gopher

go is an easy to learn language with purposefully limited features. but there are some lesser known features which you may not know about. i have tried to list a few of them here.

number literals

For readability, an underscore character _ may appear after a base prefix or between successive digits; such underscores do not change the literal's value.

prevent unkeyed literals

note that go vet also complains about unkeyed literals.

to prevent extra…


Introduction

DNSSEC adds a signature record for every record type in the response, guaranteeing the integrity of the response and preventing man-in-the-middle attacks.

but what if the response is empty?

The way negative answers are handled in DNSSEC is not straightforward. originally a new record type called NSEC was introduced. NSEC returns the previous and next name in zone which proves that the name in requested query cannot exist. there are two main problems with this solution:

1- zone walking: you can start from root and ask for next location using NSEC

2- response size: additional NSEC and RRSIG record required…


Many studies suggest that internet resources (including dns resource records) follow a zipf-like distribution. see “DNS Performance and Effectiveness of Caching”.

zipf law originally states that given a large sample of words used, the frequency of any word is inversely proportional to its rank in the frequency table.

we can check these claims using data from our own authoritative DNS server.

we use two different aggregation on queries, qname-qtype and qname . we also fetch data from two time frames, a 5-minute window and a 1-day window. here are sorted query frequencies of these 4 scenarios:


background

with tens of thousands of web sites using our authoritative dns server, we respond to millions of requests every day. dns attacks are getting more and more widespread these days, dns is a crucial part of our system and we must make sure that we can perform well under high pressure.

dns-flood is a small tool I found capable of producing huge number of udp requests.

monitoring our systems showed that memory usage of our service was growing so fast that we had stop our service or we would get into OOM…

Arash Cordi

DNS specialist, Golang enthusiast

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store