Khalid Hasanov, profile picture
Uploaded byKhalid Hasanov
272 views

Building a Dynamic DNS Infrastructure

The document discusses the transition from a legacy DNS infrastructure to a dynamic DNS system using PowerDNS, highlighting performance issues, the need for automation, and centralized management. It outlines the architecture of PowerDNS, its replication features, and disaster recovery protocols, as well as results from extensive load testing to ensure production readiness. Additionally, it emphasizes integration with existing workflows and monitoring metrics for effective governance.

Embed presentation

Download to read offline
Building a Dynamic DNS Infrastructure Khalid Hasanov
★ Motivation ★ Legacy DNS Infrastructure ★ New DNS Infrastructure ○ Design ○ Monitoring ○ Performance ★ Questions Overview 2
1. Authoritative DNS server - simply the owner of the hostname 2. Recursive DNS server - resolves any query they receive by consulting a corresponding authoritative server if there is no answer in its own cache 3. A validating DNS server - a resolver which verifies the response it has received is correct DNS Terminology 3
DNS Update Workflow 4
Legacy DNS Architecture - Bind 5
Issues we had with Bind ● Performance ○ Several attempts to optimize Bind - CI build plans ○ It would take at least 15 minutes for Bind updates to take effect ● Not centralized source of truth for all DNS Servers ● No automatic replication ● No dynamicity, no API to programmatically modify DNS data 6
Needs for a new DNS system ● Better performance ● Dynamic updates ● Automatic replication and failover ● Centralized source of truth for all our DNS servers ● Migration should be transparent for our engineers 7
What’s out there? DNS server software 8
PowerDNS Architecture 9
Interaction with other infrastructure components 10
PowerDNS replication We use PowerDNS in native replication mode: ○ PowerDNS will not send out DNS update notifications ○ PowerDNS will not react to DNS update requests ○ The database backend is taking care of replication 11
PowerDNS native replication ● PostgreSQL continuously ship Write-Ahead Log records to the standby servers ● Each standby server operates in continuous recovery mode 12
Disaster Scenarios - Actions 1. Database backend failure: Action: Kill PostgreSQL backend 2. Authoritative backend failure: Action: Kill PowerDNS authoritative application 3. Recursor failure: Action: Kill PowerDNS recursor application 13
Disaster Scenarios - Observations 1. Database backend failure: a. No issue if the requested domain is already in the recursor cache b. If not, we can always talk to the slave PowerDNS servers 2. Authoritative backend failure: The same behaviour as it was observed in the previous step 3. Recursor failure: a. No request can be served from the corresponding PowerDNS server b. The requests are going to be handled by the slave nameservers 14
Production readiness - Load testing 15 ● Load testing using JMeter ● JMeter tests started on 6 different VMs in parallel ● The test continued in 10 minutes and the total number of samples reached over 6 million ● Only 5 error in 6 million samples
Production readiness - Load testing 16 ● Load testing using JMeter ● JMeter tests started on 6 different VMs in parallel ● The test continued in 10 minutes and the total number of samples reached over 6 million ● Only 5 error in 6 million samples
Production readiness - Load testing 17 ● Load testing using JMeter ● JMeter tests started on 6 different VMs in parallel ● The test continued in 10 minutes and the total number of samples reached over 6 million ● Only 5 error in 6 million samples
Integration with existing workflow ● Existing process of updating DNS zones and records: ○ Ansible inventories and group vars ○ We need a way to be in sync with PDNS while we use existing BIND based DNS ● Internal tool called Staple: ○ Parses Git logs of Ansible inventory files to get DNS related changes ○ The changes are synced with PDNS using its HTTP API 18
What metrics we monitor and alert on ● Record-by-record and zone-by-zone comparison between Bind and PowerDNS ● PowerDNS specific metrics ● Host specific metrics 19
Record-by-record and zone-by-zone comparison between Bind and PowerDNS 20
PowerDNS specific metrics 21
Host specific metrics 22
User Interface 23
Future Work ... 24
Questions? 25

More Related Content

PDF
What's New in NGINX Plus R12?
byNGINX, Inc.
 
PDF
Janice Singh - Writing Custom Nagios Plugins
byNagios
 
PDF
gRPC & Kubernetes
byKausal
 
PDF
Netcentric: customer experience
byVarnish Software
 
PDF
Load Balancing with Nginx
byMarian Marinov
 
PPT
Nginx internals
byliqiang xu
 
KEY
Nginx - Tips and Tricks.
byHarish S
 
PDF
Extending functionality in nginx, with modules!
byTrygve Vea
 
What's New in NGINX Plus R12?
byNGINX, Inc.
 
Janice Singh - Writing Custom Nagios Plugins
byNagios
 
gRPC & Kubernetes
byKausal
 
Netcentric: customer experience
byVarnish Software
 
Load Balancing with Nginx
byMarian Marinov
 
Nginx internals
byliqiang xu
 
Nginx - Tips and Tricks.
byHarish S
 
Extending functionality in nginx, with modules!
byTrygve Vea
 

What's hot

PDF
Using NGINX as an Effective and Highly Available Content Cache
byKevin Jones
 
PDF
Proxysql ha plam_2016_2_keynote
byMarco Tusa
 
PDF
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
bywallyqs
 
PPTX
5 things you didn't know nginx could do
bysarahnovotny
 
PDF
Nginx dhruba mandal
byDhrubaji Mandal ♛
 
PPTX
NGINX: High Performance Load Balancing
byNGINX, Inc.
 
PPTX
NGINX High-performance Caching
byNGINX, Inc.
 
PPTX
Nginx
byGeeta Vinnakota
 
PDF
Proxysql sharding
byMarco Tusa
 
PPTX
Learn nginx in 90mins
byLarry Cai
 
PDF
Serverless for the Cloud Native Era with Fission
byNATS
 
PDF
Zingme practice for building scalable website with PHP
byChau Thanh
 
PPTX
NGINX Plus PLATFORM For Flawless Application Delivery
byAshnikbiz
 
PPTX
End to end testing a web application with Clojure
byGerard Klijs
 
PDF
Pinterest - Working with Varnish at-scale
byVarnish Software
 
PPTX
NGINX 101 - now with more Docker
bySarah Novotny
 
PDF
NATS in action - A Real time Microservices Architecture handled by NATS
byRaül Pérez
 
PPTX
Debugging varnish
byVarnish Software
 
PDF
Native Clients, more the merrier with GFProxy!
byGluster.org
 
PDF
Debugging with-wireshark-niels-de-vos
byGluster.org
 
Using NGINX as an Effective and Highly Available Content Cache
byKevin Jones
 
Proxysql ha plam_2016_2_keynote
byMarco Tusa
 
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
bywallyqs
 
5 things you didn't know nginx could do
bysarahnovotny
 
Nginx dhruba mandal
byDhrubaji Mandal ♛
 
NGINX: High Performance Load Balancing
byNGINX, Inc.
 
NGINX High-performance Caching
byNGINX, Inc.
 
Nginx
byGeeta Vinnakota
 
Proxysql sharding
byMarco Tusa
 
Learn nginx in 90mins
byLarry Cai
 
Serverless for the Cloud Native Era with Fission
byNATS
 
Zingme practice for building scalable website with PHP
byChau Thanh
 
NGINX Plus PLATFORM For Flawless Application Delivery
byAshnikbiz
 
End to end testing a web application with Clojure
byGerard Klijs
 
Pinterest - Working with Varnish at-scale
byVarnish Software
 
NGINX 101 - now with more Docker
bySarah Novotny
 
NATS in action - A Real time Microservices Architecture handled by NATS
byRaül Pérez
 
Debugging varnish
byVarnish Software
 
Native Clients, more the merrier with GFProxy!
byGluster.org
 
Debugging with-wireshark-niels-de-vos
byGluster.org
 

Similar to Building a Dynamic DNS Infrastructure

PDF
Build Dynamic DNS server from scratch in C (Part1)
byYen-Kuan Wu
 
PDF
Alternative Dns Servers Choice And Deployment And Optional Sql Ldap Backends ...
byzemedaryely
 
PDF
Learning CoreDNS Configuring DNS for Cloud Native Environments 1st Edition Jo...
bynhejsyslak
 
PDF
NetflixOSS Meetup season 3 episode 1
byRuslan Meshenberg
 
PDF
Micro services infrastructure with AWS and Ansible
byBamdad Dashtban
 
PDF
Scaling DNS
byelliando dias
 
PDF
Building Linux IPv6 DNS Server (Complete Soft Copy)
byHari
 
PDF
DNS Survival Guide
byAPNIC
 
PPTX
BIND DNS IPWorks Introduction To Advanced
byMustafa Golam
 
PDF
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
byQNIB Solutions
 
PDF
BIND 9 - making a modern DNS server
byJisc
 
PDF
Dnscluster @ DevOps Krakow 2013
bySlawomir Skowron
 
PDF
Get your instance by name integration of nova, neutron and designate
byMiguel Lavalle
 
PDF
DNS Survival Guide.
byQrator Labs
 
PPT
Building a Linux IPv6 DNS Server Project review PPT v3.0 First review
byHari
 
PDF
OSMC 2019 | Directing the Director by Martin Schurz
byNETWAYS
 
PPTX
Deploying and configuring dns service
bylatoniasmith
 
PPTX
Extending Ansible - Ansible Benelux meetup - Amsterdam 11-02-2016
byPavel Chunyayev
 
PDF
Paasta: Application Delivery at Yelp
byC4Media
 
PDF
LInux DNS HOWto Expertise level
byNilesh Vaghela
 
Build Dynamic DNS server from scratch in C (Part1)
byYen-Kuan Wu
 
Alternative Dns Servers Choice And Deployment And Optional Sql Ldap Backends ...
byzemedaryely
 
Learning CoreDNS Configuring DNS for Cloud Native Environments 1st Edition Jo...
bynhejsyslak
 
NetflixOSS Meetup season 3 episode 1
byRuslan Meshenberg
 
Micro services infrastructure with AWS and Ansible
byBamdad Dashtban
 
Scaling DNS
byelliando dias
 
Building Linux IPv6 DNS Server (Complete Soft Copy)
byHari
 
DNS Survival Guide
byAPNIC
 
BIND DNS IPWorks Introduction To Advanced
byMustafa Golam
 
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
byQNIB Solutions
 
BIND 9 - making a modern DNS server
byJisc
 
Dnscluster @ DevOps Krakow 2013
bySlawomir Skowron
 
Get your instance by name integration of nova, neutron and designate
byMiguel Lavalle
 
DNS Survival Guide.
byQrator Labs
 
Building a Linux IPv6 DNS Server Project review PPT v3.0 First review
byHari
 
OSMC 2019 | Directing the Director by Martin Schurz
byNETWAYS
 
Deploying and configuring dns service
bylatoniasmith
 
Extending Ansible - Ansible Benelux meetup - Amsterdam 11-02-2016
byPavel Chunyayev
 
Paasta: Application Delivery at Yelp
byC4Media
 
LInux DNS HOWto Expertise level
byNilesh Vaghela
 

Recently uploaded

PDF
EPC vs Reality: The Schedule That Was Never Possible
byGanesh Kumar
 
PDF
Java Programming core java and basics concepts
byHarish Khodke
 
PPTX
Symmetrical faults in power system .pptx
byRased Khan
 
PDF
Finite Automata With Output - Moore and Mealy Machines definitions and Solved...
byNileshPardeshi28
 
PDF
Flexibility Matrix Method of Analysis- Part B
byDr. Nitin Naik
 
PDF
Non-Deterministic Finite Automata (NFA) to Deterministic Finite Automata (DFA...
byNileshPardeshi28
 
PPTX
Calculation of Water Hardness and softening.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
PPTX
Unit II Introduction to C programming ppts
bypawarbhaktiit
 
PDF
Learn Linux in your Android Phone (Learn on the Go)
byNarendran Solai Sridharan
 
PDF
Lec1a-infinite square well-particle in a box.pdf
byb17052006bhuvanasent
 
PDF
lecture notes digital_design_examples.pdf
bygeekcooder2020
 
PDF
A wire harness (also called a wiring harness or cable harness)
byabhinandankondekar2
 
PPTX
Why Hydraulic Flushing Should Never Be Skipped Before Commissioning
byNeometrix_Engineering_Pvt_Ltd
 
PDF
UNIT02_TRE_GEOMETRIC DESIGN.pdf_________
byAaquib Ansari
 
PPTX
Ortho Graphic Projections for civil engineering.pptx
byUmairAli575718
 
PDF
SURAJIT PARAMANIK_ME_3RD_THERMODYNAMICS.pdf
byastikparamanik1970
 
PPT
OMRS for Railway people of Mechanical department
byArun Kumar Sharma
 
PPTX
review of transistor circuit and applications
bysophieshuqinghuang
 
PPTX
CFP_Unit 3 Decision Control and Looping Statements
bypawarbhaktiit
 
PPTX
analog communication part two lecture note
byhirutfanta1212
 
EPC vs Reality: The Schedule That Was Never Possible
byGanesh Kumar
 
Java Programming core java and basics concepts
byHarish Khodke
 
Symmetrical faults in power system .pptx
byRased Khan
 
Finite Automata With Output - Moore and Mealy Machines definitions and Solved...
byNileshPardeshi28
 
Flexibility Matrix Method of Analysis- Part B
byDr. Nitin Naik
 
Non-Deterministic Finite Automata (NFA) to Deterministic Finite Automata (DFA...
byNileshPardeshi28
 
Calculation of Water Hardness and softening.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
Unit II Introduction to C programming ppts
bypawarbhaktiit
 
Learn Linux in your Android Phone (Learn on the Go)
byNarendran Solai Sridharan
 
Lec1a-infinite square well-particle in a box.pdf
byb17052006bhuvanasent
 
lecture notes digital_design_examples.pdf
bygeekcooder2020
 
A wire harness (also called a wiring harness or cable harness)
byabhinandankondekar2
 
Why Hydraulic Flushing Should Never Be Skipped Before Commissioning
byNeometrix_Engineering_Pvt_Ltd
 
UNIT02_TRE_GEOMETRIC DESIGN.pdf_________
byAaquib Ansari
 
Ortho Graphic Projections for civil engineering.pptx
byUmairAli575718
 
SURAJIT PARAMANIK_ME_3RD_THERMODYNAMICS.pdf
byastikparamanik1970
 
OMRS for Railway people of Mechanical department
byArun Kumar Sharma
 
review of transistor circuit and applications
bysophieshuqinghuang
 
CFP_Unit 3 Decision Control and Looping Statements
bypawarbhaktiit
 
analog communication part two lecture note
byhirutfanta1212
 

Building a Dynamic DNS Infrastructure

  • 1.
    Building a DynamicDNS Infrastructure Khalid Hasanov
  • 2.
    ★ Motivation ★ LegacyDNS Infrastructure ★ New DNS Infrastructure ○ Design ○ Monitoring ○ Performance ★ Questions Overview 2
  • 3.
    1. Authoritative DNSserver - simply the owner of the hostname 2. Recursive DNS server - resolves any query they receive by consulting a corresponding authoritative server if there is no answer in its own cache 3. A validating DNS server - a resolver which verifies the response it has received is correct DNS Terminology 3
  • 4.
  • 5.
  • 6.
    Issues we hadwith Bind ● Performance ○ Several attempts to optimize Bind - CI build plans ○ It would take at least 15 minutes for Bind updates to take effect ● Not centralized source of truth for all DNS Servers ● No automatic replication ● No dynamicity, no API to programmatically modify DNS data 6
  • 7.
    Needs for anew DNS system ● Better performance ● Dynamic updates ● Automatic replication and failover ● Centralized source of truth for all our DNS servers ● Migration should be transparent for our engineers 7
  • 8.
    What’s out there?DNS server software 8
  • 9.
  • 10.
    Interaction with otherinfrastructure components 10
  • 11.
    PowerDNS replication We usePowerDNS in native replication mode: ○ PowerDNS will not send out DNS update notifications ○ PowerDNS will not react to DNS update requests ○ The database backend is taking care of replication 11
  • 12.
    PowerDNS native replication ●PostgreSQL continuously ship Write-Ahead Log records to the standby servers ● Each standby server operates in continuous recovery mode 12
  • 13.
    Disaster Scenarios -Actions 1. Database backend failure: Action: Kill PostgreSQL backend 2. Authoritative backend failure: Action: Kill PowerDNS authoritative application 3. Recursor failure: Action: Kill PowerDNS recursor application 13
  • 14.
    Disaster Scenarios -Observations 1. Database backend failure: a. No issue if the requested domain is already in the recursor cache b. If not, we can always talk to the slave PowerDNS servers 2. Authoritative backend failure: The same behaviour as it was observed in the previous step 3. Recursor failure: a. No request can be served from the corresponding PowerDNS server b. The requests are going to be handled by the slave nameservers 14
  • 15.
    Production readiness -Load testing 15 ● Load testing using JMeter ● JMeter tests started on 6 different VMs in parallel ● The test continued in 10 minutes and the total number of samples reached over 6 million ● Only 5 error in 6 million samples
  • 16.
    Production readiness -Load testing 16 ● Load testing using JMeter ● JMeter tests started on 6 different VMs in parallel ● The test continued in 10 minutes and the total number of samples reached over 6 million ● Only 5 error in 6 million samples
  • 17.
    Production readiness -Load testing 17 ● Load testing using JMeter ● JMeter tests started on 6 different VMs in parallel ● The test continued in 10 minutes and the total number of samples reached over 6 million ● Only 5 error in 6 million samples
  • 18.
    Integration with existingworkflow ● Existing process of updating DNS zones and records: ○ Ansible inventories and group vars ○ We need a way to be in sync with PDNS while we use existing BIND based DNS ● Internal tool called Staple: ○ Parses Git logs of Ansible inventory files to get DNS related changes ○ The changes are synced with PDNS using its HTTP API 18
  • 19.
    What metrics wemonitor and alert on ● Record-by-record and zone-by-zone comparison between Bind and PowerDNS ● PowerDNS specific metrics ● Host specific metrics 19
  • 20.
    Record-by-record and zone-by-zonecomparison between Bind and PowerDNS 20
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.