    Made IPv6 Reverse section live.
     
    2004-03-05 02:27:38
    New 2.8 GHz server with 1 GB of RAM is now online.

    Have sync'd databases over from the temporary loaner server my new ISP, National Net, was generous enough to loan to me to avoid downtime.

    Load average is much lower, and server is much more responsive. DNS queries per second has also increased, normally around 120 has been doing between 300 or 500 since the switch, which... I had not expected. Inbound throughput is the same, but outbound is quite a bit higher with the increased queries per second, which I can only attribute to the increased CPU power.



    Josh
     
    2004-01-19 01:40:32
    Glad to say Afraid.org has been upgraded with fault tolerant mirrored RAID disks. ns2.afraid.org carried the load of the DNS traffic while the main server was down for upgrades which was about 4 hours.

    I've had to re-install the operating system, please let me know if you see any oddness with the site, I think most of the kinks are worked out. :)

    BTW it's a 3 hour drive between my house, and the server in Fremont, CA, and I didn't have a good chance to thoroughly check things out until I got home. I was on the road for 6 hours today.

    Josh
     
    2003-10-04 20:31:24
    Server was down for a short while today while I installed more RAM into the server.

    Josh
     
    2003-06-03 01:16:09
    PHP upgraded to 4.3.2
    MySQL upgraded to 4.0.13

    No problems encountered
     
    2003-05-31 01:53:13
    Speaking of reading the webserver logs... there is a awful lot of dynamic DNS updates being issued to the server, let me just say a couple things.

    1) If you have 8 hostnames, you don't have to update 8 hosts. All you need to do, is update 1 host, and make all the other hosts you want to be updated CNAME records to the hostname you are updateing. Also keep in mind, you can use CNAME's with any hostname on the Internet, so if you have multiple dynamic dns accounts with other providers, and you are updating your IP there, you don't even have to make updates to freedns, you can make all your hostnames CNAME's to that host.

    And...

    2) Some people are writing their own update scripts and running them once a minute, not only that but doing it for multiple hosts and updating each host. If you download and install php from www.php.net as a command line tool (./configure && make && make install), you may find this script useful. You are free to write your own, but that checks if your IP has changed every 5 seconds, and makes a single update to the server only when the IP changes.

    I would appreciate updates not being made once a minute, but instead only making updates when necessary ideally. It's not really a problem right now, but I don't ever want it to be either :)
     
    2003-05-31 01:38:42
    Added mod_gzip to freedns.afraid.org today, so now the 'add/edit a subdomain page' should load faster, I was noticing my logs saying that page was 110k, and it just seemed sluggish overall, and is one of the most regularly accessed pages.

    After installing mod_gzip it shows up at about 26k in the logs now, and seems to load faster from here. ASCII text compresses very well, the domain registry page which was about 1.2 MB in size comes down the wire using about 78 KB of bandwidth, which on my home connection loads signifigantly faster, so instead of having it broken up over multiple pages I have made it 1 large list again, which makes it easy to find a domain by using CTRL+F, instead of searching through the drop down box.
     
    2003-04-22 19:43:05
    Good news

    My ISP only charged me for bandwidth at cost, which was $470 last month, things could have been much worse. They gave me a break from what I would have owed according to my contract with them.

    Hopefully I will have a more long term anti-ddos setup in place in the near future, when my ISP allows their customers to block their own IPs it should be pretty sweet.
     
    2003-04-15 11:44:18
    ...

    $3200 worth of bandwidth, in a day.



    I was moving into my new house yesterday, so didn't catch the network usage until today since I don't have Internet at my new house yet.

    I'm in the process of trying to get the bandwidth charges dropped...

    Josh
     
    2003-03-12 19:58:11
    Afraid.org was down due to a power supply failure. I called my ISP when I noticed the server down, they said there was an error on the screen about a low mbuf setting, and the server wasn't responding to keyboard input, they then rebooted it to see if they could get to a login prompt, and they got the same message, they then booted it into single user mode, and did get it to a prompt, but Afraid.org wouldn't respond to keyboard input they said, they then rebooted it again and it would not power on at all.

    I'm 2000 miles away, so I had to hire them to fix it, they were very speedy in getting it back up once they received the signed work order, glad to report things appear to be back and running ok. Sorry for the outage, but glad it was an easy fix ($125/hr).

    Josh
     
    2003-01-05 15:19:36
    FreeBSD OS upgraded from 4.2 to the latest 4.7 today. I was dreading doing this remotely since I do not have remote serial console access to the server should something go wrong, but I wanted to do traffic shaping which required a new kernel. I am pleased to say the upgrade went extremely smooth with no problems! :) My last FreeBSD 4.2 installation was over a year old.

    In light of the recent DDoS attacks I wanted the ability to limit how much data could reach actual services, in one of the recent attacks that I did not publish, the load average went through the roof on the server (40+), and lag was so bad that I could not even see what IP was getting attacked, or what "run away" program was bringing the system to a grinding halt. Now with traffic shaping installed, the kernel will drop excessive traffic and not even try to have any applications process it.

    Josh
     
    2002-12-31 16:52:29
    Another DDoS happened just now...





    Only 8 hours from the last one.

    The night crew at my ISP seems to be faster to respond. I pay for bandwidth on the 95th percentile, so it would take 36 hours of flooding (combined throughout the month) to effect my bandwidth cost.

    Josh
     
    2002-12-31 08:31:51
    Another DDoS today...

    Seems to be a regular thing now. Good news is they're getting easier to stop.





    Service should have been mostly uneffected.

    Josh
     
    2002-12-28 21:08:27
    Yet another DDoS attack, just a few moments ago. I phoned my ISP and asked them to block the old IP ns1.afraid.org was on, the attack however was also aimed at ns2.afraid.org.






    ns3.afraid.org and ns4.afraid.org aren't being attacked, which makes me think instead of an IRC user, someone is trying to get someone's domain shut down within freedns? Perhaps someone who hasn't updated their domain with ns3.afraid.org and ns4.afraid.org records has ticked someone off using their domain hosted in freedns. This time however afraid.org has had no down time.

    I'm ready for IPv6 to come out... this is so lame... I wonder if the attacker is reading this... the type of attack is a distributed attack, from maybe hundreds of zombie computers that the attacker has control over. When the attack bots are instructed to they will flood a network link with garbage traffic. The problem, is many ISP's on the Internet don't have their routers configured to stop IP spoofing from their networks, on these particular ISP's a user can send traffic out without using a real IP address for the return packet, and their router passes it to the public internet.

    If ISP's made sure users couldn't spoof from fake networks these type of attacks would be easy to track down. IPv6 should fix this by default. It could be fixed with IPv4 but due to clueless admins being able to attach their networks to the public Internet, not much can be done from my side. My best defense is moving public dns traffic to another IP address.
     
    2002-12-27 03:14:31
    Another DDoS today. I phoned my ISP and asked them to block ns1.afraid.org from the Internet. Static FreeDNS IP users should have been uneffected however those with dynamic addresses were unable to make updates for about 6 hours. The server was blocked within 15 minutes of the attack. I was told it would automatically be unblocked after a period of time, but it wasn't, I apologize for the lengthy outage, when I phoned in a 2nd time they had me unblocked within 15 minutes.



    Also today an ns4.afraid.org has been brought online, thanks to Ben Kerensa for offering to supply the server and bandwidth for this. I would like to encourage everyone to update their domains to support ns3.afraid.org and ns4.afraid.org which have both recently been brought online. ns3.afraid.org which has been operational for a few weeks now is generously being hosted by Donald Williams.

    Since DDoS attacks seem to not be stopping (and I am assuming the source of this attack isn't even a FreeDNS user but maybe a direct result of someone trying to attack another freedns user and thinking I am an ISP) I am looking for ways to keep the website up through an attack. I'm going to move public services to another host and see if the attacks follow it. I'm also considering setting up pass through cache servers to protect the real server, but I have to determine if this attack is aimed directly at me or not, time will tell.
     
    2002-12-10 17:39:22
    4 day ns1.afraid.org outage, and 330 day all time high uptime lost...

    Well ns1.afraid.org was packeted with 700 megabit of traffic this last weekend, which resulted in my IP and subnet being blocked off in multiple places by my ISP and one of their ISP's, the attack was large enough for them to notice, it basically took 4 days, multiple telephone calls, and multiple emails to un-block ns1.afraid.org from the Internet because no one could login to my server from the console to find out why it still wasn't online even after they thought they un-blocked me in their routers, I guess my keyboard port on ns1.afraid.org no longer works according to the tech, so that made it incresingly difficult to resolve the situation, and ns1.afraid.org almost got de-racked and looked at by a hardware tech. Fortunately they found the additional null routes in their routers and I can get to my server once again.

    This is the first time I have had to rely on ns2.afraid.org to actually carry the load of the DNS traffic, initially ns2.afraid.org was mis-configured, and with Allen's help at spysatcentral.net who is hosting ns2.afraid.org I was able to get it functioning to serve DNS with the last transferred zone files from ns1.afraid.org while ns1.afraid.org was unreachable for the last few days.

    What I have really been wondering, is Why on earth would someone packet this server? Who did I upset? Due to the way the Internet works (a public network we all share) it is impossible to block these types of attacks when they originate from comprimised machines from all over the Internet. Fortunately though the worst that packeting can do to a system is make a system unreachable for a period of time, but with the communication issues I had with my ISP, the downtime was a bit longer the I hoped for. I don't know if the attack was directed at me, or directed at someone who was using an afraid.org hostname. DNS traffic on afraid.org consumes a (comparitively) very small amount of traffic, and could get by with having the server on a cable modem but it wouldn't be as responsive to dns requests, and subject to outages much more regularly, I chose to put the server in a nice 100 megabit burstable facility instead, for better response times and rock solid power protection.

    Well thats all the news I have, sorry for the outage, it was totally out of the blue but I can't stop my ISP from turning me off when my server uses a volume bandwidth they don't expect me to pay for. At least I didn't get stuck with a huge bandwidth bill like some other ISP's would probably try to do. The folks at he.net are great.



    Josh
     
    2002-11-22 08:29:28
    Sponsor count is updated immediately now on the site. I have been incrementing/deincrementing the sponsor count by hand up until now, there have been 82 subscriptions to FreeDNS and 29 cancelations to net 53 current subscribers I had 56 in there so my count had gotten off somehow.

    The moment someone makes a subscription the sponsor count should immediately update. Same goes for if someone cancels the donation subscription.

    Thank you subscribers for doing what you can to keep the service alive. Last month FreeDNS's combined donation income was $146! I am very pleased to say FreeDNS is getting close to having it's financial goals met. Great work guys!
     
    2002-10-26 16:48:04
    For those of you who don't follow the forums area in FreeDNS there has been a few recent changes to the service

    * Multiple MX support - You can now set your MX to something like host1.afraid.org,host2.afraid.org (no spaces) and priority on the MX will be set in the order you enter the hosts, if you don't know what this means it probably doesn't effect you.
    * Shortened TTL - Your ISP's cache should drop any old entries you used to use in FreeDNS within 60 seconds of your address change to a record in FreeDNS.
    * Pending status removed - If you add a domain, it will instantly be accepted into the system and fully functional
     
    2002-10-15 21:28:49
    Outage today.

    From 12 noon to 9:00 pm PST it looks like afraid.org's was unreachable to the Internet due to my provider being down, things seem to be operating correctly now.
     
    2002-04-16 01:36:13
    Fixed a bug that was causing certain domains not to update do to mal-formed mutilated records in the zones breaking all records within a zone.
     
    2002-03-09 22:56:56
    Made secondary DNS and dynamic DNS areas live and visible to all.
     
    2002-03-06 20:04:51
    Added IPv6 (AAAA) support
     
    2002-03-01 21:35:20
    MySQL upgraded to 3.23.49, site was down for about 30 mins for the upgrade.
     
    2002-02-28 21:42:19
    PHP upgraded to 4.1.2 on the server as per the advisory at security.e-matters.de. Upgrade had no problems.
     
    2002-02-26 17:45:03
    Many of the accounts in FreeDNS are not regularly logged into. In the last day, there have only been 32 users who have logged in, and of these 32 users, 2 have made a contribution. Thanks to these 2 users, 7% of the hosting costs for FreeDNS have already been eliminated, I hope this encourages those who have not donated yet. If you find this service useful, please make a contribution. There is great power in numbers that choose to stand together!
     
    2002-02-26 01:21:57
    FreeDNS needs your help! Please check out what's happening with FreeDNS.
     
    2002-02-24 21:33:04
    I was doing some reading tonight and found out that for me to become a REGISTRAR to allow domain registrations in FreeDNS it would cost $2,500 USD for the application and $4,000 USD a year, and an additional $500 per TLD per year. It's too bad that I can't afford to do this because I would really like to. If they don't slap on an additional fee per domain registration, and I could get the financial backing to do this by anyone, I would be willing to give away free domain names. If anyone is interested in funding this project, let me know!

    -Josh
     
    2002-02-22 11:31:02
    I've updated the Sign-Up FAQ (Not linked inside the members area) that some of you may also find useful, it also tells a little bit about Afraid.org and it's background Click Here
     
    2002-02-22 03:24:58
    The problem with subdomains with periods in them not being able to be NS or CNAME or have MX records has been identified and fixed. NS records take all authority for a subdomain so instead of leaving this feature disabled, a check has been put in place so conflicts no longer happen and service can continue as normal.
     
    2002-02-22 03:07:52
    A new feature has been added by request of a user, the feature can be found for domain owners, if you click on Edit SOA you'll notice an AXFR checkbox, if that is checked (off by default) hosts anywhere on the Internet can transfer your entire zone file and all the hosts in it to their systems.
     
    2002-02-22 02:53:36
    I'm pleased to say that the load average on afraid.org is at an all time low. I'm sure many of you have noticed a signifigant speed increase with the new FreeDNS interface.
    If any of you have any ideas for a feature that you would like to see in FreeDNS let me know.
     
    2002-02-20 17:16:19
    New version of FreeDNS made live!
    Lots of changes and security fixes, I would like to hear any comments/suggestions about the new layout that you might have, feel free to contact me.
     
    2002-02-19 20:56:03
    NS2.AFRAID.ORG is now properly working!
    Somehow the IP address for NS2.AFRAID.ORG got switched at the registrar and when I tried to move it back the secondary nameserver that has been donated to afraid.org had already been setup as a nameserver for another domain so NS2.AFRAID.ORG is now on it's own IP address on that server hosted at a totally seperate place then NS1.AFRAID.ORG (they're 1800 miles apart).
     
    2002-02-06 11:50:38
    Added support for Secondary DNS!
    Users may now add their domains into the secondary DNS section for JUST secondary DNS hosting.
     
    2002-02-04 05:03:45
    Added Dynamic DNS!
    Users may now update their IP address to their current IP address by fetching a single URL. Useful to put into a re-connect script.
     
    2002-02-04 05:02:31
    Added URL Redirecting!
    Users may now redirect any subdomain.domain.com to any URL of their choice.
     
    2002-02-04 00:43:35
    Added support for Round Robin DNS!
    Users may create multiple records with the same hostname to take advantage of this feature.
     
    2002-01-29 11:52:08
    Added a NEWS section!
     
    DNS Auth Trace
    Members:531,883
    Premium:784
    Records:2,008,562
    Zones:302,391

    50 subdomain limit
    Wildcard DNS
    3 stealth flags
    Just $5 month!
    Go premium today!

    exclamationTip #1
    Keep your email address current in the preferences area. If you forget your password, the only way you will be able to recover your account, is via the supplied email address.
    		 Powered By FreeBSD
    Please report abuse to dnsadmin@afraid.org, Stay calm, response is guaranteed.
    © 2001-2009 Joshua Anderson, Free DNS is currently processing 1,114 DNS queries per second. (5 min average).
    Generated in 0.0180771350861 seconds.