Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Contemporary requirements for zone transfers

Avatar for Artyom "Töma" Gavrichenkov Artyom "Töma" Gavrichenkov
October 12, 2017
Technology
0
50

Contemporary requirements for zone transfers

Avatar for Artyom "Töma" Gavrichenkov

Artyom "Töma" Gavrichenkov

October 12, 2017
Tweet

More Decks by Artyom "Töma" Gavrichenkov

See All by Artyom "Töma" Gavrichenkov
[EE DNS Forum 2018] DDoS on DNS: past, present and inevitable
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
57
Wrong, wrong, WRONG! methods of DDoS mitigation
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
340
DDoS Beasts and How to Fight Them (Nginx Conf 2018)
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
190
DDoS tutorial (China ISC 360)
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
240
[RU] “I, Not Robot". A design of the contemporary CAPTCHA challenges and the future of the Turing test
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
120
DDoS 101 (2018, PaymentSecurity RU 2018)
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
41
Memcached Amplification: Lessons Learned (NANOG 73)
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
210
DDoS Beasts and How to Fight Them
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
60
Memcached Amplification DDoS: Lessons Learned (ENOG 15)
Avatar for Artyom "Töma" Gavrichenkov ximaera
0
51

Other Decks in Technology

See All in Technology
AI開発ツールCreateがAnythingになったよ
Avatar for s sato tendasato
0
130
Aurora DSQLはサーバーレスアーキテクチャの常識を変えるのか
Avatar for TomoyaIwata iwatatomoya
1
990
機械学習を扱うプラットフォーム開発と運用事例
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
0
250
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
Avatar for oracle4engineer oracle4engineer
PRO
4
10k
【初心者向け】ローカルLLMの色々な動かし方まとめ
Avatar for Aratako aratako
7
3.5k
「Linux」という言葉が指すもの
Avatar for Satoru Takeuchi sat
PRO
4
130
5分でカオスエンジニアリングを分かった気になろう
Avatar for Aja9tochin pandayumi
0
240
KotlinConf 2025_イベントレポート
Avatar for ソニー株式会社 sony
1
140
今!ソフトウェアエンジニアがハードウェアに手を出すには
Avatar for mackee mackee
12
4.8k
新アイテムをどう使っていくか?みんなであーだこーだ言ってみよう / 20250911-rpi-jam-tokyo
Avatar for Akira Ouchi akkiesoft
0
270
「何となくテストする」を卒業するためにプロダクトが動く仕組みを理解しよう
Avatar for kawabeaver kawabeaver
0
410
なぜテストマネージャの視点が 必要なのか? 〜 一歩先へ進むために 〜
Avatar for Sammy(MoritaMasami) moritamasami
0
220

Featured

See All Featured
The Web Performance Landscape in 2024 [PerfNow 2024]
Avatar for Tammy Everts tammyeverts
9
810
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
358
30k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
90
590k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
8
920
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
352
21k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
74
5k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
139
34k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
126
17k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
507
140k
Scaling GitHub
Avatar for Zach Holman holman
463
140k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
229
22k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
173
14k

Transcript

  1. Contemporary requirements for zone transfers Artyom Gavrichenkov <[email protected]> GPG: 2deb

    97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191

  2. A long, long time ago. • /etc/hosts • Service owner

    responsible for the name resolution

  3. Next. • Authoritative DNS servers • DNS registries • Cloud

    DNS services

  4. A Split. Customers Providers

  5. 1

  6. 2

  8. A Split. Customers Providers

  9. Customers Providers • DNSSEC • CAA • TLS …

  10. Customers Providers ? • DNSSEC • CAA • TLS …

  11. Customers Providers • Backup datacenters • Geobalancing • ASN-based balancing

    • CI/CD • DNSSEC • CAA • TLS …
  12. None

  13. DDoS Challenges • UDP-based protocol • Thanks God, a truncate

    thing • Amplification attacks

  14. Cloud solutions! • Amazon Route53 • Dyn • Azure •

    Cloudflare • Google Cloud …

  15. Cloud solutions! • Amazon Route53 • Dyn • Azure •

    Cloudflare • Google Cloud … But.

  16. Cloud solutions! • Amazon Route53 • Dyn • Azure •

    Cloudflare • Google Cloud … But. What about AXFR?
  17. None

  18. “DNS Zone Transfers (AXFR/IXFR) support for Route53 is a hotly

    asked for feature, and is one that we will consider adding in the future.” Amazon, 2012.
  19. None

  20. DNSControl https://github.com/StackExchange/dnscontrol/ “Synchronize your DNS to multiple providers from a

    simple DSL”

  21. A Standard? • DOTS • CDNI • DNSops?

  22. A Standard? Zone transfers with blackjack and stuff • Balancing

    and failover • Traffic load measurement & rate limiting • Dynamic filters • Extensions

  23. Q&A Artyom Gavrichenkov <[email protected]>