Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Contemporary requirements for zone transfers
Search
Artyom "Töma" Gavrichenkov
October 12, 2017
Technology
0
49
Contemporary requirements for zone transfers
Artyom "Töma" Gavrichenkov
October 12, 2017
Tweet
Share
More Decks by Artyom "Töma" Gavrichenkov
See All by Artyom "Töma" Gavrichenkov
[EE DNS Forum 2018] DDoS on DNS: past, present and inevitable
ximaera
0
54
Wrong, wrong, WRONG! methods of DDoS mitigation
ximaera
0
340
DDoS Beasts and How to Fight Them (Nginx Conf 2018)
ximaera
0
190
DDoS tutorial (China ISC 360)
ximaera
0
220
[RU] “I, Not Robot". A design of the contemporary CAPTCHA challenges and the future of the Turing test
ximaera
0
110
DDoS 101 (2018, PaymentSecurity RU 2018)
ximaera
0
35
Memcached Amplification: Lessons Learned (NANOG 73)
ximaera
0
180
DDoS Beasts and How to Fight Them
ximaera
0
49
Memcached Amplification DDoS: Lessons Learned (ENOG 15)
ximaera
0
45
Other Decks in Technology
See All in Technology
信頼されるためにやったこと、 やらなかったこと。/What we did to be trusted, What we did not do.
bitkey
PRO
0
1.6k
知っててうれしい HTTP Cookie を使ったセッション管理について
greendrop
1
110
サイバー攻撃を想定したセキュリティガイドライン 策定とASM及びCNAPPの活用方法
syoshie
3
1.7k
サーバーなしでWordPress運用、できますよ。
sogaoh
PRO
0
170
20240513 - 框裡框外_文學院學生如何在AI世代安身立命 @ 淡江大學
dpys
0
620
Fabric 移行時の躓きポイントと対応策
ohata_ds
1
120
プロダクト組織で取り組むアドベントカレンダー/Advent Calendar in Product Teams
mixplace
0
660
組織に自動テストを書く文化を根付かせる戦略(2024冬版) / Building Automated Test Culture 2024 Winter Edition
twada
PRO
26
7.1k
Opcodeを読んでいたら何故かphp-srcを読んでいた話
murashotaro
0
370
能動的ドメイン名ライフサイクル管理のすゝめ / Practice on Active Domain Name Lifecycle Management
nttcom
0
310
生成AIによるテスト設計支援プロセスの構築とプロセス内のボトルネック解消の取り組み / 20241220 Suguru Ishii
shift_evolve
0
180
.NET 最新アップデート ~ AI とクラウド時代のアプリモダナイゼーション
chack411
0
140
Featured
See All Featured
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.6k
Done Done
chrislema
182
16k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.4k
Speed Design
sergeychernyshev
25
720
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
Why Our Code Smells
bkeepers
PRO
335
57k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
GraphQLの誤解/rethinking-graphql
sonatard
68
10k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
29
2k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Transcript
Contemporary requirements for zone transfers Artyom Gavrichenkov <
[email protected]
> GPG: 2deb
97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191
A long, long time ago. • /etc/hosts • Service owner
responsible for the name resolution
Next. • Authoritative DNS servers • DNS registries • Cloud
DNS services
A Split. Customers Providers
1
2
…
A Split. Customers Providers
Customers Providers • DNSSEC • CAA • TLS …
Customers Providers ? • DNSSEC • CAA • TLS …
Customers Providers • Backup datacenters • Geobalancing • ASN-based balancing
• CI/CD • DNSSEC • CAA • TLS …
None
DDoS Challenges • UDP-based protocol • Thanks God, a truncate
thing • Amplification attacks
Cloud solutions! • Amazon Route53 • Dyn • Azure •
Cloudflare • Google Cloud …
Cloud solutions! • Amazon Route53 • Dyn • Azure •
Cloudflare • Google Cloud … But.
Cloud solutions! • Amazon Route53 • Dyn • Azure •
Cloudflare • Google Cloud … But. What about AXFR?
None
“DNS Zone Transfers (AXFR/IXFR) support for Route53 is a hotly
asked for feature, and is one that we will consider adding in the future.” Amazon, 2012.
None
DNSControl https://github.com/StackExchange/dnscontrol/ “Synchronize your DNS to multiple providers from a
simple DSL”
A Standard? • DOTS • CDNI • DNSops?
A Standard? Zone transfers with blackjack and stuff • Balancing
and failover • Traffic load measurement & rate limiting • Dynamic filters • Extensions
Q&A Artyom Gavrichenkov <
[email protected]
>
ximaera
bitkey
greendrop
syoshie
sogaoh
dpys
ohata_ds
mixplace
twada
murashotaro
nttcom
shift_evolve
chack411
kastner
chrislema
danielanewman
sergeychernyshev
lemiorhan
bkeepers
afnizarnur
erikaheidi
bermonpainter
sonatard
jcasabona
![Contemporary requirements for zone transfers Artyom Gavrichenkov <[email protected]> GPG: 2deb](https://files.speakerdeck.com/presentations/3eb7b96fd5824f42904d1ec183cc498b/slide_0.jpg){kind=link}
![Q&A Artyom Gavrichenkov <[email protected]>](https://files.speakerdeck.com/presentations/3eb7b96fd5824f42904d1ec183cc498b/slide_22.jpg){kind=link}