$30 off During Our Annual Pro Sale. View Details »

Spotify's Love/Hate Relationship with DNS

Lynn Root
March 13, 2017
Programming
3
910

Spotify's Love/Hate Relationship with DNS

SRECon Americas 2017, video recording: https://www.usenix.org/conference/srecon17americas and accompanied write-up: labs.spotify.com

Lynn Root

March 13, 2017
Tweet

More Decks by Lynn Root

See All by Lynn Root
The Design of Everyday APIs
roguelynn
0
1.2k
Music Is Just Wiggly Air
roguelynn
0
220
Advanced asyncio: Solving Real-world Production Problems
roguelynn
5
7.7k
asyncio: We Did It Wrong
roguelynn
1
4.4k
Tracing, Fast & Slow: Digging into and improving your web service's performance
roguelynn
0
600
How to spy with Python: So easy, the NSA can do it!
roguelynn
1
1.4k
Diversity: We're Not Done Yet
roguelynn
2
500
Why can't we be friends: do corporations & FOSS really mix?
roguelynn
0
190
Metrics-Driven Development: See the forest for the trees
roguelynn
0
710

Other Decks in Programming

See All in Programming
日時処理の新スタンダード: Synchro によるタイムゾーン安全、楽々開発
codehex
0
170
DartによるBFF構築・運用 〜 Dart Frog × Melos 〜
yumnumm
1
1.4k
エンジニアだけでスポンサーブースを出したら大変なことになった
zakky21
1
340
ユーザー登録とログインフォームにautocomplete属性を使いましょう
ivanova1991
2
1.6k
TypeScript_コンパイラの内側に片足を入れる
ryounasso
0
200
弊社の開発体験の良いところは?メンバーに訊いてみた!
texmeijin
0
180
JJUG 2023 fall トラブルシューティング・ヒープダンプ・スレッドダンプ解析チューニング
toricky6
1
180
Micro Frontends with Modern Angular
manfredsteyer
PRO
1
280
Second-System Syndrome: A tale of power-assert
twada
PRO
9
3.5k
.NET 8世代のBlazorについて
tomokusaba
0
140
Better Code Design in PHP
afilina
PRO
1
350
Spring + Localstack : usando aws de forma gratuita
kamilahsantos
2
110

Featured

See All Featured
The Pragmatic Product Professional
lauravandoore
23
5.4k
Rails Girls Zürich Keynote
gr2m
90
12k
What's in a price? How to price your products and services
michaelherold
236
10k
The World Runs on Bad Software
bkeepers
PRO
59
6.1k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
16
1.5k
Robots, Beer and Maslow
schacon
154
7.7k
Ruby is Unlike a Banana
tanoku
93
10k
Docker and Python
trallard
32
2.4k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
0
2.7k
Raft: Consensus for Rubyists
vanstee
130
6k
Build The Right Thing And Hit Your Dates
maggiecrowley
23
1.7k
It's Worth the Effort
3n
180
27k

Transcript

  1. Spotify’s Love/Hate
    Relationship with DNS
    Lynn Root | SRE | @roguelynn

    View Slide

  2. $ whoami

    View Slide

  3. why we love DNS
    • It’s boring
    • Stable query language
    • Free caching
    • Service discovery

    View Slide

  4. agenda

    View Slide

  5. agenda
    • Our infrastructure
    • Our DNS curiosities
    • What we’ve learned
    • Future of DNS @ Spotify

    View Slide

  6. Our Infrastructure

    View Slide

  7. DNS@Spotify

    View Slide

  8. DNS@Spotify

    View Slide

  9. DNS@Spotify

    View Slide

  10. DNS@Spotify

    View Slide

  11. DNS@Spotify

    View Slide

  12. DNS@Spotify

    View Slide

  13. DNS@Spotify

    View Slide

  14. Record Generation &
    Deployment

    View Slide

  15. /msg #sre DNS DEPLOY!
    DNS@Spotify

    View Slide

  16. DNS@Spotify

    View Slide

  17. DNS@Spotify

    View Slide

  18. DNS@Spotify

    View Slide

  19. DNS@Spotify

    View Slide

  20. DNS@Spotify

    View Slide

  21. DNS@Spotify

    View Slide

  22. DNS@Spotify

    View Slide

  23. Service Discovery

    View Slide

  24. DNS@Spotify

    View Slide

  25. DNS@Spotify

    Nameless
    services.spotify.net

    View Slide

  26. Monitoring

    View Slide

  27. DNS@Spotify

    View Slide

  28. DNS@Spotify

    View Slide

  29. DNS@Spotify

    View Slide

  30. Global Server Load
    Balancing

    View Slide

  31. Responding to the
    DynDNS attack

    View Slide

  32. Response to DynDNS attack
    • Monitoring dashboards & VPN were inaccessible
    • Internal SSO login inaccessible
    • Pagerduty also affected

    View Slide

  33. Response to DynDNS attack
    • Couldn’t easily access DNS data repo
    • 3-year-old manual deployment documentation

    View Slide

  34. Response to DynDNS attack
    • Internal services ➡ removed GSLB mapping
    • Spotify clients ➡ Route53
    • Websites ➡ Route53

    View Slide

  35. Our DNS Curiosities

    View Slide

  36. Client Error Reporting

    View Slide

  37. DNS@Spotify

    View Slide

  38. DHT Ring

    View Slide

  39. DNS@Spotify

    View Slide

  40. DNS@Spotify

    View Slide

  41. DNS@Spotify

    lon6-storage-a5678.lon6.spotify.net:1234
    tracks.1234.lon6-storage-a5678.lon6.spotify.net

    View Slide

  42. Microservice lookups

    View Slide

  43. DNS@Spotify

    $ dig +short dnsresolver.roles.lon6.spotify.net
    10.1.2.3
    10.4.5.6
    10.7.8.9
    $ dig +short -t PTR dnsresolver.roles.ash2.spotify.net
    ash2-dnsresolver-a1337.ash2.spotify.net.
    ash2-dnsresolver-a0325.ash2.spotify.net.
    ash2-dnsresolver-a0828.ash2.spotify.net.

    View Slide

  44. DNS@Spotify

    $ dig +short dnsresolver.roles.lon6.spotify.net
    10.1.2.3
    10.4.5.6
    10.7.8.9
    $ dig +short -t PTR dnsresolver.roles.lon6.spotify.net
    lon6-dnsresolver-a1337.lon6.spotify.net.
    lon6-dnsresolver-a0325.lon6.spotify.net.
    lon6-dnsresolver-a0828.lon6.spotify.net.

    View Slide

  45. What we’ve learned

    View Slide

  46. Differences in Linux
    distros

    View Slide

  47. Scaling is hard

    View Slide

  48. Dropped Responses

    View Slide

  49. Docker

    View Slide

  50. The future of DNS @
    Spotify

    View Slide

  51. Ephemerality

    View Slide

  52. DNS@Spotify

    DNS

    View Slide

  53. recap
    • On-premise infrastructure
    • Leveraging DNS beyond its intentions
    • It’s always DNS
    • Handing off the responsibility

    View Slide

  54. thanks!
    Lynn Root | SRE | @roguelynn

    View Slide