Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Contemporary requirements for zone transfers

Artyom "Töma" Gavrichenkov
October 12, 2017
Technology
0
43

Contemporary requirements for zone transfers

Artyom "Töma" Gavrichenkov

October 12, 2017
Tweet

More Decks by Artyom "Töma" Gavrichenkov

See All by Artyom "Töma" Gavrichenkov
[EE DNS Forum 2018] DDoS on DNS: past, present and inevitable
ximaera
0
52
Wrong, wrong, WRONG! methods of DDoS mitigation
ximaera
0
330
DDoS Beasts and How to Fight Them (Nginx Conf 2018)
ximaera
0
180
DDoS tutorial (China ISC 360)
ximaera
0
210
[RU] “I, Not Robot". A design of the contemporary CAPTCHA challenges and the future of the Turing test
ximaera
0
110
DDoS 101 (2018, PaymentSecurity RU 2018)
ximaera
0
29
Memcached Amplification: Lessons Learned (NANOG 73)
ximaera
0
160
DDoS Beasts and How to Fight Them
ximaera
0
43
Memcached Amplification DDoS: Lessons Learned (ENOG 15)
ximaera
0
40

Other Decks in Technology

See All in Technology
よく聞くけど使ったことないソフトウェアNo.1 KafkaとSnowflake
foursue
4
510
web-application-security
matsuihidetoshi
1
190
VSCodeの拡張機能を作っている話
ebarakazuhiro
1
800
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
5
37k
How to Lead? Testimonial of a Lead Android Engineer
oleur
1
110
Tellus の衛星データを見てみよう #mf_fukuoka
kongmingstrap
0
270
MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code
lycorptech_jp
PRO
8
620
.NET Profiler in 2024.
kkamegawa
2
1.4k
社内アプリで Cloudflare D1を プロダクト運用してみた体験談(Tokyo)
haochenx
0
120
一生覚えておきたい「システム開発=コミュニケーション」〜初めての実務案件振り返りLT〜
maimyyym
2
320
JAWS-UG Bedrock Claude Night
yamahiro
3
710
[新卒向け研修資料] テスト文字列に「うんこ」と入れるな(2024年版)
infiniteloop_inc
5
18k

Featured

See All Featured
Dealing with People You Can't Stand - Big Design 2015
cassininazir
358
22k
Build The Right Thing And Hit Your Dates
maggiecrowley
25
2k
BBQ
matthewcrist
80
8.8k
Creatively Recalculating Your Daily Design Routine
revolveconf
211
11k
The Invisible Side of Design
smashingmag
294
49k
Agile that works and the tools we love
rasmusluckow
325
20k
Designing the Hi-DPI Web
ddemaree
276
33k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
660
120k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
65
14k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
Rails Girls Zürich Keynote
gr2m
91
13k
The Pragmatic Product Professional
lauravandoore
26
5.8k

Transcript

  1. Contemporary requirements for zone transfers Artyom Gavrichenkov <[email protected]> GPG: 2deb

    97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191

  2. A long, long time ago. • /etc/hosts • Service owner

    responsible for the name resolution

  3. Next. • Authoritative DNS servers • DNS registries • Cloud

    DNS services

  4. A Split. Customers Providers

  5. 1

  6. 2

  8. A Split. Customers Providers

  9. Customers Providers • DNSSEC • CAA • TLS …

  10. Customers Providers ? • DNSSEC • CAA • TLS …

  11. Customers Providers • Backup datacenters • Geobalancing • ASN-based balancing

    • CI/CD • DNSSEC • CAA • TLS …
  12. None

  13. DDoS Challenges • UDP-based protocol • Thanks God, a truncate

    thing • Amplification attacks

  14. Cloud solutions! • Amazon Route53 • Dyn • Azure •

    Cloudflare • Google Cloud …

  15. Cloud solutions! • Amazon Route53 • Dyn • Azure •

    Cloudflare • Google Cloud … But.

  16. Cloud solutions! • Amazon Route53 • Dyn • Azure •

    Cloudflare • Google Cloud … But. What about AXFR?
  17. None

  18. “DNS Zone Transfers (AXFR/IXFR) support for Route53 is a hotly

    asked for feature, and is one that we will consider adding in the future.” Amazon, 2012.
  19. None

  20. DNSControl https://github.com/StackExchange/dnscontrol/ “Synchronize your DNS to multiple providers from a

    simple DSL”

  21. A Standard? • DOTS • CDNI • DNSops?

  22. A Standard? Zone transfers with blackjack and stuff • Balancing

    and failover • Traffic load measurement & rate limiting • Dynamic filters • Extensions

  23. Q&A Artyom Gavrichenkov <[email protected]>