.ZA domains under attack – 13 and 14 March

The .ZA domain space was under attack during on Thursday evening and into the day on Friday, resulting in domains not resolving. This had severe impact on visibility of websites and email services using .CO.ZA and .ORG.ZA domains.

The ZA Registry portal indicates “performance issues” for DNS with no further explanation or outlook for resolution. Until we can get their official explanation, here is some information on the MyBroadband website:
https://mybroadband.co.za/news/internet/586855-co-za-under-attack.html 

Symptoms:

  • Website visitors may see errors such as “DNS_PROBE_FINISHED_NXDOMAIN”.
  • Email users may currently see errors such as “‘451 Temporary local problem – please try later”.
  • The issue is also impacting our ability to send email to our clients that use .CO.ZA domains. If that is you and you require assistance, then we encourage encourage you to contact our support ticket system at https://anno.com/portal.

The solution to the problem is out of our hands and that of DNS providers such 1.1.1.1 (Cloudflare) and Google — ZA Registry must find a way to fend off the attack.

Update 18:20 UTC
We have mitigating the problem by using the 1.1.1.1 (Cloudflare) DNS resolvers, that appears to still have valid DNS information in cache. Outgoing email if flowing from our servers again, but the situation seems brittle.

Update 20:35 UTC
Word from ZA Registry is:

Over the past couple of days, the .ZA namespace has experienced extremely high traffic loads on our nameservers, impacting some of our users. This surge in traffic triggered our DDoS protection mechanisms, which, as part of their design, temporarily restricted some traffic to maintain overall system stability. The ZARC engineering team is actively monitoring the situation and has implemented mitigating measures to address the high nameserver traffic volumes, particularly on our US infrastructure.

The problem continues unabated, but using the 1.1.1.1 DNS resolvers seems to be holding up well. A negative side-effect of this is that our URIBL spam check is throttled (due to using a the high-volume CloudFlare DNS). So, it would seem that email can send but more spam will slip through the filters and into user inboxes.

Update 20:55 UTC:
Email announcement sent to all .ZA registrars:
https://mailchi.mp/registry/dns-march-13032025-17174890

The following statement offers hope:

To further strengthen our infrastructure and prevent similar occurrences in the future, we are in the process of adding additional capacity to our nameservers to handle unusual increases in DNS traffic as currently being experienced.

We apologize for any inconvenience caused and thank you for your patience as we resolve the issue. We will keep ZADNA, the ISPA Domain Name Working Group, our registrars, the media, and the public informed of progress. Updates will be tracked on our status page, which you can follow here for the latest information.

Update 14 March 13:00 UTC:
The latest status update from ZA Registry is positive:

We are pleased to report that service performance is now improving, and systems are returning to full operational stability. Our team will continue monitoring the situation closely to ensure continued service reliability and availability.

In the meantime, we continue to receive reports of email delivery failures. It may take hours of days for the problem to completely go away.

Update 14 March 14:40 UTC:
We have reverted to our usual network resolvers; most .CO.ZA domains seem to be resolving fine again.

Leave a Reply