Over the past week we have seen a huge number of 'bots' trying to guess customer email credentials in order to try to send email through our outbound email servers: smtp.aa.net.uk.
The attempts were being blocked due to wrong passwords being used, but this caused significant load on our severs due to all the database lookups involved. To address this, we are blocking IP addresses that are listed on the Spamhaus 'Exploits Blocklist (XBL)' and the Spamhaus 'Combined Spam Sources (CSS)' lists. -These are typically IP address known to have hijacked in some way or known spam senders.
This has reduced the load on the email servers significantly, however we are are still blocking around 1.5 million unique IP addresses each day.
We have had a small number of legitimate customers affected by this as their IP address is on these blocklists. (IPs can be looked up on https://check.spamhaus.org). In these cases, please do contact support and we can discuss workarounds.
This notification is for customers who run their own authoritative DNS servers and use our secondary-dns.co.uk as secondary (slave).
As part of our DNS infrastructure project we will start to initiate Zone Transfers from an additional set of IP addresses.
You will still send your NOTIFY to secondary-dns.co.uk but you will start to see AXFR requests from an additional set of IP addresses.
Therefore, please update your ACLs to allow the following addresses in addition to what you have at the moment:
Please update your ACLs by March 11th.
We will have an overlap of using the existing DNS servers and the new DNS servers. As part of our testing we will start to use the new IP addresses from February 17th
This is only relevant to customers who run their own authoritative DNS servers and use our secondary-dns.co.uk as an additional nameserver.
Overview: We run a "secondary" DNS service for customers where they run the master DNS server and we are secondary slaves. We have a project underway that involves migrating all our authoritative DNS services to a new platform. As part of this we are needing to disable some of the automation we do for adding and updating the customer's master IP address automatically.
The change: From June 17th, If you run your own master DNS server for your domain(s) and secondary-dns.co.uk is a slave, if you change the IP address of your master you will need to contact support@aa.net.uk to request us to update our side.We have more information about our Authoritative DNS project on our Support Site: https://support.aa.net.uk/New_Authoritive_DNS
From the carrier: Although we still have further detailed investigations to carry out, we are now confident we have isolated the underlying cause of today’s issues which eventually caused problems to both our inbound and outbound service to various extents plus resulted in some clients being unable to amend routing on numbers.
Our team have checked all systems are operational and will continue to monitor for some time yet. Meanwhile we will be working hard to understand the cause, the impact and the mitigation steps we need to take. This will take a little time and we ask that you bear with us for a couple of days to complete this work but we will ensure you have a full report on Tuesday at the latest.
Our usual monitoring, support and callout processes will remain in place all over the weekend and, due to today’s issues, we will have additional engineers doing manual checks throughout too but we do not anticipate any further disruption.
Please accept our sincerest apologies for the problems our network has caused you and your customers today, we take any outage extremely seriously but we appreciate this one was particularly disruptive for many clients and we assure you that we will be doing our utmost to prevent a similar situation from recurring in the future.
Further details as sent out from Draytek:
If you are experiencing this issue, please follow the steps below to troubleshoot:
Disconnect the WAN cable.
Log into the router’s Web UI and check the system uptime. If the uptime is lower than the last known reboot, this indicates the router recently restarted.
Disable Remote Management by going to [System Maintenance] > [Remote Management].
Disable SSL VPN Service by going to [VPN and Remote Access] > [Remote Access Control].
Reboot the router and reconnect the WAN cable.
Monitor the connection to see if the WAN remains stable.
Firmware check and update:
Verify your router’s firmware version. If it is outdated, update it to the latest version.
Before updating, note your current firmware version. If you do not have a copy of the current firmware, download it first.
Take a configuration backup to avoid losing your settings.
If your WAN connection is stable:
Even if your device is not disconnecting, it is good practice to ensure you are on the latest firmware.
If your router is already on recent firmware and the newest version is not marked as Critical, an update may not be urgent but is still recommended for optimal performance and security.
For further assistance, visit our support page or contact our Customer Support team.
Thank you for your patience and cooperation.