Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Contemporary requirements for zone transfers
Search
Artyom "Töma" Gavrichenkov
October 12, 2017
Technology
0
43
Contemporary requirements for zone transfers
Artyom "Töma" Gavrichenkov
October 12, 2017
Tweet
Share
More Decks by Artyom "Töma" Gavrichenkov
See All by Artyom "Töma" Gavrichenkov
[EE DNS Forum 2018] DDoS on DNS: past, present and inevitable
ximaera
0
52
Wrong, wrong, WRONG! methods of DDoS mitigation
ximaera
0
330
DDoS Beasts and How to Fight Them (Nginx Conf 2018)
ximaera
0
180
DDoS tutorial (China ISC 360)
ximaera
0
210
[RU] “I, Not Robot". A design of the contemporary CAPTCHA challenges and the future of the Turing test
ximaera
0
110
DDoS 101 (2018, PaymentSecurity RU 2018)
ximaera
0
29
Memcached Amplification: Lessons Learned (NANOG 73)
ximaera
0
160
DDoS Beasts and How to Fight Them
ximaera
0
43
Memcached Amplification DDoS: Lessons Learned (ENOG 15)
ximaera
0
40
Other Decks in Technology
See All in Technology
よく聞くけど使ったことないソフトウェアNo.1 KafkaとSnowflake
foursue
4
510
web-application-security
matsuihidetoshi
1
190
VSCodeの拡張機能を作っている話
ebarakazuhiro
1
800
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
5
37k
How to Lead? Testimonial of a Lead Android Engineer
oleur
1
110
Tellus の衛星データを見てみよう #mf_fukuoka
kongmingstrap
0
270
MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code
lycorptech_jp
PRO
8
620
.NET Profiler in 2024.
kkamegawa
2
1.4k
社内アプリで Cloudflare D1を プロダクト運用してみた体験談(Tokyo)
haochenx
0
120
一生覚えておきたい「システム開発=コミュニケーション」〜初めての実務案件振り返りLT〜
maimyyym
2
320
JAWS-UG Bedrock Claude Night
yamahiro
3
710
[新卒向け研修資料] テスト文字列に「うんこ」と入れるな(2024年版)
infiniteloop_inc
5
18k
Featured
See All Featured
Dealing with People You Can't Stand - Big Design 2015
cassininazir
358
22k
Build The Right Thing And Hit Your Dates
maggiecrowley
25
2k
BBQ
matthewcrist
80
8.8k
Creatively Recalculating Your Daily Design Routine
revolveconf
211
11k
The Invisible Side of Design
smashingmag
294
49k
Agile that works and the tools we love
rasmusluckow
325
20k
Designing the Hi-DPI Web
ddemaree
276
33k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
660
120k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
65
14k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
Rails Girls Zürich Keynote
gr2m
91
13k
The Pragmatic Product Professional
lauravandoore
26
5.8k
Transcript
Contemporary requirements for zone transfers Artyom Gavrichenkov <
[email protected]
> GPG: 2deb
97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191
A long, long time ago. • /etc/hosts • Service owner
responsible for the name resolution
Next. • Authoritative DNS servers • DNS registries • Cloud
DNS services
A Split. Customers Providers
1
2
…
A Split. Customers Providers
Customers Providers • DNSSEC • CAA • TLS …
Customers Providers ? • DNSSEC • CAA • TLS …
Customers Providers • Backup datacenters • Geobalancing • ASN-based balancing
• CI/CD • DNSSEC • CAA • TLS …
None
DDoS Challenges • UDP-based protocol • Thanks God, a truncate
thing • Amplification attacks
Cloud solutions! • Amazon Route53 • Dyn • Azure •
Cloudflare • Google Cloud …
Cloud solutions! • Amazon Route53 • Dyn • Azure •
Cloudflare • Google Cloud … But.
Cloud solutions! • Amazon Route53 • Dyn • Azure •
Cloudflare • Google Cloud … But. What about AXFR?
None
“DNS Zone Transfers (AXFR/IXFR) support for Route53 is a hotly
asked for feature, and is one that we will consider adding in the future.” Amazon, 2012.
None
DNSControl https://github.com/StackExchange/dnscontrol/ “Synchronize your DNS to multiple providers from a
simple DSL”
A Standard? • DOTS • CDNI • DNSops?
A Standard? Zone transfers with blackjack and stuff • Balancing
and failover • Traffic load measurement & rate limiting • Dynamic filters • Extensions
Q&A Artyom Gavrichenkov <
[email protected]
>