***: yuicat has joined #arpnetworks
RandalSchwartz has quit IRC (Ping timeout: 245 seconds)
RandalSchwartz has joined #arpnetworks
nathani: Twitter DNS: ;; connection timed out; no servers could be reached
ant: yeah dyn.com is under attack (ddos)
mike-burns: Yup.
Maybe someone here can explain what's going on, though: why isn't secondary DNS a fix for this?
Or, do Twitter, GitHub, etc, not have secondaries?
ant: well, if secondary dns means using a second provider, then no, they don't
nathani: I'd like to know the scale of the DDOS in Gig/sec or Tbit/sec
ant: apparently dyn usually posts post-mortems, so when they're done mitigating they might post details
sjackso: seems like kayak might be their customer too, they're also having flaky dns
mike-burns: Today I learned that basically every Web site uses Dyn.
awyeah: lol wtf
ant: i actually didn't notice until someone commented about it on a mailing list...
-: brycec hasn't noticed either
brycec: Apparently I haven't tried to reach an affected site today. *shrug*
And now I get to feel good that the domains I maintain use secondaries on separate providers. :)
nathani: brycec: like he.net and cloudflare?
brycec: That's an example, sure.
-: brycec wonders if he can slave from Cloudflare
***: pyvpx has quit IRC (Remote host closed the connection)
mkb: awsdns-52.com awsdns-21.co.uk awsdns-32.org awsdns-01.net
does amazon understand the purpose of a domain name?
brycec: Not sure I see your point (or understand the context)
mkb: I can understand registering the same domain under different tlds
presumably the tlds maintain distributed enough servers that them all having trouble at once is unlikely
the root zone certainly does and I'm pretty sure .com .net etc do, but who knows about the smaller tlds
but they've got awsdns-[00-63].com and I can't understand that
brycec: Ahh
mkb: /win 4
mercutio: /lose :)
why don't twitter etc run their own dns :)
it's not the first time there has been a long outage
mike-burns: Or have a secondary? That'd be a good start.
mercutio: i assume their provider wouldn't allow such a thing
like they have some kind of exclusive agreement
mike-burns: That's a hilarious idea. I hope that's what happened.
mercutio: cloudflare only allows you to take over dns on normal accounts
but some of the bigger ones want to advertise that the bigger companies rely on them
JC_Denton: i am glad Dyn is just a secondary for my sites
good secondary dns is so hard to come by these days :(
mkb: what you really want is two competely separate servers run by completely separate groups
what people usually get is two servers sitting next to each other configured exactly the same
mercutio: haha
you want multiple locations, with multiple servers
the problem is how to sync them
but as long as you take away order requirements etc it's pretty simple
like you take away the requirement to be "in sync"
which for things like twitter should be fine
and so with your distributed web site, you host your dns on the same servers
the master site with proxies from various locations will never be able to match performance wise
mkb: I'd like different hardware and even BIND in one place and NSD in the other...
different OSes
that's how you stop these pesky software bugs from killing everything all at once
mercutio: mkb: appraently knot suggested that you could run nsd and knot
the idea of running bind is uh, ick.
bind has had quite a lot of bugs that can crash the server yes
mkb: well yeah... I didn't know of any other dns servers
mercutio: knot is made by the same people as bird
cz net (net.cz)
mkb: I thought isc made bind
ohbird
mercutio: https://www.knot-dns.cz/
cz.nic
not .net :)
writing a dns server is probably as interesting as writing a routing daemon to most people. ie not very interesting, but technically challenging
so i suppose it makes sense to make both of them
mkb: ``With release version 1.2.0 the project was renamed Bundy to terminate ISC involvement in the project.''
concerning bind
mercutio: what
mkb: but it's not clear what that means because I thought BIND was already on version 9
staticsafe: BIND 10
BIND 9 is the one everyone should be using if they are using BIND
in fack 9.11 just came out with some big feature updates - https://www.isc.org/bind-9-11-new-features/
fact*
mkb: ``In addition to DNS service, the BIND10 suite also included IPv4 and IPv6 DHCP server components'' oh god it does everything
mercutio: bind 4 is when it was more stable
mkb: and what is with writing completely new software and naming it the same as something else
mercutio: it happens often mkb
it's called refactoring
staticsafe: BIND 10 was supposed to be a refactor yeah
mercutio: it often takes years
and then the old version adds features the new version doesn't have
mkb: but they're continuing to work on the old version
mercutio: adn there are incompatibilities and complications
mkb: so they've just made two programs with the same name
mercutio: and then peopel say they like the old version better than the new one
often it's becuase someone thinks that everything should be OO
mkb: a real refactor is done gradually without a complete fork
mercutio: and that things should shift frmo C to C++
maybe add better module system with more injunctions etc
leading to confusing code mess
i haven't seen any of the source for any bind
i looked at some gnu source once though. and i was disgusted :)
mkb: yeah the only way to find anything is grep
mercutio: i found openbsd soruce much easier to follow than linux source
well with congestion control, initcwnd etc
i hacked initcwnd into openbsd for testing myself before there was support heh
mkb: and they know how to do long-term refactors correctly too
mercutio: yeah
openbsd is very good in that respect
nathani: If you were twitter, why wouldnt you swap out the name servers to an alternate backup provider
I mean they must have a copy of their own zone
staticsafe: github did that
I guess Twitter just decided to wait it out
or didn't have a contingency plan in place :>
nathani: reddit also?
mercutio: twitter and reddit are working fine for me
brycec: Reddit's hosted on Route53 according to my lookup just now, same as what Github switched to. (I don't know what Reddit was using before today)
mercutio: an iphone 7 exploded
i thought reddit was on cloudflare
hmm reddit is on fastly?
brycec: I just looked at the whois :p
Plain and simple
mercutio: i'm pretty sure reddit used to be on cloudflare
brycec: (It's not even a recent nameserver change according to whois, reddit.com's last registrar update was 7 September.
mercutio: i can't say i've checked often
i really don't know how they compare
cloudflare do dns fastly don't
github uses fastly too
***: Seji has quit IRC (*.net *.split)
mjp_ has quit IRC (*.net *.split)
yuicat has quit IRC (*.net *.split)
reardencode has quit IRC (*.net *.split)
forgotten has quit IRC (*.net *.split)
nathani has quit IRC (*.net *.split)
joepie91_ has quit IRC (*.net *.split)
_iwc has quit IRC (*.net *.split)
qbit has quit IRC (*.net *.split)
fIorz has quit IRC (*.net *.split)
dne has quit IRC (*.net *.split)
sjackso has quit IRC (*.net *.split)
toeshred has quit IRC (*.net *.split)
gizmoguy has quit IRC (*.net *.split)
neish has quit IRC (*.net *.split)
mike-burns has quit IRC (*.net *.split)
karstensrage has quit IRC (*.net *.split)
mhoran has quit IRC (*.net *.split)
toddf has quit IRC (*.net *.split)
KILLALLHUMANS01 has quit IRC (*.net *.split)
awyeah has quit IRC (*.net *.split)
pjs has quit IRC (*.net *.split)
carvite has quit IRC (*.net *.split)
mrsaint has quit IRC (*.net *.split)
eryc has quit IRC (*.net *.split)
tooth has quit IRC (*.net *.split)
mkb has quit IRC (*.net *.split)
jcv has quit IRC (*.net *.split)
RandalSchwartz has quit IRC (*.net *.split)
trobotham has quit IRC (*.net *.split)
hive-mind has quit IRC (*.net *.split)
ant has quit IRC (*.net *.split)
tabthorpe has quit IRC (*.net *.split)
dj_goku has quit IRC (*.net *.split)
JC_Denton has quit IRC (*.net *.split)
mjp has joined #arpnetworks
mjp is now known as 17SAAC40T
hive-mind has joined #arpnetworks
ant has joined #arpnetworks
tabthorpe has joined #arpnetworks
yuicat has joined #arpnetworks
reardencode has joined #arpnetworks
forgotten has joined #arpnetworks
nathani has joined #arpnetworks
joepie91_ has joined #arpnetworks
awyeah has joined #arpnetworks
pjs has joined #arpnetworks
carvite has joined #arpnetworks
mrsaint has joined #arpnetworks
eryc has joined #arpnetworks
tooth has joined #arpnetworks
_iwc has joined #arpnetworks
qbit has joined #arpnetworks
dj_goku has joined #arpnetworks
JC_Denton has joined #arpnetworks
fIorz has joined #arpnetworks
dne has joined #arpnetworks
sjackso has joined #arpnetworks
toeshred has joined #arpnetworks
gizmoguy has joined #arpnetworks
neish has joined #arpnetworks
mike-burns has joined #arpnetworks
karstensrage has joined #arpnetworks
mhoran has joined #arpnetworks
toddf has joined #arpnetworks
KILLALLHUMANS01 has joined #arpnetworks
tepper.freenode.net sets mode: +o toddf
RandalSchwartz has joined #arpnetworks
trobotham has joined #arpnetworks
mkb has joined #arpnetworks
jcv has joined #arpnetworks
Seji has joined #arpnetworks
qbit has quit IRC (Quit: WeeChat 1.5)
qbit has joined #arpnetworks
nathani: thats interesting ... amazon.com uses dyn as some of it NS
in combination with ultradns
mkb: because they don't want their website to go down when aws gets attacked
up_the_irons: LOLZ