Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Contemporary requirements for zone transfers

Artyom "Töma" Gavrichenkov
October 12, 2017
Technology
0
49

Contemporary requirements for zone transfers

Artyom "Töma" Gavrichenkov

October 12, 2017
Tweet

More Decks by Artyom "Töma" Gavrichenkov

See All by Artyom "Töma" Gavrichenkov
[EE DNS Forum 2018] DDoS on DNS: past, present and inevitable
ximaera
0
53
Wrong, wrong, WRONG! methods of DDoS mitigation
ximaera
0
340
DDoS Beasts and How to Fight Them (Nginx Conf 2018)
ximaera
0
190
DDoS tutorial (China ISC 360)
ximaera
0
210
[RU] “I, Not Robot". A design of the contemporary CAPTCHA challenges and the future of the Turing test
ximaera
0
110
DDoS 101 (2018, PaymentSecurity RU 2018)
ximaera
0
32
Memcached Amplification: Lessons Learned (NANOG 73)
ximaera
0
170
DDoS Beasts and How to Fight Them
ximaera
0
48
Memcached Amplification DDoS: Lessons Learned (ENOG 15)
ximaera
0
45

Other Decks in Technology

See All in Technology
The Role of Developer Relations in AI Product Success.
giftojabu1
0
140
20241120_JAWS_東京_ランチタイムLT#17_AWS認定全冠の先へ
tsumita
2
300
Engineer Career Talk
lycorp_recruit_jp
0
190
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
390
Security-JAWS【第35回】勉強会クラウドにおけるマルウェアやコンテンツ改ざんへの対策
4su_para
0
180
Application Development WG Intro at AppDeveloperCon
salaboy
0
200
エンジニア人生の拡張性を高める 「探索型キャリア設計」の提案
tenshoku_draft
1
130
Lambdaと地方とコミュニティ
miu_crescent
2
370
AGIについてChatGPTに聞いてみた
blueb
0
130
Incident Response Practices: Waroom's Features and Future Challenges
rrreeeyyy
0
160
CysharpのOSS群から見るModern C#の現在地
neuecc
2
3.5k
TypeScript、上達の瞬間
sadnessojisan
46
13k

Featured

See All Featured
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
44
2.2k
Typedesign – Prime Four
hannesfritz
40
2.4k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
720
The Pragmatic Product Professional
lauravandoore
31
6.3k
Embracing the Ebb and Flow
colly
84
4.5k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
StorybookのUI Testing Handbookを読んだ
zakiyama
27
5.3k
BBQ
matthewcrist
85
9.3k
Adopting Sorbet at Scale
ufuk
73
9.1k

Transcript

  1. Contemporary requirements for zone transfers Artyom Gavrichenkov <[email protected]> GPG: 2deb

    97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191

  2. A long, long time ago. • /etc/hosts • Service owner

    responsible for the name resolution

  3. Next. • Authoritative DNS servers • DNS registries • Cloud

    DNS services

  4. A Split. Customers Providers

  5. 1

  6. 2

  8. A Split. Customers Providers

  9. Customers Providers • DNSSEC • CAA • TLS …

  10. Customers Providers ? • DNSSEC • CAA • TLS …

  11. Customers Providers • Backup datacenters • Geobalancing • ASN-based balancing

    • CI/CD • DNSSEC • CAA • TLS …
  12. None

  13. DDoS Challenges • UDP-based protocol • Thanks God, a truncate

    thing • Amplification attacks

  14. Cloud solutions! • Amazon Route53 • Dyn • Azure •

    Cloudflare • Google Cloud …

  15. Cloud solutions! • Amazon Route53 • Dyn • Azure •

    Cloudflare • Google Cloud … But.

  16. Cloud solutions! • Amazon Route53 • Dyn • Azure •

    Cloudflare • Google Cloud … But. What about AXFR?
  17. None

  18. “DNS Zone Transfers (AXFR/IXFR) support for Route53 is a hotly

    asked for feature, and is one that we will consider adding in the future.” Amazon, 2012.
  19. None

  20. DNSControl https://github.com/StackExchange/dnscontrol/ “Synchronize your DNS to multiple providers from a

    simple DSL”

  21. A Standard? • DOTS • CDNI • DNSops?

  22. A Standard? Zone transfers with blackjack and stuff • Balancing

    and failover • Traffic load measurement & rate limiting • Dynamic filters • Extensions

  23. Q&A Artyom Gavrichenkov <[email protected]>