Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Spotify's Love/Hate Relationship with DNS

Lynn Root
March 13, 2017
Programming
3
1.1k

Spotify's Love/Hate Relationship with DNS

SRECon Americas 2017, video recording: https://www.usenix.org/conference/srecon17americas and accompanied write-up: labs.spotify.com

Lynn Root

March 13, 2017
Tweet

More Decks by Lynn Root

See All by Lynn Root
The Design of Everyday APIs - PyCon 2024
roguelynn
1
2.2k
The Design of Everyday APIs
roguelynn
0
24k
Music Is Just Wiggly Air
roguelynn
0
320
Advanced asyncio: Solving Real-world Production Problems
roguelynn
5
8.5k
asyncio: We Did It Wrong
roguelynn
1
4.9k
Tracing, Fast & Slow: Digging into and improving your web service's performance
roguelynn
0
690
How to spy with Python: So easy, the NSA can do it!
roguelynn
1
1.6k
Diversity: We're Not Done Yet
roguelynn
2
610
Why can't we be friends: do corporations & FOSS really mix?
roguelynn
0
250

Other Decks in Programming

See All in Programming
見せてあげますよ、「本物のLaravel批判」ってやつを。
77web
7
7.7k
Ethereum_.pdf
nekomatu
0
460
レガシーシステムにどう立ち向かうか 複雑さと理想と現実/vs-legacy
suzukihoge
14
2.2k
シェーダーで魅せるMapLibreの動的ラスタータイル
satoshi7190
1
480
TypeScriptでライブラリとの依存を限定的にする方法
tutinoko
2
660
リアーキテクチャxDDD 1年間の取り組みと進化
hsawaji
1
220
subpath importsで始めるモック生活
10tera
0
300
『ドメイン駆動設計をはじめよう』のモデリングアプローチ
masuda220
PRO
8
540
Arm移行タイムアタック
qnighy
0
310
WebフロントエンドにおけるGraphQL(あるいはバックエンドのAPI)との向き合い方 / #241106_plk_frontend
izumin5210
4
1.4k
色々なIaCツールを実際に触って比較してみる
iriikeita
0
330
as(型アサーション)を書く前にできること
marokanatani
9
2.6k

Featured

See All Featured
Making Projects Easy
brettharned
115
5.9k
Docker and Python
trallard
40
3.1k
Practical Orchestrator
shlominoach
186
10k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
370
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
860
Designing Experiences People Love
moore
138
23k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
A better future with KSS
kneath
238
17k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
47
2.1k
Documentation Writing (for coders)
carmenintech
65
4.4k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k

Transcript

  1. Spotify’s Love/Hate Relationship with DNS Lynn Root | SRE |

    @roguelynn

  2. $ whoami

  3. why we love DNS • It’s boring • Stable query

    language • Free caching • Service discovery —

  4. agenda —

  5. agenda • Our infrastructure • Our DNS curiosities • What

    we’ve learned • Future of DNS @ Spotify —

  6. Our Infrastructure —

  7. DNS@Spotify —

  8. DNS@Spotify —

  9. DNS@Spotify —

  10. DNS@Spotify —

  11. DNS@Spotify —

  12. DNS@Spotify —

  13. DNS@Spotify —

  14. Record Generation & Deployment —

  15. /msg #sre DNS DEPLOY! DNS@Spotify —

  16. DNS@Spotify —

  17. DNS@Spotify —

  18. DNS@Spotify —

  19. DNS@Spotify —

  20. DNS@Spotify —

  21. DNS@Spotify —

  22. DNS@Spotify —

  23. Service Discovery —

  24. DNS@Spotify —

  25. DNS@Spotify — Nameless services.spotify.net

  26. Monitoring —

  27. DNS@Spotify —

  28. DNS@Spotify —

  29. DNS@Spotify —

  30. Global Server Load Balancing —

  31. Responding to the DynDNS attack —

  32. Response to DynDNS attack • Monitoring dashboards & VPN were

    inaccessible • Internal SSO login inaccessible • Pagerduty also affected —

  33. Response to DynDNS attack • Couldn’t easily access DNS data

    repo • 3-year-old manual deployment documentation —

  34. Response to DynDNS attack • Internal services ➡ removed GSLB

    mapping • Spotify clients ➡ Route53 • Websites ➡ Route53 —

  35. Our DNS Curiosities —

  36. Client Error Reporting —

  37. DNS@Spotify —

  38. DHT Ring —

  39. DNS@Spotify —

  40. DNS@Spotify —

  41. DNS@Spotify — lon6-storage-a5678.lon6.spotify.net:1234 tracks.1234.lon6-storage-a5678.lon6.spotify.net

  42. Microservice lookups —

  43. DNS@Spotify — $ dig +short dnsresolver.roles.lon6.spotify.net 10.1.2.3 10.4.5.6 10.7.8.9 $

    dig +short -t PTR dnsresolver.roles.ash2.spotify.net ash2-dnsresolver-a1337.ash2.spotify.net. ash2-dnsresolver-a0325.ash2.spotify.net. ash2-dnsresolver-a0828.ash2.spotify.net.

  44. DNS@Spotify — $ dig +short dnsresolver.roles.lon6.spotify.net 10.1.2.3 10.4.5.6 10.7.8.9 $

    dig +short -t PTR dnsresolver.roles.lon6.spotify.net lon6-dnsresolver-a1337.lon6.spotify.net. lon6-dnsresolver-a0325.lon6.spotify.net. lon6-dnsresolver-a0828.lon6.spotify.net.

  45. What we’ve learned —

  46. Differences in Linux distros —

  47. Scaling is hard —

  48. Dropped Responses —

  49. Docker —

  50. The future of DNS @ Spotify —

  51. Ephemerality —

  52. DNS@Spotify — DNS

  53. recap • On-premise infrastructure • Leveraging DNS beyond its intentions

    • It’s always DNS • Handing off the responsibility —

  54. thanks! Lynn Root | SRE | @roguelynn