A major DDoS attack hit South Africa’s CO.ZA domain services, leaving businesses and users unable to access websites linked to the country’s most widely used domain. The ZA Registry Consortium confirmed that the issue was triggered by an unprecedented system load that impacted secondary domains under their management. Some industry stakeholders questioned whether this was a direct DDoS attack or an internal infrastructure failure, but either way, the consequences were significant.
What went wrong?
According to ZARC, the issues began on 6 March 2025, with CO.ZA being the most affected of the domains they manage. The organisation explained that extraordinary traffic spikes overwhelmed its nameservers, triggering built-in DDoS mitigation mechanisms. This all led to difficulty resolving domains, slowing access, or making some websites completely unreachable
One of the biggest concerns raised by the industry was ZARC’s infrastructure setup. Reports indicated that CO.ZA relied on just three nameservers, with only one using an anycast-based system—an approach that raised questions about whether the system was prepared to withstand high-traffic events.
How DDoS attacks target DNS systems
Attackers overwhelm nameservers with a flood of requests, pushing them to their limits and making it impossible to resolve domain names. When DNS servers buckle under the strain, websites that rely on them become unreachable, even if their hosting infrastructure is working fine.
Whether caused by an attack or an unexpected surge in traffic, the result was the same—widespread disruption.
Lessons from the CO.ZA Disruption
Many businesses use DNS as the backbone of their online operations. Even a brief outage can disrupt services, frustrate customers, and lead to lost revenue. A strong, well-distributed DNS infrastructure keeps websites and applications accessible, no matter what happens.
Network admins and DNS operators need to prepare for both sudden traffic spikes and targeted attacks, to stay ahead of cyber threats. Resilient infrastructure, built-in redundancy, and proactive monitoring are the best defence.
About FastNetMon
FastNetMon delivers versatile DDoS detection software for companies at any scale. With extensive experience in the telecom, mobile, and cloud computing industries, we take pride in preventing DDoS attacks and protecting our customers’ networks to the highest standard. Read more at https://fastnetmon.com/