Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Domain Name System Service Application Programm...

Artyom "Töma" Gavrichenkov
March 22, 2018
Technology
0
70

Domain Name System Service Application Programming Interface

Artyom "Töma" Gavrichenkov

March 22, 2018
Tweet

More Decks by Artyom "Töma" Gavrichenkov

See All by Artyom "Töma" Gavrichenkov
[EE DNS Forum 2018] DDoS on DNS: past, present and inevitable
ximaera
0
53
Wrong, wrong, WRONG! methods of DDoS mitigation
ximaera
0
340
DDoS Beasts and How to Fight Them (Nginx Conf 2018)
ximaera
0
190
DDoS tutorial (China ISC 360)
ximaera
0
210
[RU] “I, Not Robot". A design of the contemporary CAPTCHA challenges and the future of the Turing test
ximaera
0
110
DDoS 101 (2018, PaymentSecurity RU 2018)
ximaera
0
32
Memcached Amplification: Lessons Learned (NANOG 73)
ximaera
0
170
DDoS Beasts and How to Fight Them
ximaera
0
48
Memcached Amplification DDoS: Lessons Learned (ENOG 15)
ximaera
0
45

Other Decks in Technology

See All in Technology
BLADE: An Attempt to Automate Penetration Testing Using Autonomous AI Agents
bbrbbq
0
320
【令和最新版】AWS Direct Connectと愉快なGWたちのおさらい
minorun365
PRO
5
760
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.2k
『Firebase Dynamic Links終了に備える』 FlutterアプリでのAdjust導入とDeeplink最適化
techiro
0
140
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
880
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
540
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
12k
CDCL による厳密解法を採用した MILP ソルバー
imai448
3
160
【Startup CTO of the Year 2024 / Audience Award】アセンド取締役CTO 丹羽健
niwatakeru
0
1.3k
Storybook との上手な向き合い方を考える
re_taro
1
180
AIチャットボット開発への生成AI活用
ryomrt
0
170
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430

Featured

See All Featured
A Philosophy of Restraint
colly
203
16k
Rails Girls Zürich Keynote
gr2m
94
13k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
370
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k
Six Lessons from altMBA
skipperchong
27
3.5k
How GitHub (no longer) Works
holman
310
140k
The Cult of Friendly URLs
andyhume
78
6k
Building an army of robots
kneath
302
43k
Become a Pro
speakerdeck
PRO
25
5k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
0
110
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
16
2.1k

Transcript

  1. Domain Name System Service Application Programming Interface Artyom Gavrichenkov <[email protected]>

    GPG: 2deb 97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191

  2. • Geotargeting/ASN targeting • Failover • DDoS • “Anycast has

    already become necessary for enterprise DNS” – Johan Ihren, Netnod etc. DNS-related challenges

  3. • Akamai • Amazon Route 53 • Azure DNS •

    Cloudflare • Dyn • Google Cloud DNS [Page 1 of 100] Cloud-based solutions!

  4. • But what about zone transfer? Cloud-based solutions!

  5. • But what about zone transfer? “DNS Zone Transfers (AXFR/IXFR)

    support for Route53 is a hotly asked for feature, and is one that we will consider adding in the future.” Amazon, 2012. Cloud-based solutions!

  6. • But what about zone transfer? Cloud-based solutions!

  7. Instead of zone transfer: “The Microsoft Azure DNS Resource Provider

    REST API allows you to create and modify DNS zones and records hosted within Azure.”

  8. • A lot of features are missing and/or are impossible

    to implement via the standard zone transfer mechanism • An enterprise generally wants status/feedback/statistics • RESTful XML-RPC/JSON-RPC is something appealing and easy to use There are reasons for that.

  9. • Those API look beautiful! • On the inside, they

    are often less appealing • There’s no RFC or BCP for designing those However.

  10. • There’s no RFC or BCP for designing those, which

    is a problem, because once in a while you’re going to change the provider • And all the APIs are different, requiring considerable effort • This is not meant to be a vendor lock-in, and this is not a vendor lock-in in practice DNS APIs

  11. An initiative to create a common API for: • New

    providers entering the market • Old providers who might want to ease the migration • …reducing the Internet chaos a bit! DNSSAPI

  12. • RESTful JSON over HTTPS • Core concepts (zones, “split

    DNS”, etc) from draft-ietf-dnsop-terminology-bis • Plus all the features and policies currently offered on the market: • https://docs.aws.amazon.com/Route53/latest/APIRef erence/Welcome.html • https://ns1.com/api and others DNSSAPI

  13. • Included, of course • A design goal from the

    very beginning • There are some thoughts about how DNSSAPI can help in DNSSEC worldwide deployment DNSSEC

  14. • Extensible to handle future concepts • A private namespace

    (like, “X-”-something) for the private features and attributes • A new IANA registry for the public namespace? IANA Considerations

  15. • October’17-May’18: collecting feedback • 12.10.2017: idea presented at the

    ICANN EE DNS Forum • 22.03.2018: dnsop WG • April’18: release v0.01 (draft-02) • April-October: collecting feedback, polishing • November’18 (IETF 103): release v0.2 • 2019: release candidate Milestones

  16. Q&A, any suggestions? Artyom Gavrichenkov <[email protected]>

  17. • DNSAPI is hijacked by Microsoft • Hence additional “S”

    The name