<!-- Some styling for better description lists --><style type='text/css'>dt { font-weight: bold;float: left;display:inline;margin-right: 1em} dd { display:block; margin-left: 2em}</style>
***: yuicat has joined #arpnetworks
<br> RandalSchwartz has quit IRC (Ping timeout: 245 seconds)
<br> RandalSchwartz has joined #arpnetworks
nathani: Twitter DNS: ;; connection timed out; no servers could be reached
ant: yeah dyn.com is under attack (ddos)
mike-burns: Yup.
<br> Maybe someone here can explain what's going on, though: why isn't secondary DNS a fix for this?
<br> Or, do Twitter, GitHub, etc, not have secondaries?
ant: well, if secondary dns means using a second provider, then no, they don't
nathani: I'd like to know the scale of the DDOS in Gig/sec or Tbit/sec
ant: apparently dyn usually posts post-mortems, so when they're done mitigating they might post details
sjackso: seems like kayak might be their customer too, they're also having flaky dns
mike-burns: Today I learned that basically every Web site uses Dyn.
awyeah: lol wtf
ant: i actually didn't notice until someone commented about it on a mailing list...
-: brycec hasn't noticed either
brycec: Apparently I haven't tried to reach an affected site today. *shrug*
<br> And now I get to feel good that the domains I maintain use secondaries on separate providers. :)
nathani: <u>brycec</u>: like he.net and cloudflare?
brycec: That's an example, sure.
-: brycec wonders if he can slave from Cloudflare
***: pyvpx has quit IRC (Remote host closed the connection)
mkb: awsdns-52.com awsdns-21.co.uk awsdns-32.org awsdns-01.net
<br> does amazon understand the purpose of a domain name?
brycec: Not sure I see your point (or understand the context)
mkb: I can understand registering the same domain under different tlds
<br> presumably the tlds maintain distributed enough servers that them all having trouble at once is unlikely
<br> the root zone certainly does and I'm pretty sure .com .net etc do, but who knows about the smaller tlds
<br> but they've got awsdns-[00-63].com and I can't understand that
brycec: Ahh
mkb: /win 4
mercutio: /lose :)
<br> why don't twitter etc run their own dns :)
<br> it's not the first time there has been a long outage
mike-burns: Or have a secondary? That'd be a good start.
mercutio: i assume their provider wouldn't allow such a thing
<br> like they have some kind of exclusive agreement
mike-burns: That's a hilarious idea. I hope that's what happened.
mercutio: cloudflare only allows you to take over dns on normal accounts
<br> but some of the bigger ones want to advertise that the bigger companies rely on them
JC_Denton: i am glad Dyn is just a secondary for my sites
<br> good secondary dns is so hard to come by these days :(
mkb: what you really want is two competely separate servers run by completely separate groups
<br> what people usually get is two servers sitting next to each other configured exactly the same
mercutio: haha
<br> you want multiple locations, with multiple servers
<br> the problem is how to sync them
<br> but as long as you take away order requirements etc it's pretty simple
<br> like you take away the requirement to be "in sync"
<br> which for things like twitter should be fine
<br> and so with your distributed web site, you host your dns on the same servers
<br> the master site with proxies from various locations will never be able to match performance wise
mkb: I'd like different hardware and even BIND in one place and NSD in the other...
<br> different OSes
<br> that's how you stop these pesky software bugs from killing everything all at once
mercutio: <u>mkb</u>: appraently knot suggested that you could run nsd and knot
<br> the idea of running bind is uh, ick.
<br> bind has had quite a lot of bugs that can crash the server yes
mkb: well yeah... I didn't know of any other dns servers
mercutio: knot is made by the same people as bird
<br> cz net (net.cz)
mkb: I thought isc made bind
<br> ohbird
mercutio: https://www.knot-dns.cz/
<br> cz.nic
<br> not .net :)
<br> writing a dns server is probably as interesting as writing a routing daemon to most people. ie not very interesting, but technically challenging
<br> so i suppose it makes sense to make both of them
mkb: ``With release version 1.2.0 the project was renamed Bundy to terminate ISC involvement in the project.''
<br> concerning bind
mercutio: what
mkb: but it's not clear what that means because I thought BIND was already on version 9
staticsafe: BIND 10
<br> BIND 9 is the one everyone should be using if they are using BIND
<br> in fack 9.11 just came out with some big feature updates - https://www.isc.org/bind-9-11-new-features/
<br> fact*
mkb: ``In addition to DNS service, the BIND10 suite also included IPv4 and IPv6 DHCP server components'' oh god it does everything
mercutio: bind 4 is when it was more stable
mkb: and what is with writing completely new software and naming it the same as something else
mercutio: it happens often mkb
<br> it's called refactoring
staticsafe: BIND 10 was supposed to be a refactor yeah
mercutio: it often takes years
<br> and then the old version adds features the new version doesn't have
mkb: but they're continuing to work on the old version
mercutio: adn there are incompatibilities and complications
mkb: so they've just made two programs with the same name
mercutio: and then peopel say they like the old version better than the new one
<br> often it's becuase someone thinks that everything should be OO
mkb: a real refactor is done gradually without a complete fork
mercutio: and that things should shift frmo C to C++
<br> maybe add better module system with more injunctions etc
<br> leading to confusing code mess
<br> i haven't seen any of the source for any bind
<br> i looked at some gnu source once though. and i was disgusted :)
mkb: yeah the only way to find anything is grep
mercutio: i found openbsd soruce much easier to follow than linux source
<br> well with congestion control, initcwnd etc
<br> i hacked initcwnd into openbsd for testing myself before there was support heh
mkb: and they know how to do long-term refactors correctly too
mercutio: yeah
<br> openbsd is very good in that respect
nathani: If you were twitter, why wouldnt you swap out the name servers to an alternate backup provider
<br> I mean they must have a copy of their own zone
staticsafe: github did that
<br> I guess Twitter just decided to wait it out
<br> or didn't have a contingency plan in place :>
nathani: reddit also?
mercutio: twitter and reddit are working fine for me
brycec: Reddit's hosted on Route53 according to my lookup just now, same as what Github switched to. (I don't know what Reddit was using before today)
mercutio: an iphone 7 exploded
<br> i thought reddit was on cloudflare
<br> hmm reddit is on fastly?
brycec: I just looked at the whois :p
<br> Plain and simple
mercutio: i'm pretty sure reddit used to be on cloudflare
brycec: (It's not even a recent nameserver change according to whois, reddit.com's last registrar update was 7 September.
mercutio: i can't say i've checked often
<br> i really don't know how they compare
<br> cloudflare do dns fastly don't
<br> github uses fastly too
***: Seji has quit IRC (*.net *.split)
<br> mjp_ has quit IRC (*.net *.split)
<br> yuicat has quit IRC (*.net *.split)
<br> reardencode has quit IRC (*.net *.split)
<br> forgotten has quit IRC (*.net *.split)
<br> nathani has quit IRC (*.net *.split)
<br> joepie91_ has quit IRC (*.net *.split)
<br> _iwc has quit IRC (*.net *.split)
<br> qbit has quit IRC (*.net *.split)
<br> fIorz has quit IRC (*.net *.split)
<br> dne has quit IRC (*.net *.split)
<br> sjackso has quit IRC (*.net *.split)
<br> toeshred has quit IRC (*.net *.split)
<br> gizmoguy has quit IRC (*.net *.split)
<br> neish has quit IRC (*.net *.split)
<br> mike-burns has quit IRC (*.net *.split)
<br> karstensrage has quit IRC (*.net *.split)
<br> mhoran has quit IRC (*.net *.split)
<br> toddf has quit IRC (*.net *.split)
<br> KILLALLHUMANS01 has quit IRC (*.net *.split)
<br> awyeah has quit IRC (*.net *.split)
<br> pjs has quit IRC (*.net *.split)
<br> carvite has quit IRC (*.net *.split)
<br> mrsaint has quit IRC (*.net *.split)
<br> eryc has quit IRC (*.net *.split)
<br> tooth has quit IRC (*.net *.split)
<br> mkb has quit IRC (*.net *.split)
<br> jcv has quit IRC (*.net *.split)
<br> RandalSchwartz has quit IRC (*.net *.split)
<br> trobotham has quit IRC (*.net *.split)
<br> hive-mind has quit IRC (*.net *.split)
<br> ant has quit IRC (*.net *.split)
<br> tabthorpe has quit IRC (*.net *.split)
<br> dj_goku has quit IRC (*.net *.split)
<br> JC_Denton has quit IRC (*.net *.split)
<br> mjp has joined #arpnetworks
<br> mjp is now known as 17SAAC40T
<br> hive-mind has joined #arpnetworks
<br> ant has joined #arpnetworks
<br> tabthorpe has joined #arpnetworks
<br> yuicat has joined #arpnetworks
<br> reardencode has joined #arpnetworks
<br> forgotten has joined #arpnetworks
<br> nathani has joined #arpnetworks
<br> joepie91_ has joined #arpnetworks
<br> awyeah has joined #arpnetworks
<br> pjs has joined #arpnetworks
<br> carvite has joined #arpnetworks
<br> mrsaint has joined #arpnetworks
<br> eryc has joined #arpnetworks
<br> tooth has joined #arpnetworks
<br> _iwc has joined #arpnetworks
<br> qbit has joined #arpnetworks
<br> dj_goku has joined #arpnetworks
<br> JC_Denton has joined #arpnetworks
<br> fIorz has joined #arpnetworks
<br> dne has joined #arpnetworks
<br> sjackso has joined #arpnetworks
<br> toeshred has joined #arpnetworks
<br> gizmoguy has joined #arpnetworks
<br> neish has joined #arpnetworks
<br> mike-burns has joined #arpnetworks
<br> karstensrage has joined #arpnetworks
<br> mhoran has joined #arpnetworks
<br> toddf has joined #arpnetworks
<br> KILLALLHUMANS01 has joined #arpnetworks
<br> tepper.freenode.net sets mode: +o toddf
<br> RandalSchwartz has joined #arpnetworks
<br> trobotham has joined #arpnetworks
<br> mkb has joined #arpnetworks
<br> jcv has joined #arpnetworks
<br> Seji has joined #arpnetworks
<br> qbit has quit IRC (Quit: WeeChat 1.5)
<br> qbit has joined #arpnetworks
nathani: thats interesting ... amazon.com uses dyn as some of it NS
<br> in combination with ultradns
mkb: because they don't want their website to go down when aws gets attacked
up_the_irons: LOLZ