Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Domain Name System Service Application Programming Interface

Artyom "Töma" Gavrichenkov
March 22, 2018
Technology
0
57

Domain Name System Service Application Programming Interface

Artyom "Töma" Gavrichenkov

March 22, 2018
Tweet

More Decks by Artyom "Töma" Gavrichenkov

See All by Artyom "Töma" Gavrichenkov
[EE DNS Forum 2018] DDoS on DNS: past, present and inevitable
ximaera
0
52
Wrong, wrong, WRONG! methods of DDoS mitigation
ximaera
0
330
DDoS Beasts and How to Fight Them (Nginx Conf 2018)
ximaera
0
180
DDoS tutorial (China ISC 360)
ximaera
0
210
[RU] “I, Not Robot". A design of the contemporary CAPTCHA challenges and the future of the Turing test
ximaera
0
110
DDoS 101 (2018, PaymentSecurity RU 2018)
ximaera
0
29
Memcached Amplification: Lessons Learned (NANOG 73)
ximaera
0
160
DDoS Beasts and How to Fight Them
ximaera
0
43
Memcached Amplification DDoS: Lessons Learned (ENOG 15)
ximaera
0
40

Other Decks in Technology

See All in Technology
ServiceNow Knowledge 24の歩き方 EYストラテジー・アンド・コンサルティング
manarobot
0
190
非同期推論システムによるコスト削減と信頼性向上
koki_nishihara
0
230
一生覚えておきたい「システム開発=コミュニケーション」〜初めての実務案件振り返りLT〜
maimyyym
0
130
反実仮想機械学習とは何か
usaito
PRO
11
4.3k
検証を通して見えてきたTiDBの性能特性
lycorptech_jp
PRO
6
3.7k
Compose Compiler Metricsを使った実践的なコードレビュー
tomorrowkey
1
220
SIEMを用いて、セキュリティログ分析の可視化と分析を実現し、PDCAサイクルを回してみた
coconala_engineer
0
280
MySQL の SQL クエリチューニングの要所を掴む勉強会
andpad
2
6.2k
開発生産性向上サービスを作るFindyが自分たちで開発生産性を爆上げした組織づくりの歩み / Findy's path to boosting its own development productivity 2024-04-17
ma3tk
3
650
アクセス制御にまつわる改善 / Improving access control
itkq
0
530
Java EE/Jakarta EEの現状と将来 ―クラウドネイティブ時代にJava EEは対応できるのか?―
takakiyo
1
150
NgRx Signal Store
rainerhahnekamp
0
150

Featured

See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
155
14k
The Brand Is Dead. Long Live the Brand.
mthomps
49
28k
Typedesign – Prime Four
hannesfritz
36
2.1k
Visualization
eitanlees
136
14k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
227
16k
Learning to Love Humans: Emotional Interface Design
aarron
267
39k
Mobile First: as difficult as doing things right
swwweet
216
8.6k
What’s in a name? Adding method to the madness
productmarketing
PRO
16
2.6k
The Invisible Customer
myddelton
114
12k
Designing for humans not robots
tammielis
248
25k
The MySQL Ecosystem @ GitHub 2015
samlambert
243
12k
Documentation Writing (for coders)
carmenintech
60
3.9k

Transcript

  1. Domain Name System Service Application Programming Interface Artyom Gavrichenkov <[email protected]>

    GPG: 2deb 97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191

  2. • Geotargeting/ASN targeting • Failover • DDoS • “Anycast has

    already become necessary for enterprise DNS” – Johan Ihren, Netnod etc. DNS-related challenges

  3. • Akamai • Amazon Route 53 • Azure DNS •

    Cloudflare • Dyn • Google Cloud DNS [Page 1 of 100] Cloud-based solutions!

  4. • But what about zone transfer? Cloud-based solutions!

  5. • But what about zone transfer? “DNS Zone Transfers (AXFR/IXFR)

    support for Route53 is a hotly asked for feature, and is one that we will consider adding in the future.” Amazon, 2012. Cloud-based solutions!

  6. • But what about zone transfer? Cloud-based solutions!

  7. Instead of zone transfer: “The Microsoft Azure DNS Resource Provider

    REST API allows you to create and modify DNS zones and records hosted within Azure.”

  8. • A lot of features are missing and/or are impossible

    to implement via the standard zone transfer mechanism • An enterprise generally wants status/feedback/statistics • RESTful XML-RPC/JSON-RPC is something appealing and easy to use There are reasons for that.

  9. • Those API look beautiful! • On the inside, they

    are often less appealing • There’s no RFC or BCP for designing those However.

  10. • There’s no RFC or BCP for designing those, which

    is a problem, because once in a while you’re going to change the provider • And all the APIs are different, requiring considerable effort • This is not meant to be a vendor lock-in, and this is not a vendor lock-in in practice DNS APIs

  11. An initiative to create a common API for: • New

    providers entering the market • Old providers who might want to ease the migration • …reducing the Internet chaos a bit! DNSSAPI

  12. • RESTful JSON over HTTPS • Core concepts (zones, “split

    DNS”, etc) from draft-ietf-dnsop-terminology-bis • Plus all the features and policies currently offered on the market: • https://docs.aws.amazon.com/Route53/latest/APIRef erence/Welcome.html • https://ns1.com/api and others DNSSAPI

  13. • Included, of course • A design goal from the

    very beginning • There are some thoughts about how DNSSAPI can help in DNSSEC worldwide deployment DNSSEC

  14. • Extensible to handle future concepts • A private namespace

    (like, “X-”-something) for the private features and attributes • A new IANA registry for the public namespace? IANA Considerations

  15. • October’17-May’18: collecting feedback • 12.10.2017: idea presented at the

    ICANN EE DNS Forum • 22.03.2018: dnsop WG • April’18: release v0.01 (draft-02) • April-October: collecting feedback, polishing • November’18 (IETF 103): release v0.2 • 2019: release candidate Milestones

  16. Q&A, any suggestions? Artyom Gavrichenkov <[email protected]>

  17. • DNSAPI is hijacked by Microsoft • Hence additional “S”

    The name