When the DDoS attack crushed Dyn last October, did your DNS fail? Heroku’s sure did. In response, Lex Neva deep dove into everything DNS to learn how to implement resilient DNS properly—reading RFCs, asking questions of pros, and performing real-world experiments when no one knew the answers. Join Lex to find out what does work and all the crazy details of DNS that he uncovered.
Opinions on how to react to a DDoS against your nameservers vastly differ. Some companies lowered the TTL for their in-zone NS records to make it easier to add a new nameserver in a crisis. Lex shares empirical proof that this doesn’t work.
Adding a redundant DNS server in advance is a good solution, but it can be much harder than it sounds. What can you do if your DNS records are heavily dynamic and your provider doesn’t offer AXFR support? Lex walks you through the options.
Even if you’re a seasoned DNS pro, you’ll be surprised by what you learn.
Lex Neva is a site reliability engineer at Heroku. Lex originally trained in computer science, but he found that he most enjoyed applying his software engineering skills to operations. Previously, he kept large services running at Linden Lab’s Second Life and DeviantArt.com. A veteran of many large incidents, Lex has strong opinions on incident response, retrospectives, on-call sustainability, and good development and release processes.
Comments on this page are now closed.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org