InfoQ Homepage DNS Content on InfoQ
-
Race Condition in DynamoDB DNS System: Analyzing the AWS US-EAST-1 Outage
On October 19th and 20th, AWS experienced an extended outage triggered by a failure in Amazon DynamoDB that affected most services in its most popular region, Northern Virginia. The cloud provider released an analysis of the incident, sparking discussions in the community about redundancy on AWS, moving out of public cloud, and multi-region approaches.
-
New DNS Armor Service Helps Google Cloud Workloads Preemptively Block Cyber Threats
Google Cloud's DNS Armor, in partnership with Infoblox, offers a vital layer of security against DNS-based threats for Google Cloud workloads. Utilizing advanced threat detection and machine learning, it identifies and mitigates risks like malware and data exfiltration, ensuring robust protection without impacting performance. Deployable as a managed service providing seamless control for users.
-
AWS CloudFront Adds HTTPS DNS Support
Amazon CloudFront now supports HTTPS DNS alias records in Route 53, streamlining DNS lookups by returning protocol details alongside IP addresses. This innovation accelerates page loads, enhances security against downgrade attacks, and eliminates DNS costs. With wide browser support, it significantly boosts performance and reduces operational expenses for users.
-
Mitmproxy 11 Released: Full HTTP/3 Support and DNS Enhancements
Mitmproxy released version 11, introducing some upgrades, including full support for HTTP/3 in both transparent and reverse proxy modes. Alongside the HTTP/3 advancements, this release brings a range of DNS-related improvements, enhanced privacy features, and better handling of modern web protocols.
-
Slack Migrates to Cell-Based Architecture on AWS to Mitigate Gray Failures
Slack migrated most of the critical user-facing services from a monolithic to a cell-based architecture over the last 1.5 years. The move was triggered by the impact of networking outages affecting a single availability zone, causing user-impacting service degradation. The new architecture allows incrementally draining all the traffic away from the affected availability zone within 5 minutes.
-
Amazon Route 53 Resolver Introduces DNS over HTTPS Support for Enhanced Security and Compliance
AWS recently announced that Amazon Route 53 Resolver will support using the Domain Name System (DNS) over HTTPS (DoH) protocol for both inbound and outbound Resolver endpoints.
-
AWS Introduces Amazon Route 53 Resolver on AWS Outposts Rack
AWS recently announced that Amazon Route 53 Resolver is now available on AWS Outposts rack providing on-premises services and applications with local Domain Name Service (DNS) resolution directly from Outposts. In addition, local Route 53 Resolver endpoints also enable DNS resolution between Outposts and on-premises DNS servers.
-
AWS Introduces IP-Based Routing on Route 53
AWS recently announced support for IP-based routing on Amazon Route 53. The new option of the DNS service allows customers to route resources of a domain based on the client subnet to optimize network transit costs and performance.
-
Microsoft Releases Azure DNS Private Resolver in Public Preview
Azure DNS Private Resolver is a new service that enables customers to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM-based DNS servers. This new service is fully-managed in Azure and in public preview.
-
New Side-Channel Vulnerability in the Linux Kernel Enabling DNS Cache Poisoning
A recent research paper by a team at University of California, Riverside, shows the existence of previously overlooked side channels in the Linux kernels that can be exploited to attack DNS servers.
-
AWS Releases Amazon Route 53 Application Recovery Controller into General Availability
Recently, AWS announced the general availability (GA) of Amazon Route 53 Application Recovery Controller, an additional new set of capabilities in Amazon Route 53. With the capabilities, it will be easier for customers to continuously monitor their applications’ ability to recover from failures and control their recovery across AWS Regions, Availability Zones, and on-premises infrastructure.
-
Istio 1.8 Announces Smart DNS Proxy, Support for Helm 3
Istio recently announced the release of Istio 1.8. The fourth and final release for the open-source service mesh platform in 2020, this release focused on support for multi-cluster meshes and virtual machine (VM) workloads.
-
How SAD DNS Works
SAD DNS is a new variant of DNS cache poisoning that allows an attacker to inject malicious DNS records into a DNS cache, thus redirecting any traffic to their own server and become a man-in-the-middle (MITM).
-
DNSSEC Root KSK Ceremony 41 Taking Place on Thursday
The DNSSEC signing ceremony, which takes place as an in-person event every three months, will be a combined physical and virtual event on Thursday at 17:00 UTC. The next few months' signing keys for the DNSSEC root nameservers will take place, but not all of the keyholders will be physically present due to travel restrictions caused by COVID-19. Find out how the ceremony has been adapted.
-
DNSSEC Signing Potentially Interrupted by Coronoavirus
The DNSSEC signing process, which has happened every three months for the last ten years, is likely to be unable to happen due to travel restrictions caused by Coronavirus. Read on to find out what the problems are, and how they plan on keeping DNSSEC running after summer 2020.