#arpnetworks 2016-10-21,Fri

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***yuicat has quit IRC (Ping timeout: 268 seconds)
yuicat has joined #arpnetworks
[01:23]
................................................................................................ (idle for 7h57mn)
RandalSchwartz has quit IRC (Ping timeout: 245 seconds) [09:21]
...... (idle for 28mn)
RandalSchwartz has joined #arpnetworks [09:49]
................... (idle for 1h31mn)
nathaniTwitter DNS: ;; connection timed out; no servers could be reached [11:20]
antyeah dyn.com is under attack (ddos) [11:25]
mike-burnsYup.
Maybe someone here can explain what's going on, though: why isn't secondary DNS a fix for this?
Or, do Twitter, GitHub, etc, not have secondaries?
[11:26]
antwell, if secondary dns means using a second provider, then no, they don't [11:31]
nathaniI'd like to know the scale of the DDOS in Gig/sec or Tbit/sec [11:31]
antapparently dyn usually posts post-mortems, so when they're done mitigating they might post details [11:32]
sjacksoseems like kayak might be their customer too, they're also having flaky dns [11:33]
mike-burnsToday I learned that basically every Web site uses Dyn. [11:33]
awyeahlol wtf [11:36]
anti actually didn't notice until someone commented about it on a mailing list... [11:39]
brycecbrycec hasn't noticed either
Apparently I haven't tried to reach an affected site today. *shrug*
And now I get to feel good that the domains I maintain use secondaries on separate providers. :)
[11:41]
nathanibrycec: like he.net and cloudflare? [11:51]
brycecThat's an example, sure.
brycec wonders if he can slave from Cloudflare
[11:52]
***pyvpx has quit IRC (Remote host closed the connection) [11:55]
.... (idle for 17mn)
mkbawsdns-52.com awsdns-21.co.uk awsdns-32.org awsdns-01.net
does amazon understand the purpose of a domain name?
[12:12]
brycecNot sure I see your point (or understand the context) [12:24]
mkbI can understand registering the same domain under different tlds
presumably the tlds maintain distributed enough servers that them all having trouble at once is unlikely
the root zone certainly does and I'm pretty sure .com .net etc do, but who knows about the smaller tlds
but they've got awsdns-[00-63].com and I can't understand that
[12:24]
brycecAhh [12:28]
..... (idle for 22mn)
mkb/win 4 [12:50]
mercutio/lose :)
why don't twitter etc run their own dns :)
it's not the first time there has been a long outage
[12:50]
mike-burnsOr have a secondary? That'd be a good start. [12:53]
.... (idle for 17mn)
mercutioi assume their provider wouldn't allow such a thing
like they have some kind of exclusive agreement
[13:10]
mike-burnsThat's a hilarious idea. I hope that's what happened. [13:11]
mercutiocloudflare only allows you to take over dns on normal accounts
but some of the bigger ones want to advertise that the bigger companies rely on them
[13:12]
...... (idle for 29mn)
JC_Dentoni am glad Dyn is just a secondary for my sites
good secondary dns is so hard to come by these days :(
[13:42]
mkbwhat you really want is two competely separate servers run by completely separate groups
what people usually get is two servers sitting next to each other configured exactly the same
[13:44]
mercutiohaha
you want multiple locations, with multiple servers
the problem is how to sync them
but as long as you take away order requirements etc it's pretty simple
like you take away the requirement to be "in sync"
which for things like twitter should be fine
and so with your distributed web site, you host your dns on the same servers
the master site with proxies from various locations will never be able to match performance wise
[13:44]
mkbI'd like different hardware and even BIND in one place and NSD in the other...
different OSes
that's how you stop these pesky software bugs from killing everything all at once
[13:49]
mercutiomkb: appraently knot suggested that you could run nsd and knot
the idea of running bind is uh, ick.
bind has had quite a lot of bugs that can crash the server yes
[13:49]
mkbwell yeah... I didn't know of any other dns servers [13:50]
mercutioknot is made by the same people as bird
cz net (net.cz)
[13:50]
mkbI thought isc made bind
ohbird
[13:50]
mercutiohttps://www.knot-dns.cz/
cz.nic
not .net :)
writing a dns server is probably as interesting as writing a routing daemon to most people. ie not very interesting, but technically challenging
so i suppose it makes sense to make both of them
[13:50]
mkb``With release version 1.2.0 the project was renamed Bundy to terminate ISC involvement in the project.''
concerning bind
[13:57]
mercutiowhat [13:57]
mkbbut it's not clear what that means because I thought BIND was already on version 9 [13:58]
staticsafeBIND 10
BIND 9 is the one everyone should be using if they are using BIND
in fack 9.11 just came out with some big feature updates - https://www.isc.org/bind-9-11-new-features/
fact*
[13:58]
mkb``In addition to DNS service, the BIND10 suite also included IPv4 and IPv6 DHCP server components'' oh god it does everything [13:59]
mercutiobind 4 is when it was more stable [13:59]
mkband what is with writing completely new software and naming it the same as something else [14:00]
mercutioit happens often mkb
it's called refactoring
[14:00]
staticsafeBIND 10 was supposed to be a refactor yeah [14:00]
mercutioit often takes years
and then the old version adds features the new version doesn't have
[14:00]
mkbbut they're continuing to work on the old version [14:01]
mercutioadn there are incompatibilities and complications [14:01]
mkbso they've just made two programs with the same name [14:01]
mercutioand then peopel say they like the old version better than the new one
often it's becuase someone thinks that everything should be OO
[14:01]
mkba real refactor is done gradually without a complete fork [14:01]
mercutioand that things should shift frmo C to C++
maybe add better module system with more injunctions etc
leading to confusing code mess
i haven't seen any of the source for any bind
i looked at some gnu source once though. and i was disgusted :)
[14:01]
mkbyeah the only way to find anything is grep [14:03]
mercutioi found openbsd soruce much easier to follow than linux source
well with congestion control, initcwnd etc
i hacked initcwnd into openbsd for testing myself before there was support heh
[14:03]
mkband they know how to do long-term refactors correctly too [14:05]
mercutioyeah
openbsd is very good in that respect
[14:05]
......... (idle for 42mn)
nathaniIf you were twitter, why wouldnt you swap out the name servers to an alternate backup provider
I mean they must have a copy of their own zone
[14:47]
staticsafegithub did that
I guess Twitter just decided to wait it out
or didn't have a contingency plan in place :>
[14:57]
nathanireddit also? [14:58]
mercutiotwitter and reddit are working fine for me [15:04]
brycecReddit's hosted on Route53 according to my lookup just now, same as what Github switched to. (I don't know what Reddit was using before today) [15:12]
mercutioan iphone 7 exploded
i thought reddit was on cloudflare
hmm reddit is on fastly?
[15:13]
brycecI just looked at the whois :p
Plain and simple
[15:18]
mercutioi'm pretty sure reddit used to be on cloudflare [15:18]
brycec(It's not even a recent nameserver change according to whois, reddit.com's last registrar update was 7 September. [15:19]
mercutioi can't say i've checked often
i really don't know how they compare
cloudflare do dns fastly don't
github uses fastly too
[15:19]
........ (idle for 36mn)
***Seji has quit IRC (*.net *.split)
mjp_ has quit IRC (*.net *.split)
yuicat has quit IRC (*.net *.split)
reardencode has quit IRC (*.net *.split)
forgotten has quit IRC (*.net *.split)
nathani has quit IRC (*.net *.split)
joepie91_ has quit IRC (*.net *.split)
_iwc has quit IRC (*.net *.split)
qbit has quit IRC (*.net *.split)
fIorz has quit IRC (*.net *.split)
dne has quit IRC (*.net *.split)
sjackso has quit IRC (*.net *.split)
toeshred has quit IRC (*.net *.split)
gizmoguy has quit IRC (*.net *.split)
neish has quit IRC (*.net *.split)
mike-burns has quit IRC (*.net *.split)
karstensrage has quit IRC (*.net *.split)
mhoran has quit IRC (*.net *.split)
toddf has quit IRC (*.net *.split)
KILLALLHUMANS01 has quit IRC (*.net *.split)
awyeah has quit IRC (*.net *.split)
pjs has quit IRC (*.net *.split)
carvite has quit IRC (*.net *.split)
mrsaint has quit IRC (*.net *.split)
eryc has quit IRC (*.net *.split)
tooth has quit IRC (*.net *.split)
mkb has quit IRC (*.net *.split)
jcv has quit IRC (*.net *.split)
RandalSchwartz has quit IRC (*.net *.split)
trobotham has quit IRC (*.net *.split)
hive-mind has quit IRC (*.net *.split)
ant has quit IRC (*.net *.split)
tabthorpe has quit IRC (*.net *.split)
dj_goku has quit IRC (*.net *.split)
JC_Denton has quit IRC (*.net *.split)
mjp has joined #arpnetworks
[16:01]
mjp is now known as 17SAAC40T
hive-mind has joined #arpnetworks
ant has joined #arpnetworks
tabthorpe has joined #arpnetworks
yuicat has joined #arpnetworks
reardencode has joined #arpnetworks
forgotten has joined #arpnetworks
nathani has joined #arpnetworks
joepie91_ has joined #arpnetworks
awyeah has joined #arpnetworks
pjs has joined #arpnetworks
carvite has joined #arpnetworks
mrsaint has joined #arpnetworks
eryc has joined #arpnetworks
tooth has joined #arpnetworks
_iwc has joined #arpnetworks
qbit has joined #arpnetworks
dj_goku has joined #arpnetworks
JC_Denton has joined #arpnetworks
fIorz has joined #arpnetworks
dne has joined #arpnetworks
sjackso has joined #arpnetworks
toeshred has joined #arpnetworks
gizmoguy has joined #arpnetworks
neish has joined #arpnetworks
mike-burns has joined #arpnetworks
karstensrage has joined #arpnetworks
mhoran has joined #arpnetworks
toddf has joined #arpnetworks
KILLALLHUMANS01 has joined #arpnetworks
tepper.freenode.net sets mode: +o toddf
RandalSchwartz has joined #arpnetworks
trobotham has joined #arpnetworks
[16:06]
mkb has joined #arpnetworks
jcv has joined #arpnetworks
Seji has joined #arpnetworks
[16:13]
............ (idle for 56mn)
qbit has quit IRC (Quit: WeeChat 1.5)
qbit has joined #arpnetworks
[17:11]
....................... (idle for 1h50mn)
nathanithats interesting ... amazon.com uses dyn as some of it NS
in combination with ultradns
[19:05]
mkbbecause they don't want their website to go down when aws gets attacked [19:13]
up_the_ironsLOLZ [19:14]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)