When the DDoS attack crushed Dyn last October, did your DNS fail? Heroku’s sure did. In response, Lex Neva deep dove into everything DNS to learn how to implement resilient DNS properly—reading RFCs, asking questions of pros, and performing real-world experiments when no one knew the answers. Join Lex to find out what does work and all the crazy details of DNS that he uncovered.
Opinions on how to react to a DDoS against your nameservers vastly differ. Some companies lowered the TTL for their in-zone NS records to make it easier to add a new nameserver in a crisis. Lex shares empirical proof that this doesn’t work.
Adding a redundant DNS server in advance is a good solution, but it can be much harder than it sounds. What can you do if your DNS records are heavily dynamic and your provider doesn’t offer AXFR support? Lex walks you through the options.
Even if you’re a seasoned DNS pro, you’ll be surprised by what you learn.
Lex Neva is a site reliability engineer at Heroku. Lex originally trained in computer science, but he found that he most enjoyed applying his software engineering skills to operations. Previously, he kept large services running at Linden Lab’s Second Life and DeviantArt.com. A veteran of many large incidents, Lex has strong opinions on incident response, retrospectives, on-call sustainability, and good development and release processes.
Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?
Join the conversation here (requires login)
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org