DNS down in Anonymous attack
As I'm writing this our company website and the web-service we developed are down in the big GoDaddy outage resulting from an Anonymous attack (or so says Twitter).
We used GoDaddy as our registrar and we use it for DNS for some domains.
Tomorrow is a new day - what can we do to mitigate such outages?
Simply moving to, say, Route 53 for DNS might not be enough.
Is there any way to remove this single point of failure?
You can eliminate this single point of failure by using two DNS providers.
It might also be feasible to run your own DNS server on one of your servers.
GoDaddy allows you to do zone transfers from their servers (IIRC premium DNS is required for this).
Get a second DNS provider which allows you to run a slave server (or run it yourself).
Adjust NS/Nserver records so they point to both providers and you are done.
(1) Ways to stay "unaffected" if the domain registrar's servers (NOT just the domain) themselves are DDOSed, if any.
the registrar's servers only matter if you are using them for DNS (or hosting or other services, obviously). Once your domain is registered, the records go into the root registry and you don't need your registrar to be on line for your domain to work. If they are your only DNS provider then you want to consider adding more than one.
(2) "How to have more than one DNS service provider for a domain?
(for this part you do need your registrar online, so you can enter the changes through them) In your domain registry account, add multiple authoritative DNS servers hosted by multiple providers. This will probably require NOT using the registrar's DNS service so that you can enter the 3rd party servers. (eg with godaddy you can't use their "domain control" in addition to 3rd party providers, you have to choose "my domain is hosted elsewhere" to set your dns)
1) Don't keep all your eggs in one DNS basket. If you're big enough to be thinking anycast and CDN why are you using a single provider like GoDaddy? Diversify your DNS providers.
2) Anycast. Check out this blog to see how a provider mitigated a DDOS of up to 65Gbps. http://blog.cloudflare.com/65gbps-ddos-no-problem