Over the past week we have seen a huge number of 'bots' trying to guess customer email credentials in order to try to send email through our outbound email servers: smtp.aa.net.uk.
The attempts were being blocked due to wrong passwords being used, but this caused significant load on our severs due to all the database lookups involved. To address this, we are blocking IP addresses that are listed on the Spamhaus 'Exploits Blocklist (XBL)' and the Spamhaus 'Combined Spam Sources (CSS)' lists. -These are typically IP address known to have hijacked in some way or known spam senders.
This has reduced the load on the email servers significantly, however we are are still blocking around 1.5 million unique IP addresses each day.
We have had a small number of legitimate customers affected by this as their IP address is on these blocklists. (IPs can be looked up on https://check.spamhaus.org). In these cases, please do contact support and we can discuss workarounds.
This notification is for customers who run their own authoritative DNS servers and use our secondary-dns.co.uk as secondary (slave).
As part of our DNS infrastructure project we will start to initiate Zone Transfers from an additional set of IP addresses.
You will still send your NOTIFY to secondary-dns.co.uk but you will start to see AXFR requests from an additional set of IP addresses.
Therefore, please update your ACLs to allow the following addresses in addition to what you have at the moment:
Please update your ACLs by March 11th.
We will have an overlap of using the existing DNS servers and the new DNS servers. As part of our testing we will start to use the new IP addresses from February 17th
This is only relevant to customers who run their own authoritative DNS servers and use our secondary-dns.co.uk as an additional nameserver.
Overview: We run a "secondary" DNS service for customers where they run the master DNS server and we are secondary slaves. We have a project underway that involves migrating all our authoritative DNS services to a new platform. As part of this we are needing to disable some of the automation we do for adding and updating the customer's master IP address automatically.
The change: From June 17th, If you run your own master DNS server for your domain(s) and secondary-dns.co.uk is a slave, if you change the IP address of your master you will need to contact support@aa.net.uk to request us to update our side.We have more information about our Authoritative DNS project on our Support Site: https://support.aa.net.uk/New_Authoritive_DNS
Happening Monday and Tuesday early mornings:
Most of our LNSs have extra diagnostic and debugging hardware installed which has been used to help us track down the problems we were having with them in early 2024. We are now in a position where we can remove this. We have planned to do this work over two nights: the early hours of February 17th and 18th.
This work will involve us moving customers off the LNSs as we do the work. In practice this means customer connections will experience a drop and reconnect at around 1AM and 4AM on the 17th and 18th February.
BT are performing "Simultaneous Upgrades" which will affect all BT ADSL, VDSL and FTTP services during the early hours of February 12th. It is disappointing that this work is a multi-site activity as we have multiple links to BT in multiple datacentres so as to prevent outages when BT have work to do.
They say:
Start: 2025-02-12 00:01. We're simultaneously upgrading some 21C network software across multiple sites. The PW window is from 00:01 until 07:00, and we will start at 00:01 with non-disruptive pre-checks. From 01:00 we will start to re-boot the devices to the new version of code. This will cause an outage to all customers of up to 15 minutes whilst the device restarts. However, if roll-back is required, the outage could exceed 1hr. All work will be complete by 07:00.
In practice, we expect customers with BT provided connections to drop and reconnect a couple of times in the early hours of February 12th.