SlideShare uma empresa Scribd logo

DNS Delegation

Andrii Gakhov
Andrii Gakhov

A Lightning talk about load distribution using DNS Delegation

Tecnologia
1 de 15
Baixar para ler offline
Load distributionLoad distribution with DNS Delegationwith DNS Delegation Andrii Gakhov, ferret go GmbHAndrii Gakhov, ferret go GmbH Lightning talk, Feb 14, 2018Lightning talk, Feb 14, 2018
The ProblemThe Problem Balance the load without a single point of failureBalance the load without a single point of failure Balance the load geographicallyBalance the load geographically
DNS DelegationDNS Delegation A technique to route usersA technique to route users to di erent application serversto di erent application servers by using DNS tricksby using DNS tricks
DNS Delegation StepsDNS Delegation Steps For the target domainFor the target domain test.comtest.com we de ne a number of Nameserverswe de ne a number of Nameservers The zone le on each such Nameserver is di erentThe zone le on each such Nameserver is di erent in the way that it resolves A-record as its own IP Addressin the way that it resolves A-record as its own IP Address
Theoretical ExampleTheoretical Example The zone le onThe zone le on ns1.test.comns1.test.com containscontains The zone le onThe zone le on ns2.test.comns2.test.com containscontains ns1.test.com A 192.0.0.1 ns2.test.com A 192.0.0.2 www.test.com NS ns1.test.com www.test.com NS ns2.test.com @ IN A 192.0.0.1 @ IN A 192.0.0.2
How it worksHow it works User needs to resolve the domain's IP Address to visit itUser needs to resolve the domain's IP Address to visit it  He uses one of the nameservers con gured in his OS (e.g. 8.8.8.8)He uses one of the nameservers con gured in his OS (e.g. 8.8.8.8)  The nameserver resolves the list of the domain's NS serversThe nameserver resolves the list of the domain's NS servers and try them one after another in some orderand try them one after another in some order  If the selected NS is not available, next one will be triedIf the selected NS is not available, next one will be tried
What if NS server is down?What if NS server is down? Intermediate nameservers cache the reponse,Intermediate nameservers cache the reponse, thus, if response is cached but the server is down,thus, if response is cached but the server is down, webservice isn't reachable by users, who use that nameserverswebservice isn't reachable by users, who use that nameservers  With smallWith small TTLTTL we can force intermediate nameserverswe can force intermediate nameservers to clean the cache and unblock those usersto clean the cache and unblock those users All other users will not be directed to the down NS server,All other users will not be directed to the down NS server, because their NS services don't respon toobecause their NS services don't respon too
Notes and LimitationsNotes and Limitations Small TTL and many NS serversSmall TTL and many NS servers can increase the DNS tra ccan increase the DNS tra c All webservices have to be exactly sameAll webservices have to be exactly same and state has to managed in a distributed manner,and state has to managed in a distributed manner, because clients can switch between serversbecause clients can switch between servers many times during the sessionmany times during the session Practical limit is aboutPractical limit is about 36 NS36 NS servers per domainservers per domain
Puppet examplePuppet example class { 'bind': # I use **aneesh-bind** module for Puppet listen_on => 'port 53 { any; }', listen_on_v6 => 'port 53 { ::1; }', allow_query => '{ any; }', allow_update => '{ none; }', allow_transfer => '{ none; }', recursion => 'no', auth_nxdomain => 'yes', zone => { 'test.com' => [ 'type master', 'file "test.com.db"', 'allow-transfer { none; }', 'allow-query { any; }', 'allow-update { none; }', ], }, }
Create a zone le for theCreate a zone le for the test.comtest.com bind::zone_file { 'test.com.db': file_name => 'test.com.db', nameserver => 'ns1.test.com.', admin => 'admin.test.com.', ttl => '60', serial => '2018021304', refresh => '36', retry => '18', expire => '36', minimum => '36', records => [ '@ IN NS ns1.test.com.', '@ IN NS ns2.test.com.', '@ IN A 192.0.0.1', ], }
Step by StepStep by Step
Open 53Open 53 tcptcp andand udpudp ports for in/outports for in/out  Con gure puppet bind9 module with the zone leCon gure puppet bind9 module with the zone le  Deploy puppet con guration to the serverDeploy puppet con guration to the server 
Check that zone le is correctCheck that zone le is correct  Check thatCheck that named.confnamed.conf has no errorshas no errors  named-checkzone test.com /etc/bind/zones/test.com.db named-checkconf /etc/bind/named.conf
RestartRestart bind9bind9 and load the zone lesand load the zone les  Ensure everything works correctlyEnsure everything works correctly service bind9 restart rndc reconfig dig +noadditional +noquestion +nocomments +cmd +stats test.com. @ns1.test.com
Thank youThank you

Recomendados

Ubuntu For Intranet Services
Ubuntu For Intranet ServicesUbuntu For Intranet Services
Ubuntu For Intranet ServicesDominique Cimafranca
 
6 technical-dns-workshop-day3
6 technical-dns-workshop-day36 technical-dns-workshop-day3
6 technical-dns-workshop-day3DNS Entrepreneurship Center
 
How to optimize CloudLinux OS limits
How to optimize CloudLinux OS limitsHow to optimize CloudLinux OS limits
How to optimize CloudLinux OS limitsCloudLinux
 
초보자를 위한 분산 캐시 이야기
초보자를 위한 분산 캐시 이야기초보자를 위한 분산 캐시 이야기
초보자를 위한 분산 캐시 이야기OnGameServer
 
Ubuntu vps setup
Ubuntu vps setupUbuntu vps setup
Ubuntu vps setupVijay Sharma
 
Fighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 SasagFighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 Sasaggarrett honeycutt
 
Tombstones and Compaction
Tombstones and CompactionTombstones and Compaction
Tombstones and CompactionDataStax Academy
 
HKNOG 5.0 - NSEC caching
HKNOG 5.0 - NSEC cachingHKNOG 5.0 - NSEC caching
HKNOG 5.0 - NSEC cachingAPNIC
 

Recomendados

Ubuntu For Intranet Services
Ubuntu For Intranet ServicesUbuntu For Intranet Services
Ubuntu For Intranet ServicesDominique Cimafranca
 
6 technical-dns-workshop-day3
6 technical-dns-workshop-day36 technical-dns-workshop-day3
6 technical-dns-workshop-day3DNS Entrepreneurship Center
 
How to optimize CloudLinux OS limits
How to optimize CloudLinux OS limitsHow to optimize CloudLinux OS limits
How to optimize CloudLinux OS limitsCloudLinux
 
초보자를 위한 분산 캐시 이야기
초보자를 위한 분산 캐시 이야기초보자를 위한 분산 캐시 이야기
초보자를 위한 분산 캐시 이야기OnGameServer
 
Ubuntu vps setup
Ubuntu vps setupUbuntu vps setup
Ubuntu vps setupVijay Sharma
 
Fighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 SasagFighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 Sasaggarrett honeycutt
 
Tombstones and Compaction
Tombstones and CompactionTombstones and Compaction
Tombstones and CompactionDataStax Academy
 
HKNOG 5.0 - NSEC caching
HKNOG 5.0 - NSEC cachingHKNOG 5.0 - NSEC caching
HKNOG 5.0 - NSEC cachingAPNIC
 
Designing distributedsystems cht6
Designing distributedsystems cht6Designing distributedsystems cht6
Designing distributedsystems cht6Chen-Tien Tsai
 
Reactive Microservices with JRuby and Docker
Reactive Microservices with JRuby and DockerReactive Microservices with JRuby and Docker
Reactive Microservices with JRuby and DockerJohn Scattergood
 
Behind the Scenes at LiveJournal: Scaling Storytime
Behind the Scenes at LiveJournal: Scaling StorytimeBehind the Scenes at LiveJournal: Scaling Storytime
Behind the Scenes at LiveJournal: Scaling StorytimeSergeyChernyshev
 
Samba power point presentation
Samba power point presentationSamba power point presentation
Samba power point presentationMd Maksudur Rahman
 
Scaling Apache Pulsar to 10 Petabytes/Day
Scaling Apache Pulsar to 10 Petabytes/DayScaling Apache Pulsar to 10 Petabytes/Day
Scaling Apache Pulsar to 10 Petabytes/DayScyllaDB
 
Dns server setup on ubuntu vps (master+slave)
Dns server setup on ubuntu vps (master+slave)Dns server setup on ubuntu vps (master+slave)
Dns server setup on ubuntu vps (master+slave)Vijay Sharma
 
drbd9_and_drbdmanage_may_2015
drbd9_and_drbdmanage_may_2015drbd9_and_drbdmanage_may_2015
drbd9_and_drbdmanage_may_2015Alexandre Huynh
 
Keynote: Apache HBase at Yahoo! Scale
Keynote: Apache HBase at Yahoo! ScaleKeynote: Apache HBase at Yahoo! Scale
Keynote: Apache HBase at Yahoo! ScaleHBaseCon
 
Introduction to performance tuning perl web applications
Introduction to performance tuning perl web applicationsIntroduction to performance tuning perl web applications
Introduction to performance tuning perl web applicationsPerrin Harkins
 
Rhel4
Rhel4Rhel4
Rhel4Yash Gulati
 
GopherFest 2017 - Adding Context to NATS
GopherFest 2017 - Adding Context to NATSGopherFest 2017 - Adding Context to NATS
GopherFest 2017 - Adding Context to NATSwallyqs
 
DASH and HTTP2.0
DASH and HTTP2.0DASH and HTTP2.0
DASH and HTTP2.0Yoss Cohen
 
1. primary dns using bind for a and cname record for ipv4 and ipv6
1. primary dns using bind for a and cname record for ipv4 and ipv61. primary dns using bind for a and cname record for ipv4 and ipv6
1. primary dns using bind for a and cname record for ipv4 and ipv6Piyush Kumar
 
RabbitMQ - message broker
RabbitMQ - message brokerRabbitMQ - message broker
RabbitMQ - message brokerVít Kutný
 
Samba Optimization and Speed Tuning f...
Samba Optimization and Speed Tuning f...Samba Optimization and Speed Tuning f...
Samba Optimization and Speed Tuning f...wensheng wei
 
Doing QoS Before Ceph Cluster QoS is available - David Byte, Alex Lau
Doing QoS Before Ceph Cluster QoS is available - David Byte, Alex LauDoing QoS Before Ceph Cluster QoS is available - David Byte, Alex Lau
Doing QoS Before Ceph Cluster QoS is available - David Byte, Alex LauCeph Community
 
Automatic Operation Bot for Ceph - You Ji
Automatic Operation Bot for Ceph - You JiAutomatic Operation Bot for Ceph - You Ji
Automatic Operation Bot for Ceph - You JiCeph Community
 
Scaling PostgreSQL with Skytools
Scaling PostgreSQL with SkytoolsScaling PostgreSQL with Skytools
Scaling PostgreSQL with SkytoolsGavin Roy
 
With one click
With one clickWith one click
With one clickMarcus Deglos
 
MNPHP Scalable Architecture 101 - Feb 3 2011
MNPHP Scalable Architecture 101 - Feb 3 2011MNPHP Scalable Architecture 101 - Feb 3 2011
MNPHP Scalable Architecture 101 - Feb 3 2011Mike Willbanks
 
Windows most important server questions for l1 level
Windows most important server questions for l1 levelWindows most important server questions for l1 level
Windows most important server questions for l1 levelIICT Chromepet
 
Pmw2 k3ni 1-2b
Pmw2 k3ni 1-2bPmw2 k3ni 1-2b
Pmw2 k3ni 1-2bhariclant1
 

Mais conteúdo relacionado

Mais procurados

Designing distributedsystems cht6
Designing distributedsystems cht6Designing distributedsystems cht6
Designing distributedsystems cht6Chen-Tien Tsai
 
Reactive Microservices with JRuby and Docker
Reactive Microservices with JRuby and DockerReactive Microservices with JRuby and Docker
Reactive Microservices with JRuby and DockerJohn Scattergood
 
Behind the Scenes at LiveJournal: Scaling Storytime
Behind the Scenes at LiveJournal: Scaling StorytimeBehind the Scenes at LiveJournal: Scaling Storytime
Behind the Scenes at LiveJournal: Scaling StorytimeSergeyChernyshev
 
Samba power point presentation
Samba power point presentationSamba power point presentation
Samba power point presentationMd Maksudur Rahman
 
Scaling Apache Pulsar to 10 Petabytes/Day
Scaling Apache Pulsar to 10 Petabytes/DayScaling Apache Pulsar to 10 Petabytes/Day
Scaling Apache Pulsar to 10 Petabytes/DayScyllaDB
 
Dns server setup on ubuntu vps (master+slave)
Dns server setup on ubuntu vps (master+slave)Dns server setup on ubuntu vps (master+slave)
Dns server setup on ubuntu vps (master+slave)Vijay Sharma
 
drbd9_and_drbdmanage_may_2015
drbd9_and_drbdmanage_may_2015drbd9_and_drbdmanage_may_2015
drbd9_and_drbdmanage_may_2015Alexandre Huynh
 
Keynote: Apache HBase at Yahoo! Scale
Keynote: Apache HBase at Yahoo! ScaleKeynote: Apache HBase at Yahoo! Scale
Keynote: Apache HBase at Yahoo! ScaleHBaseCon
 
Introduction to performance tuning perl web applications
Introduction to performance tuning perl web applicationsIntroduction to performance tuning perl web applications
Introduction to performance tuning perl web applicationsPerrin Harkins
 
GopherFest 2017 - Adding Context to NATS
GopherFest 2017 - Adding Context to NATSGopherFest 2017 - Adding Context to NATS
GopherFest 2017 - Adding Context to NATSwallyqs
 
DASH and HTTP2.0
DASH and HTTP2.0DASH and HTTP2.0
DASH and HTTP2.0Yoss Cohen
 
1. primary dns using bind for a and cname record for ipv4 and ipv6
1. primary dns using bind for a and cname record for ipv4 and ipv61. primary dns using bind for a and cname record for ipv4 and ipv6
1. primary dns using bind for a and cname record for ipv4 and ipv6Piyush Kumar
 
RabbitMQ - message broker
RabbitMQ - message brokerRabbitMQ - message broker
RabbitMQ - message brokerVít Kutný
 
Samba Optimization and Speed Tuning f...
Samba Optimization and Speed Tuning f...Samba Optimization and Speed Tuning f...
Samba Optimization and Speed Tuning f...wensheng wei
 
Doing QoS Before Ceph Cluster QoS is available - David Byte, Alex Lau
Doing QoS Before Ceph Cluster QoS is available - David Byte, Alex LauDoing QoS Before Ceph Cluster QoS is available - David Byte, Alex Lau
Doing QoS Before Ceph Cluster QoS is available - David Byte, Alex LauCeph Community
 
Automatic Operation Bot for Ceph - You Ji
Automatic Operation Bot for Ceph - You JiAutomatic Operation Bot for Ceph - You Ji
Automatic Operation Bot for Ceph - You JiCeph Community
 
Scaling PostgreSQL with Skytools
Scaling PostgreSQL with SkytoolsScaling PostgreSQL with Skytools
Scaling PostgreSQL with SkytoolsGavin Roy
 
MNPHP Scalable Architecture 101 - Feb 3 2011
MNPHP Scalable Architecture 101 - Feb 3 2011MNPHP Scalable Architecture 101 - Feb 3 2011
MNPHP Scalable Architecture 101 - Feb 3 2011Mike Willbanks
 

Mais procurados (20)

Designing distributedsystems cht6
Designing distributedsystems cht6Designing distributedsystems cht6
Designing distributedsystems cht6
 
Reactive Microservices with JRuby and Docker
Reactive Microservices with JRuby and DockerReactive Microservices with JRuby and Docker
Reactive Microservices with JRuby and Docker
 
Behind the Scenes at LiveJournal: Scaling Storytime
Behind the Scenes at LiveJournal: Scaling StorytimeBehind the Scenes at LiveJournal: Scaling Storytime
Behind the Scenes at LiveJournal: Scaling Storytime
 
Samba power point presentation
Samba power point presentationSamba power point presentation
Samba power point presentation
 
Scaling Apache Pulsar to 10 Petabytes/Day
Scaling Apache Pulsar to 10 Petabytes/DayScaling Apache Pulsar to 10 Petabytes/Day
Scaling Apache Pulsar to 10 Petabytes/Day
 
Dns server setup on ubuntu vps (master+slave)
Dns server setup on ubuntu vps (master+slave)Dns server setup on ubuntu vps (master+slave)
Dns server setup on ubuntu vps (master+slave)
 
drbd9_and_drbdmanage_may_2015
drbd9_and_drbdmanage_may_2015drbd9_and_drbdmanage_may_2015
drbd9_and_drbdmanage_may_2015
 
Keynote: Apache HBase at Yahoo! Scale
Keynote: Apache HBase at Yahoo! ScaleKeynote: Apache HBase at Yahoo! Scale
Keynote: Apache HBase at Yahoo! Scale
 
Introduction to performance tuning perl web applications
Introduction to performance tuning perl web applicationsIntroduction to performance tuning perl web applications
Introduction to performance tuning perl web applications
 
Rhel4
Rhel4Rhel4
Rhel4
 
GopherFest 2017 - Adding Context to NATS
GopherFest 2017 - Adding Context to NATSGopherFest 2017 - Adding Context to NATS
GopherFest 2017 - Adding Context to NATS
 
DASH and HTTP2.0
DASH and HTTP2.0DASH and HTTP2.0
DASH and HTTP2.0
 
1. primary dns using bind for a and cname record for ipv4 and ipv6
1. primary dns using bind for a and cname record for ipv4 and ipv61. primary dns using bind for a and cname record for ipv4 and ipv6
1. primary dns using bind for a and cname record for ipv4 and ipv6
 
RabbitMQ - message broker
RabbitMQ - message brokerRabbitMQ - message broker
RabbitMQ - message broker
 
Samba Optimization and Speed Tuning f...
Samba Optimization and Speed Tuning f...Samba Optimization and Speed Tuning f...
Samba Optimization and Speed Tuning f...
 
Doing QoS Before Ceph Cluster QoS is available - David Byte, Alex Lau
Doing QoS Before Ceph Cluster QoS is available - David Byte, Alex LauDoing QoS Before Ceph Cluster QoS is available - David Byte, Alex Lau
Doing QoS Before Ceph Cluster QoS is available - David Byte, Alex Lau
 
Automatic Operation Bot for Ceph - You Ji
Automatic Operation Bot for Ceph - You JiAutomatic Operation Bot for Ceph - You Ji
Automatic Operation Bot for Ceph - You Ji
 
Scaling PostgreSQL with Skytools
Scaling PostgreSQL with SkytoolsScaling PostgreSQL with Skytools
Scaling PostgreSQL with Skytools
 
With one click
With one clickWith one click
With one click
 
MNPHP Scalable Architecture 101 - Feb 3 2011
MNPHP Scalable Architecture 101 - Feb 3 2011MNPHP Scalable Architecture 101 - Feb 3 2011
MNPHP Scalable Architecture 101 - Feb 3 2011
 

Semelhante a DNS Delegation

Windows most important server questions for l1 level
Windows most important server questions for l1 levelWindows most important server questions for l1 level
Windows most important server questions for l1 levelIICT Chromepet
 
Pmw2 k3ni 1-2b
Pmw2 k3ni 1-2bPmw2 k3ni 1-2b
Pmw2 k3ni 1-2bhariclant1
 
DNS_Tutorial 2.pptx
DNS_Tutorial 2.pptxDNS_Tutorial 2.pptx
DNS_Tutorial 2.pptxviditsir
 
Wireshark Lab DNS v6.01 Supplement to Computer Networkin.docx
Wireshark Lab DNS v6.01 Supplement to Computer Networkin.docxWireshark Lab DNS v6.01 Supplement to Computer Networkin.docx
Wireshark Lab DNS v6.01 Supplement to Computer Networkin.docxalanfhall8953
 
IGF 2023: DNS Privacy
IGF 2023: DNS PrivacyIGF 2023: DNS Privacy
IGF 2023: DNS PrivacyAPNIC
 
DNS and Troubleshooting DNS issues in Linux
DNS and Troubleshooting DNS issues in LinuxDNS and Troubleshooting DNS issues in Linux
DNS and Troubleshooting DNS issues in LinuxKonkona Basu
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016Maarten Balliauw
 
Pmw2 k3ni 1-3b
Pmw2 k3ni 1-3bPmw2 k3ni 1-3b
Pmw2 k3ni 1-3bhariclant1
 
Re-Engineering the Root of the DNS
Re-Engineering the Root of the DNSRe-Engineering the Root of the DNS
Re-Engineering the Root of the DNSAPNIC
 
Pmw2 k3ni 1-3a
Pmw2 k3ni 1-3aPmw2 k3ni 1-3a
Pmw2 k3ni 1-3ahariclant1
 
OARC 31: NSEC Caching Revisited
OARC 31: NSEC Caching RevisitedOARC 31: NSEC Caching Revisited
OARC 31: NSEC Caching RevisitedAPNIC
 
A Comprehensive Guide for DNS Cluster Configurations
A Comprehensive Guide for DNS Cluster ConfigurationsA Comprehensive Guide for DNS Cluster Configurations
A Comprehensive Guide for DNS Cluster ConfigurationsHTS Hosting
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Servervipulvaid
 
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]APNIC
 
bdNOG 7 - Re-engineering the DNS - one resolver at a time
bdNOG 7 - Re-engineering the DNS - one resolver at a timebdNOG 7 - Re-engineering the DNS - one resolver at a time
bdNOG 7 - Re-engineering the DNS - one resolver at a timeAPNIC
 
DNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealDNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealMaarten Balliauw
 

Semelhante a DNS Delegation (20)

Windows most important server questions for l1 level
Windows most important server questions for l1 levelWindows most important server questions for l1 level
Windows most important server questions for l1 level
 
Pmw2 k3ni 1-2b
Pmw2 k3ni 1-2bPmw2 k3ni 1-2b
Pmw2 k3ni 1-2b
 
DNS_Tutorial 2.pptx
DNS_Tutorial 2.pptxDNS_Tutorial 2.pptx
DNS_Tutorial 2.pptx
 
Wireshark Lab DNS v6.01 Supplement to Computer Networkin.docx
Wireshark Lab DNS v6.01 Supplement to Computer Networkin.docxWireshark Lab DNS v6.01 Supplement to Computer Networkin.docx
Wireshark Lab DNS v6.01 Supplement to Computer Networkin.docx
 
2 technical-dns-workshop-day1
2 technical-dns-workshop-day12 technical-dns-workshop-day1
2 technical-dns-workshop-day1
 
IGF 2023: DNS Privacy
IGF 2023: DNS PrivacyIGF 2023: DNS Privacy
IGF 2023: DNS Privacy
 
DNS and Troubleshooting DNS issues in Linux
DNS and Troubleshooting DNS issues in LinuxDNS and Troubleshooting DNS issues in Linux
DNS and Troubleshooting DNS issues in Linux
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016
 
Pmw2 k3ni 1-3b
Pmw2 k3ni 1-3bPmw2 k3ni 1-3b
Pmw2 k3ni 1-3b
 
Re-Engineering the Root of the DNS
Re-Engineering the Root of the DNSRe-Engineering the Root of the DNS
Re-Engineering the Root of the DNS
 
Re-Engineering the DNS – One Resolver at a Time
Re-Engineering the DNS – One Resolver at a Time Re-Engineering the DNS – One Resolver at a Time
Re-Engineering the DNS – One Resolver at a Time
 
Pmw2 k3ni 1-3a
Pmw2 k3ni 1-3aPmw2 k3ni 1-3a
Pmw2 k3ni 1-3a
 
Dns
DnsDns
Dns
 
OARC 31: NSEC Caching Revisited
OARC 31: NSEC Caching RevisitedOARC 31: NSEC Caching Revisited
OARC 31: NSEC Caching Revisited
 
A Comprehensive Guide for DNS Cluster Configurations
A Comprehensive Guide for DNS Cluster ConfigurationsA Comprehensive Guide for DNS Cluster Configurations
A Comprehensive Guide for DNS Cluster Configurations
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Server
 
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
What if everyone did it?, by Geoff Huston [APNIC 38 / APOPS 1]
 
Ch20 system administration
Ch20 system administration Ch20 system administration
Ch20 system administration
 
bdNOG 7 - Re-engineering the DNS - one resolver at a time
bdNOG 7 - Re-engineering the DNS - one resolver at a timebdNOG 7 - Re-engineering the DNS - one resolver at a time
bdNOG 7 - Re-engineering the DNS - one resolver at a time
 
DNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealDNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo Montreal
 

Mais de Andrii Gakhov

Let's start GraphQL: structure, behavior, and architecture
Let's start GraphQL: structure, behavior, and architectureLet's start GraphQL: structure, behavior, and architecture
Let's start GraphQL: structure, behavior, and architectureAndrii Gakhov
 
Exceeding Classical: Probabilistic Data Structures in Data Intensive Applicat...
Exceeding Classical: Probabilistic Data Structures in Data Intensive Applicat...Exceeding Classical: Probabilistic Data Structures in Data Intensive Applicat...
Exceeding Classical: Probabilistic Data Structures in Data Intensive Applicat...Andrii Gakhov
 
Too Much Data? - Just Sample, Just Hash, ...
Too Much Data? - Just Sample, Just Hash, ...Too Much Data? - Just Sample, Just Hash, ...
Too Much Data? - Just Sample, Just Hash, ...Andrii Gakhov
 
Implementing a Fileserver with Nginx and Lua
Implementing a Fileserver with Nginx and LuaImplementing a Fileserver with Nginx and Lua
Implementing a Fileserver with Nginx and LuaAndrii Gakhov
 
Pecha Kucha: Ukrainian Food Traditions
Pecha Kucha: Ukrainian Food TraditionsPecha Kucha: Ukrainian Food Traditions
Pecha Kucha: Ukrainian Food TraditionsAndrii Gakhov
 
Probabilistic data structures. Part 4. Similarity
Probabilistic data structures. Part 4. SimilarityProbabilistic data structures. Part 4. Similarity
Probabilistic data structures. Part 4. SimilarityAndrii Gakhov
 
Probabilistic data structures. Part 3. Frequency
Probabilistic data structures. Part 3. FrequencyProbabilistic data structures. Part 3. Frequency
Probabilistic data structures. Part 3. FrequencyAndrii Gakhov
 
Probabilistic data structures. Part 2. Cardinality
Probabilistic data structures. Part 2. CardinalityProbabilistic data structures. Part 2. Cardinality
Probabilistic data structures. Part 2. CardinalityAndrii Gakhov
 
Вероятностные структуры данных
Вероятностные структуры данныхВероятностные структуры данных
Вероятностные структуры данныхAndrii Gakhov
 
Recurrent Neural Networks. Part 1: Theory
Recurrent Neural Networks. Part 1: TheoryRecurrent Neural Networks. Part 1: Theory
Recurrent Neural Networks. Part 1: TheoryAndrii Gakhov
 
Apache Big Data Europe 2015: Selected Talks
Apache Big Data Europe 2015: Selected TalksApache Big Data Europe 2015: Selected Talks
Apache Big Data Europe 2015: Selected TalksAndrii Gakhov
 
Swagger / Quick Start Guide
Swagger / Quick Start GuideSwagger / Quick Start Guide
Swagger / Quick Start GuideAndrii Gakhov
 
API Days Berlin highlights
API Days Berlin highlightsAPI Days Berlin highlights
API Days Berlin highlightsAndrii Gakhov
 
ELK - What's new and showcases
ELK - What's new and showcasesELK - What's new and showcases
ELK - What's new and showcasesAndrii Gakhov
 
Apache Spark Overview @ ferret
Apache Spark Overview @ ferretApache Spark Overview @ ferret
Apache Spark Overview @ ferretAndrii Gakhov
 
Data Mining - lecture 8 - 2014
Data Mining - lecture 8 - 2014Data Mining - lecture 8 - 2014
Data Mining - lecture 8 - 2014Andrii Gakhov
 
Data Mining - lecture 7 - 2014
Data Mining - lecture 7 - 2014Data Mining - lecture 7 - 2014
Data Mining - lecture 7 - 2014Andrii Gakhov
 
Data Mining - lecture 6 - 2014
Data Mining - lecture 6 - 2014Data Mining - lecture 6 - 2014
Data Mining - lecture 6 - 2014Andrii Gakhov
 
Data Mining - lecture 5 - 2014
Data Mining - lecture 5 - 2014Data Mining - lecture 5 - 2014
Data Mining - lecture 5 - 2014Andrii Gakhov
 
Data Mining - lecture 4 - 2014
Data Mining - lecture 4 - 2014Data Mining - lecture 4 - 2014
Data Mining - lecture 4 - 2014Andrii Gakhov
 

Mais de Andrii Gakhov (20)

Let's start GraphQL: structure, behavior, and architecture
Let's start GraphQL: structure, behavior, and architectureLet's start GraphQL: structure, behavior, and architecture
Let's start GraphQL: structure, behavior, and architecture
 
Exceeding Classical: Probabilistic Data Structures in Data Intensive Applicat...
Exceeding Classical: Probabilistic Data Structures in Data Intensive Applicat...Exceeding Classical: Probabilistic Data Structures in Data Intensive Applicat...
Exceeding Classical: Probabilistic Data Structures in Data Intensive Applicat...
 
Too Much Data? - Just Sample, Just Hash, ...
Too Much Data? - Just Sample, Just Hash, ...Too Much Data? - Just Sample, Just Hash, ...
Too Much Data? - Just Sample, Just Hash, ...
 
Implementing a Fileserver with Nginx and Lua
Implementing a Fileserver with Nginx and LuaImplementing a Fileserver with Nginx and Lua
Implementing a Fileserver with Nginx and Lua
 
Pecha Kucha: Ukrainian Food Traditions
Pecha Kucha: Ukrainian Food TraditionsPecha Kucha: Ukrainian Food Traditions
Pecha Kucha: Ukrainian Food Traditions
 
Probabilistic data structures. Part 4. Similarity
Probabilistic data structures. Part 4. SimilarityProbabilistic data structures. Part 4. Similarity
Probabilistic data structures. Part 4. Similarity
 
Probabilistic data structures. Part 3. Frequency
Probabilistic data structures. Part 3. FrequencyProbabilistic data structures. Part 3. Frequency
Probabilistic data structures. Part 3. Frequency
 
Probabilistic data structures. Part 2. Cardinality
Probabilistic data structures. Part 2. CardinalityProbabilistic data structures. Part 2. Cardinality
Probabilistic data structures. Part 2. Cardinality
 
Вероятностные структуры данных
Вероятностные структуры данныхВероятностные структуры данных
Вероятностные структуры данных
 
Recurrent Neural Networks. Part 1: Theory
Recurrent Neural Networks. Part 1: TheoryRecurrent Neural Networks. Part 1: Theory
Recurrent Neural Networks. Part 1: Theory
 
Apache Big Data Europe 2015: Selected Talks
Apache Big Data Europe 2015: Selected TalksApache Big Data Europe 2015: Selected Talks
Apache Big Data Europe 2015: Selected Talks
 
Swagger / Quick Start Guide
Swagger / Quick Start GuideSwagger / Quick Start Guide
Swagger / Quick Start Guide
 
API Days Berlin highlights
API Days Berlin highlightsAPI Days Berlin highlights
API Days Berlin highlights
 
ELK - What's new and showcases
ELK - What's new and showcasesELK - What's new and showcases
ELK - What's new and showcases
 
Apache Spark Overview @ ferret
Apache Spark Overview @ ferretApache Spark Overview @ ferret
Apache Spark Overview @ ferret
 
Data Mining - lecture 8 - 2014
Data Mining - lecture 8 - 2014Data Mining - lecture 8 - 2014
Data Mining - lecture 8 - 2014
 
Data Mining - lecture 7 - 2014
Data Mining - lecture 7 - 2014Data Mining - lecture 7 - 2014
Data Mining - lecture 7 - 2014
 
Data Mining - lecture 6 - 2014
Data Mining - lecture 6 - 2014Data Mining - lecture 6 - 2014
Data Mining - lecture 6 - 2014
 
Data Mining - lecture 5 - 2014
Data Mining - lecture 5 - 2014Data Mining - lecture 5 - 2014
Data Mining - lecture 5 - 2014
 
Data Mining - lecture 4 - 2014
Data Mining - lecture 4 - 2014Data Mining - lecture 4 - 2014
Data Mining - lecture 4 - 2014
 

Último

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Último (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

DNS Delegation

  • 1. Load distributionLoad distribution with DNS Delegationwith DNS Delegation Andrii Gakhov, ferret go GmbHAndrii Gakhov, ferret go GmbH Lightning talk, Feb 14, 2018Lightning talk, Feb 14, 2018
  • 2. The ProblemThe Problem Balance the load without a single point of failureBalance the load without a single point of failure Balance the load geographicallyBalance the load geographically
  • 3. DNS DelegationDNS Delegation A technique to route usersA technique to route users to di erent application serversto di erent application servers by using DNS tricksby using DNS tricks
  • 4. DNS Delegation StepsDNS Delegation Steps For the target domainFor the target domain test.comtest.com we de ne a number of Nameserverswe de ne a number of Nameservers The zone le on each such Nameserver is di erentThe zone le on each such Nameserver is di erent in the way that it resolves A-record as its own IP Addressin the way that it resolves A-record as its own IP Address
  • 5. Theoretical ExampleTheoretical Example The zone le onThe zone le on ns1.test.comns1.test.com containscontains The zone le onThe zone le on ns2.test.comns2.test.com containscontains ns1.test.com A 192.0.0.1 ns2.test.com A 192.0.0.2 www.test.com NS ns1.test.com www.test.com NS ns2.test.com @ IN A 192.0.0.1 @ IN A 192.0.0.2
  • 6. How it worksHow it works User needs to resolve the domain's IP Address to visit itUser needs to resolve the domain's IP Address to visit it  He uses one of the nameservers con gured in his OS (e.g. 8.8.8.8)He uses one of the nameservers con gured in his OS (e.g. 8.8.8.8)  The nameserver resolves the list of the domain's NS serversThe nameserver resolves the list of the domain's NS servers and try them one after another in some orderand try them one after another in some order  If the selected NS is not available, next one will be triedIf the selected NS is not available, next one will be tried
  • 7. What if NS server is down?What if NS server is down? Intermediate nameservers cache the reponse,Intermediate nameservers cache the reponse, thus, if response is cached but the server is down,thus, if response is cached but the server is down, webservice isn't reachable by users, who use that nameserverswebservice isn't reachable by users, who use that nameservers  With smallWith small TTLTTL we can force intermediate nameserverswe can force intermediate nameservers to clean the cache and unblock those usersto clean the cache and unblock those users All other users will not be directed to the down NS server,All other users will not be directed to the down NS server, because their NS services don't respon toobecause their NS services don't respon too
  • 8. Notes and LimitationsNotes and Limitations Small TTL and many NS serversSmall TTL and many NS servers can increase the DNS tra ccan increase the DNS tra c All webservices have to be exactly sameAll webservices have to be exactly same and state has to managed in a distributed manner,and state has to managed in a distributed manner, because clients can switch between serversbecause clients can switch between servers many times during the sessionmany times during the session Practical limit is aboutPractical limit is about 36 NS36 NS servers per domainservers per domain
  • 9. Puppet examplePuppet example class { 'bind': # I use **aneesh-bind** module for Puppet listen_on => 'port 53 { any; }', listen_on_v6 => 'port 53 { ::1; }', allow_query => '{ any; }', allow_update => '{ none; }', allow_transfer => '{ none; }', recursion => 'no', auth_nxdomain => 'yes', zone => { 'test.com' => [ 'type master', 'file "test.com.db"', 'allow-transfer { none; }', 'allow-query { any; }', 'allow-update { none; }', ], }, }
  • 10. Create a zone le for theCreate a zone le for the test.comtest.com bind::zone_file { 'test.com.db': file_name => 'test.com.db', nameserver => 'ns1.test.com.', admin => 'admin.test.com.', ttl => '60', serial => '2018021304', refresh => '36', retry => '18', expire => '36', minimum => '36', records => [ '@ IN NS ns1.test.com.', '@ IN NS ns2.test.com.', '@ IN A 192.0.0.1', ], }
  • 11. Step by StepStep by Step
  • 12. Open 53Open 53 tcptcp andand udpudp ports for in/outports for in/out  Con gure puppet bind9 module with the zone leCon gure puppet bind9 module with the zone le  Deploy puppet con guration to the serverDeploy puppet con guration to the server 
  • 13. Check that zone le is correctCheck that zone le is correct  Check thatCheck that named.confnamed.conf has no errorshas no errors  named-checkzone test.com /etc/bind/zones/test.com.db named-checkconf /etc/bind/named.conf
  • 14. RestartRestart bind9bind9 and load the zone lesand load the zone les  Ensure everything works correctlyEnsure everything works correctly service bind9 restart rndc reconfig dig +noadditional +noquestion +nocomments +cmd +stats test.com. @ns1.test.com