Xbox Live outage was caused by major DNS DDoS attack

Avast
(Image credit: Avast)

Microsoft has confirmed that the recent outage that struck a number of its cloud-based services came as a result of a DNS DDoS attack. 

The outage, which lasted for roughly two hours, was triggered by an “anomalous surge” in DNS queries that came from all over the world and were targeting a set of Azure-hosted domains.

Microsoft’s users were recently unable to access a whole slew of cloud-based services, such as Xbox Live, Microsoft Office, SharePoint Online, Microsoft Intune, Dynamics 365, Microsoft Teams, Skype, Exchange Online, OneDrive, Yammer, Power BI, Power Apps, OneNote, Microsoft Managed Desktop, and Microsoft Streams.

Who's to blame?

The company isn’t pointing any fingers, noting that, “Azure DNS servers experienced an anomalous surge in DNS queries from across the globe targeting a set of domains hosted on Azure. Normally, Azure’s layers of caches and traffic shaping would mitigate this surge. In this incident, one specific sequence of events exposed a code defect in our DNS service that reduced the efficiency of our DNS Edge caches."

With an overload on DNS services, clients started retrying requests frequently, only exacerbating the problem, the company said. These tries, however, are legitimate and were not dropped by the volumetric spike mitigation system. “This increase in traffic led to decreased availability of our DNS service.”

Fixing the issues

After the mandatory apology for the inconvenience caused, the company said it repaired the problem, adding that DNS caches shouldn’t have problems handling traffic spikes anymore. 

It also said it will improve how it monitors and mitigates anomalies in traffic, without detailing what it plans on doing at this time.

Various media reports have claimed the outage uncovered major flaws in Microsoft’s modus operandi, as even a signficant DDoS attack should not really be able to take Azure down - with a company error when implementing DNS Edge caches also possibly to blame.

Via: MSPoweruser

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.