[kator]

> A new customer signed up for our service and brought in multiple domains that were already facing a DDoS attack. The customer had already tried at least 2 other providers before DNSimple. Once the domains were delegated to us, we began receiving the traffic from the DDoS.

I'm curious did they know this in advance or discovered it after the fact?

I often wonder about business models where the core expense is "unlimited and free". The reality is there is nothing unlimited or free for the service provider. It seems with a business model like this you open yourself to people abusing your service either by accident or by choice. Imagine poor Mr. Customer here who most likely was having horrible problems thinking to themselves "These guys can do it and for free, if I go to X service they'll cost me a lot of money".

I'm a big believer in business models that incentivize both parties properly. I'm sure in general this service provider is arbitraging the 99.9% of domains that barely need any services. That said it only takes a couple of "opps" customers to drive your operational costs through the roof.

[aeden]

Anthony from DNSimple here. We discovered it after the fact, via a tip from other DNS providers.

[rpug]

As someone who has been down this road many times before - I can't stress this enough: DDoS mitigation solutions don't solve the problem of an app-specific layer7 attack and it is important to do some testing of how well your mitigation service responds (and that it isn't a silver bullet.) Additionally, you need to make sure your team has tested and proven procedures for engaging the service, respond to attacks, etc. Services like NimbusDDoS (www.nimbusddos.com) are good because you can do some real scenario testing and make sure your team and infrastructure is prepared. There are other services out there too that I am less familiar with, but either way really good stuff to do.

[b0k]

"unlimited" plans are subsidised by low utilization users who are getting less than what they paid for.

to pull it off properly as a service provider, you really need to have a solid understanding of user usage patterns.

one of the big problems that tips the low/high utilization ratio unfavorably is that unlimited plans that are primarily marketed for being unlimited tend to attract users in the high utilization bracket.

so the challenge for service providers is not just understanding users and understanding that ratio but figuring out how you are going to market to, and signup, those users who will be in the low utilization bracket and will essentially be paying for something they won't be user (which is hard to do)

it isn't hard to find case studies of companies that launch optimistically with one pricing plan around unlimited, to then only go back and revise their pricing and break promises because they didn't understand their users and were unable to market to and signup low utilization users.

one recent example is Bitcasa