[01:23] *** yuicat has quit IRC (Ping timeout: 268 seconds)
[01:24] *** yuicat has joined #arpnetworks
[09:21] *** RandalSchwartz has quit IRC (Ping timeout: 245 seconds)
[09:49] *** RandalSchwartz has joined #arpnetworks
[11:20] <nathani> Twitter DNS: ;; connection timed out; no servers could be reached
[11:25] <ant> yeah dyn.com is under attack (ddos)
[11:26] <mike-burns> Yup.
[11:26] <mike-burns> Maybe someone here can explain what's going on, though: why isn't secondary DNS a fix for this?
[11:26] <mike-burns> Or, do Twitter, GitHub, etc, not have secondaries?
[11:31] <ant> well, if secondary dns means using a second provider, then no, they don't
[11:31] <nathani> I'd like to know the scale of the DDOS in Gig/sec or Tbit/sec
[11:32] <ant> apparently dyn usually posts post-mortems, so when they're done mitigating they might post details
[11:33] <sjackso> seems like kayak might be their customer too, they're also having flaky dns
[11:33] <mike-burns> Today I learned that basically every Web site uses Dyn.
[11:36] <awyeah> lol wtf
[11:39] <ant> i actually didn't notice until someone commented about it on a mailing list...
[11:41] * brycec hasn't noticed either
[11:43] <brycec> Apparently I haven't tried to reach an affected site today. *shrug*
[11:44] <brycec> And now I get to feel good that the domains I maintain use secondaries on separate providers. :)
[11:51] <nathani> brycec: like he.net and cloudflare?
[11:52] <brycec> That's an example, sure.
[11:52] * brycec wonders if he can slave from Cloudflare
[11:55] *** pyvpx has quit IRC (Remote host closed the connection)
[12:12] <mkb> awsdns-52.com awsdns-21.co.uk awsdns-32.org awsdns-01.net
[12:12] <mkb> does amazon understand the purpose of a domain name?
[12:24] <brycec> Not sure I see your point (or understand the context)
[12:24] <mkb> I can understand registering the same domain under different tlds
[12:25] <mkb> presumably the tlds maintain distributed enough servers that them all having trouble at once is unlikely
[12:25] <mkb> the root zone certainly does and I'm pretty sure .com .net etc do, but who knows about the smaller tlds
[12:26] <mkb> but they've got awsdns-[00-63].com and I can't understand that
[12:28] <brycec> Ahh
[12:50] <mkb>  /win 4
[12:50] <mercutio>  /lose :)
[12:51] <mercutio> why don't twitter etc run their own dns :)
[12:51] <mercutio> it's not the first time there has been a long outage
[12:53] <mike-burns> Or have a secondary? That'd be a good start.
[13:10] <mercutio> i assume their provider wouldn't allow such a thing
[13:10] <mercutio> like they have some kind of exclusive agreement
[13:11] <mike-burns> That's a hilarious idea. I hope that's what happened.
[13:12] <mercutio> cloudflare only allows you to take over dns on normal accounts
[13:13] <mercutio> but some of the bigger ones want to advertise that the bigger companies rely on them
[13:42] <JC_Denton> i am glad Dyn is just a secondary for my sites
[13:42] <JC_Denton> good secondary dns is so hard to come by these days :(
[13:44] <mkb> what you really want is two competely separate servers run by completely separate groups
[13:44] <mkb> what people usually get is two servers sitting next to each other configured exactly the same
[13:44] <mercutio> haha
[13:44] <mercutio> you want multiple locations, with multiple servers
[13:44] <mercutio> the problem is how to sync them
[13:44] <mercutio> but as long as you take away order requirements etc it's pretty simple
[13:45] <mercutio> like you take away the requirement to be "in sync"
[13:45] <mercutio> which for things like twitter should be fine
[13:45] <mercutio> and so with your distributed web site, you host your dns on the same servers
[13:47] <mercutio> the master site with proxies from various locations will never be able to match performance wise
[13:49] <mkb> I'd like different hardware and even BIND in one place and NSD in the other...
[13:49] <mkb> different OSes
[13:49] <mkb> that's how you stop these pesky software bugs from killing everything all at once
[13:49] <mercutio> mkb: appraently knot suggested that you could run nsd and knot
[13:49] <mercutio> the idea of running bind is uh, ick.
[13:49] <mercutio> bind has had quite a lot of bugs that can crash the server yes
[13:50] <mkb> well yeah... I didn't know of any other dns servers
[13:50] <mercutio> knot is made by the same people as bird
[13:50] <mercutio> cz net (net.cz)
[13:50] <mkb> I thought isc made bind
[13:50] <mkb> ohbird
[13:50] <mercutio> https://www.knot-dns.cz/
[13:51] <mercutio> cz.nic
[13:51] <mercutio> not .net :)
[13:53] <mercutio> writing a dns server is probably as interesting as writing a routing daemon to most people.  ie not very interesting, but technically challenging
[13:53] <mercutio> so i suppose it makes sense to make both of them
[13:57] <mkb> ``With release version 1.2.0 the project was renamed Bundy to terminate ISC involvement in the project.''
[13:57] <mkb> concerning bind
[13:57] <mercutio> what
[13:58] <mkb> but it's not clear what that means because I thought BIND was already on version 9
[13:58] <staticsafe> BIND 10
[13:58] <staticsafe> BIND 9 is the one everyone should be using if they are using BIND
[13:58] <staticsafe> in fack 9.11 just came out with some big feature updates - https://www.isc.org/bind-9-11-new-features/
[13:58] <staticsafe> fact*
[13:59] <mkb> ``In addition to DNS service, the BIND10 suite also included IPv4 and IPv6 DHCP server components'' oh god it does everything
[13:59] <mercutio> bind 4 is when it was more stable
[14:00] <mkb> and what is with writing completely new software and naming it the same as something else
[14:00] <mercutio> it happens often mkb
[14:00] <mercutio> it's called refactoring
[14:00] <staticsafe> BIND 10 was supposed to be a refactor yeah
[14:00] <mercutio> it often takes years
[14:01] <mercutio> and then the old version adds features the new version doesn't have
[14:01] <mkb> but they're continuing to work on the old version
[14:01] <mercutio> adn there are incompatibilities and complications
[14:01] <mkb> so they've just made two programs with the same name
[14:01] <mercutio> and then peopel say they like the old version better than the new one
[14:01] <mercutio> often it's becuase someone thinks that everything should be OO
[14:01] <mkb> a real refactor is done gradually without a complete fork
[14:01] <mercutio> and that things should shift frmo C to C++
[14:01] <mercutio> maybe add better module system with more injunctions etc
[14:01] <mercutio> leading to confusing code mess
[14:02] <mercutio> i haven't seen any of the source for any bind
[14:02] <mercutio> i looked at some gnu source once though.  and i was disgusted :)
[14:03] <mkb> yeah the only way to find anything is grep
[14:03] <mercutio> i found openbsd soruce much easier to follow than linux source
[14:04] <mercutio> well with congestion control, initcwnd etc
[14:04] <mercutio> i hacked initcwnd into openbsd for testing myself before there was support heh
[14:05] <mkb> and they know how to do long-term refactors correctly too
[14:05] <mercutio> yeah
[14:05] <mercutio> openbsd is very good in that respect
[14:47] <nathani> If you were twitter, why wouldnt you swap out the name servers to an alternate backup provider
[14:47] <nathani> I mean they must have a copy of their own zone
[14:57] <staticsafe> github did that
[14:57] <staticsafe> I guess Twitter just decided to wait it out
[14:57] <staticsafe> or didn't have a contingency plan in place :>
[14:58] <nathani> reddit also?
[15:04] <mercutio> twitter and reddit are working fine for me
[15:12] <brycec> Reddit's hosted on Route53 according to my lookup just now, same as what Github switched to. (I don't know what Reddit was using before today)
[15:13] <mercutio> an iphone 7 exploded
[15:17] <mercutio> i thought reddit was on cloudflare
[15:17] <mercutio> hmm reddit is on fastly?
[15:18] <brycec> I just looked at the whois :p
[15:18] <brycec> Plain and simple
[15:18] <mercutio> i'm pretty sure reddit used to be on cloudflare
[15:19] <brycec> (It's not even a recent nameserver change according to whois, reddit.com's last registrar update was 7 September.
[15:19] <mercutio> i can't say i've checked often
[15:20] <mercutio> i really don't know how they compare
[15:21] <mercutio> cloudflare do dns fastly don't
[15:25] <mercutio> github uses fastly too
[16:01] *** Seji has quit IRC (*.net *.split)
[16:01] *** mjp_ has quit IRC (*.net *.split)
[16:01] *** yuicat has quit IRC (*.net *.split)
[16:01] *** reardencode has quit IRC (*.net *.split)
[16:01] *** forgotten has quit IRC (*.net *.split)
[16:01] *** nathani has quit IRC (*.net *.split)
[16:01] *** joepie91_ has quit IRC (*.net *.split)
[16:01] *** _iwc has quit IRC (*.net *.split)
[16:01] *** qbit has quit IRC (*.net *.split)
[16:01] *** fIorz has quit IRC (*.net *.split)
[16:01] *** dne has quit IRC (*.net *.split)
[16:01] *** sjackso has quit IRC (*.net *.split)
[16:01] *** toeshred has quit IRC (*.net *.split)
[16:01] *** gizmoguy has quit IRC (*.net *.split)
[16:01] *** neish has quit IRC (*.net *.split)
[16:01] *** mike-burns has quit IRC (*.net *.split)
[16:01] *** karstensrage has quit IRC (*.net *.split)
[16:01] *** mhoran has quit IRC (*.net *.split)
[16:01] *** toddf has quit IRC (*.net *.split)
[16:01] *** KILLALLHUMANS01 has quit IRC (*.net *.split)
[16:01] *** awyeah has quit IRC (*.net *.split)
[16:01] *** pjs has quit IRC (*.net *.split)
[16:01] *** carvite has quit IRC (*.net *.split)
[16:01] *** mrsaint has quit IRC (*.net *.split)
[16:01] *** eryc has quit IRC (*.net *.split)
[16:01] *** tooth has quit IRC (*.net *.split)
[16:01] *** mkb has quit IRC (*.net *.split)
[16:01] *** jcv has quit IRC (*.net *.split)
[16:01] *** RandalSchwartz has quit IRC (*.net *.split)
[16:01] *** trobotham has quit IRC (*.net *.split)
[16:01] *** hive-mind has quit IRC (*.net *.split)
[16:01] *** ant has quit IRC (*.net *.split)
[16:01] *** tabthorpe has quit IRC (*.net *.split)
[16:01] *** dj_goku has quit IRC (*.net *.split)
[16:01] *** JC_Denton has quit IRC (*.net *.split)
[16:01] *** mjp has joined #arpnetworks
[16:06] *** mjp is now known as 17SAAC40T
[16:06] *** hive-mind has joined #arpnetworks
[16:06] *** ant has joined #arpnetworks
[16:06] *** tabthorpe has joined #arpnetworks
[16:06] *** yuicat has joined #arpnetworks
[16:07] *** reardencode has joined #arpnetworks
[16:07] *** forgotten has joined #arpnetworks
[16:07] *** nathani has joined #arpnetworks
[16:07] *** joepie91_ has joined #arpnetworks
[16:07] *** awyeah has joined #arpnetworks
[16:07] *** pjs has joined #arpnetworks
[16:07] *** carvite has joined #arpnetworks
[16:07] *** mrsaint has joined #arpnetworks
[16:07] *** eryc has joined #arpnetworks
[16:07] *** tooth has joined #arpnetworks
[16:07] *** _iwc has joined #arpnetworks
[16:07] *** qbit has joined #arpnetworks
[16:07] *** dj_goku has joined #arpnetworks
[16:07] *** JC_Denton has joined #arpnetworks
[16:08] *** fIorz has joined #arpnetworks
[16:08] *** dne has joined #arpnetworks
[16:08] *** sjackso has joined #arpnetworks
[16:08] *** toeshred has joined #arpnetworks
[16:08] *** gizmoguy has joined #arpnetworks
[16:08] *** neish has joined #arpnetworks
[16:08] *** mike-burns has joined #arpnetworks
[16:08] *** karstensrage has joined #arpnetworks
[16:08] *** mhoran has joined #arpnetworks
[16:08] *** toddf has joined #arpnetworks
[16:08] *** KILLALLHUMANS01 has joined #arpnetworks
[16:08] *** tepper.freenode.net sets mode: +o toddf
[16:08] *** RandalSchwartz has joined #arpnetworks
[16:08] *** trobotham has joined #arpnetworks
[16:13] *** mkb has joined #arpnetworks
[16:13] *** jcv has joined #arpnetworks
[16:15] *** Seji has joined #arpnetworks
[17:11] *** qbit has quit IRC (Quit: WeeChat 1.5)
[17:15] *** qbit has joined #arpnetworks
[19:05] <nathani> thats interesting ... amazon.com uses dyn as some of it NS
[19:05] <nathani> in combination with ultradns
[19:13] <mkb> because they don't want their website to go down when aws gets attacked
[19:14] <up_the_irons> LOLZ