Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Contemporary requirements for zone transfers

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Artyom "Töma" Gavrichenkov Artyom "Töma" Gavrichenkov
October 12, 2017
Technology
0
51

Contemporary requirements for zone transfers

Avatar for Artyom "Töma" Gavrichenkov

Artyom "Töma" Gavrichenkov

October 12, 2017
Tweet

More Decks by Artyom "Töma" Gavrichenkov

See All by Artyom "Töma" Gavrichenkov
[EE DNS Forum 2018] DDoS on DNS: past, present and inevitable
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
57
Wrong, wrong, WRONG! methods of DDoS mitigation
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
360
DDoS Beasts and How to Fight Them (Nginx Conf 2018)
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
200
DDoS tutorial (China ISC 360)
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
260
[RU] “I, Not Robot". A design of the contemporary CAPTCHA challenges and the future of the Turing test
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
130
DDoS 101 (2018, PaymentSecurity RU 2018)
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
47
Memcached Amplification: Lessons Learned (NANOG 73)
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
220
DDoS Beasts and How to Fight Them
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
74
Memcached Amplification DDoS: Lessons Learned (ENOG 15)
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
58

Other Decks in Technology

See All in Technology
フルカイテン株式会社 エンジニア向け採用資料
Avatar for FULL KAITEN fullkaiten
0
10k
Claude_CodeでSEOを最適化する_AI_Ops_Community_Vol.2__マーケティングx_AIはここまで進化した.pdf
Avatar for 小笠原理久 riku_423
2
600
Oracle Base Database Service 技術詳細
Avatar for oracle4engineer oracle4engineer
PRO
15
93k
モダンUIでフルサーバーレスなAIエージェントをAmplifyとCDKでサクッとデプロイしよう
Avatar for みのるん minorun365
4
220
データの整合性を保ちたいだけなんだ
Avatar for ShoheiMitani shoheimitani
8
3.2k
Contract One Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
13k
Oracle Cloud Observability and Management Platform - OCI 運用監視サービス概要 -
Avatar for oracle4engineer oracle4engineer
PRO
2
14k
~Everything as Codeを諦めない~ 後からCDK
Avatar for mu7889yoon / Yuta Nakamura mu7889yoon
3
450
生成AIを活用した音声文字起こしシステムの2つの構築パターンについて
Avatar for Kazuki Miura miu_crescent
PRO
3
210
Bill One急成長の舞台裏 開発組織が直面した失敗と教訓
Avatar for SansanTech sansantech
PRO
2
380
AWS Network Firewall Proxyを触ってみた
Avatar for nagisa_53 nagisa53
1
240
外部キー制約の知っておいて欲しいこと - RDBMSを正しく使うために必要なこと / FOREIGN KEY Night
Avatar for soudai sone soudai
PRO
12
5.6k

Featured

See All Featured
Design in an AI World
Avatar for tapps tapps
0
140
What the history of the web can teach us about the future of AI
Avatar for Ines Montani inesmontani
PRO
1
430
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
26
3.3k
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
302
51k
Organizational Design Perspectives: An Ontology of Organizational Design Elements
Avatar for Dr. Kim W Petersen kimpetersen
PRO
1
230
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
408
66k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
33
1.5k
The #1 spot is gone: here's how to win anyway
Avatar for Tamara Novitovic tamaranovitovic
2
940
Scaling GitHub
Avatar for Zach Holman holman
464
140k
Kristin Tynski - Automating Marketing Tasks With AI
Avatar for Tech SEO Connect techseoconnect
PRO
0
150
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
122
21k

Transcript

  1. Contemporary requirements for zone transfers Artyom Gavrichenkov <[email protected]> GPG: 2deb

    97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191

  2. A long, long time ago. • /etc/hosts • Service owner

    responsible for the name resolution

  3. Next. • Authoritative DNS servers • DNS registries • Cloud

    DNS services

  4. A Split. Customers Providers

  5. 1

  6. 2

  8. A Split. Customers Providers

  9. Customers Providers • DNSSEC • CAA • TLS …

  10. Customers Providers ? • DNSSEC • CAA • TLS …

  11. Customers Providers • Backup datacenters • Geobalancing • ASN-based balancing

    • CI/CD • DNSSEC • CAA • TLS …
  12. None

  13. DDoS Challenges • UDP-based protocol • Thanks God, a truncate

    thing • Amplification attacks

  14. Cloud solutions! • Amazon Route53 • Dyn • Azure •

    Cloudflare • Google Cloud …

  15. Cloud solutions! • Amazon Route53 • Dyn • Azure •

    Cloudflare • Google Cloud … But.

  16. Cloud solutions! • Amazon Route53 • Dyn • Azure •

    Cloudflare • Google Cloud … But. What about AXFR?
  17. None

  18. “DNS Zone Transfers (AXFR/IXFR) support for Route53 is a hotly

    asked for feature, and is one that we will consider adding in the future.” Amazon, 2012.
  19. None

  20. DNSControl https://github.com/StackExchange/dnscontrol/ “Synchronize your DNS to multiple providers from a

    simple DSL”

  21. A Standard? • DOTS • CDNI • DNSops?

  22. A Standard? Zone transfers with blackjack and stuff • Balancing

    and failover • Traffic load measurement & rate limiting • Dynamic filters • Extensions

  23. Q&A Artyom Gavrichenkov <[email protected]>