We browse the Internet. We host our applications on a server or a cloud that is hooked up with a nice domain name. That’s all there is to know about DNS, right? This talk is a refresher about how DNS works. How we can use it and how it can affect availability of our applications. How we can use it as a means of configuring our application components. How this old geezer protocol is a resilient, distributed system that is used by every Internet user in the world. How we can use it for things that it wasn’t built for. Come join me on this journey through the innards of the web!
The document describes Yahoo's failsafe mechanism for its homepage using Apache Storm and Apache Traffic Server. The key points are:
1. The failsafe architecture uses AWS components like EC2, ELB, S3 and autoscaling to serve traffic from failsafe servers if the primary servers fail.
2. Apache Traffic Server is used as a caching proxy between the user and origin servers. The "Escalate" plugin in ATS fetches content from failsafe servers if the origin server response is not good.
3. Apache Storm Crawler crawls content for different devices and maps URLs to the failsafe domain for storage in S3 with query parameters in the path. This provides more relevant fail
Training on DSpace Institutional Repository
Organized by
BALID Institute of Information Management (BIIM
DSpace Manual for BALID Trainee
Institutional Repository
1-2 May 2014
Venue: CIRDAP
• Installation of DSpace on Debian
• Configuration of DSpace
• Customization of Dspace
• Cron Jobs setup for production system
• MTA Setup for DSpace
• Some Important Commands of PostgreSQL
• DSpace Discovery Setup
Prepared By
Nur Ahammad
Junior Assistant Librarian
Independent University, Bangladesh
This document summarizes a study of an outage of a company's DNS full-resolvers. During the outage, both of the company's caching nameservers failed for 12 minutes. During this period, clients were unable to resolve hostnames and query rates increased as clients retried requests. When the servers were restored, they received much higher query rates for several seconds as clients flushed their caches. The study found that having multiple DNS resolvers provides redundancy and avoids a complete outage. It also showed that clients unintentionally synchronize, likely due to scheduled tasks on devices, which can lead to spikes in query rates.
1) The document discusses DNS basics including its hierarchical database structure with root and top level domains (TLDs) at the top, and its main components like authoritative servers, recursive resolvers, and resource records.
2) It explains key DNS concepts like domains, zones, and delegation between zones. Common resource record types and a sample zone file are also described.
3) The document covers potential DNS issues like cache poisoning and vulnerabilities if data is not validated, which DNS Security Extensions (DNSSEC) aims to address through cryptographic signing of resource records.
Nginx is an open-source, lightweight web server that can serve static files, act as a reverse proxy, load balancer, and HTTP cache. It is fast, scalable, and improves performance and security for large websites. Some key companies that use Nginx include Google, IBM, LinkedIn, and Facebook. Nginx follows a master-slave architecture with an event-driven, asynchronous, and non-blocking model. The master process manages worker processes that handle requests in a single-threaded manner, improving concurrency.
Using Oracle Database with Amazon Web Servicesguest484c12
The document discusses using Oracle Database with Amazon Web Services. It outlines Amazon EC2, which allows users to provision virtual machines in Amazon's data centers, and Amazon S3 for storing and retrieving data. It then provides steps for deploying Oracle Database Express Edition on EC2, backing up databases to S3 using Oracle Recovery Manager, and storing database files and backups in S3 for cost effective storage.
DSpace:Technical Basics - Identifiers; User management and authentication options; Item Submission Workflows; Import and Export; RSS Feeds, Alerts and News; DSpace Statistics and Google Analytics; SWORD Basics.
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDropsolid
In this presentation I explain using video examples how kubernetes works and how this can be used to host your Drupal 7 or 8 site. There are obviously also gotcha's and I'd like to warn you to not use this in production until you've verified it
The document discusses techniques for optimizing server performance, including reducing server load through HTTP caching, efficient content types, batching requests, and pushing content streams. It also discusses measuring performance metrics like response time and throughput, and tools for performance profiling like ASP.NET counters and load testing software. Specific techniques presented include using ETags, setting cache control headers, throttling requests, and choosing efficient data serialization formats and protocols.
Apache Traffic Server (ATS) is a fast, scalable HTTP caching proxy server. It allows plugins to be written using Lua, a lightweight scripting language. This provides advantages over writing plugins in C/C++, including easier development, testing, and ability to leverage Lua features. The presentation discusses using Lua with ATS, including exposing ATS APIs as Lua functions, implementing plugins, testing plugins, and security considerations like input validation and sandboxing. Future work may include exposing more ATS APIs and providing input validation libraries.
DISQUS is a comment system that handles high volumes of traffic, with up to 17,000 requests per second and 250 million monthly visitors. They face challenges in unpredictable spikes in traffic and ensuring high availability. Their architecture includes over 100 servers split between web servers, databases, caching, and load balancing. They employ techniques like vertical and horizontal data partitioning, atomic updates, delayed signals, consistent caching, and feature flags to scale their large Django application.
PostgreSQL is a free and open-source relational database management system that provides high performance and reliability. It supports replication through various methods including log-based asynchronous master-slave replication, which the presenter recommends as a first option. The upcoming PostgreSQL 9.4 release includes improvements to replication such as logical decoding and replication slots. Future releases may add features like logical replication consumers and SQL MERGE statements. The presenter took questions at the end and provided additional resources on PostgreSQL replication.
(NET308) Consolidating DNS Data in the Cloud with Amazon Route 53Amazon Web Services
In this session, we show you how to use Amazon Route 53 to consolidate your DNS data and manage it centrally. Learn how to use Amazon Route 53 for public DNS and for private DNS in VPC, and also learn how to combine Amazon Route 53 private DNS with your own DNS infrastructure.
Cloudera Morphlines is a new open source framework, recently added to the CDK, that reduces the time and skills necessary to integrate, build, and change Hadoop processing applications that extract, transform, and load data into Apache Solr, Apache HBase, HDFS, enterprise data warehouses, or analytic online dashboards.
Big Data Step-by-Step: Infrastructure 1/3: Local VMJeffrey Breen
Part 1 of 3 of series focusing on the infrastructure aspect of getting started with Big Data, specifically Hadoop. This presentation starts small, installing a pre-packaged virtual machine from Hadoop vendor Cloudera on your local machine.
We then install R, copy some sample data into HDFS and test everything by running Jonathan Seidman's a sample streaming job.
Presented at the Boston Predictive Analytics Big Data Workshop, March 10, 2012
modern module development - Ken Barber 2012 Edinburgh Puppet CampPuppet
The document provides information on modern Puppet module development best practices. It discusses what modules are and common patterns like package, config, service that address 80% of module needs. It also covers validation of module parameters using Kwalify schemas, testing modules with rspec-puppet, and packaging modules for release on the Puppet Forge using the puppet-module tool. The document emphasizes the importance of coding style, linting with puppet-lint, and following patterns and best practices to create high quality, reusable modules.
Use case for using the ElastiCache for Redis in production知教 本間
This document discusses using ElastiCache for Redis in production. It begins with an introduction to the author and their role at gumi Inc. It then provides an overview of Redis operations and data persistence methods. The document outlines gumi's migration from memcached to Redis, including their use of master-slave replication and multiple databases. It notes potential issues with ElastiCache for Redis like lack of auto failover and inability to change instance types. In summary, while some features are still missing, ElastiCache for Redis allows quick node provisioning and has proven reliable for gumi despite initial function gaps.
HBaseConEast2016: Practical Kerberos with Apache HBaseMichael Stack
- The document is a slide presentation on practical Kerberos with Apache HBase given by Josh Elser of Hortonworks.
- It provides an introduction to Kerberos, how it is used for authentication in HBase and Hadoop, and best practices for configuration and troubleshooting common issues.
- Key aspects covered include how Kerberos tickets and keytabs are used, the SASL and GSSAPI protocols that enable authenticated RPC, and approaches like delegation tokens and proxy users that handle special cases like long-running jobs.
Fluentd is a log collection tool that is well-suited for container environments. It allows for flexible log collection from containers through its variety of input plugins. Logs can be aggregated and buffered by Fluentd before being sent to output destinations like Elasticsearch. This addresses problems with traditional log collection in container environments by decoupling log collection from applications and making the infrastructure more scalable and reliable.
A Designated ENUM DNS Zone Provisioning Architectureenumplatform
The document summarizes the proposed designated ENUM DNS zone provisioning architecture including:
1) ENUM DNS and authentication transaction interfaces between subscribers, Tier1a registries, Tier1a registrars, Tier2 providers, and authenticators.
2) Normal DNS resolution and BIND queries would take place through the ENUM zone hierarchy to retrieve NAPTR records.
3) Authentication of a subscriber's right to use a number would involve digital certificates from an authenticator and verification by Tier2 and Tier1a providers.
Creating Domain Specific Languages in PythonSiddhi
This document discusses domain specific languages (DSLs) and provides examples of creating DSLs in Python. It explains that DSLs allow users to work in specialized mini-languages tailored to specific problem domains. As examples, it discusses SQL as a DSL for databases and regular expressions as a DSL for patterns. It then demonstrates how to create an external DSL for defining forms using PyParsing and an internal DSL for the same using Python features like metaclasses. The document concludes that DSLs make code easier to read, write and maintain for non-programmers.
Are you ready for the next attack? reviewing the sp security checklist (apnic...Barry Greene
Rethinking Security and how you can Act on Meaningful Change
What the industry recommends to protect your network is NOT working! The industry is stuck in a dysfunctional ecosystem that encourages the cyber-criminal innovation at the cost to business and individual loss throughout the world. We do not need a “Manhattan Project” for the security of the Internet. What we need are tools to help operators throughout the world ask the right question that would lead them to meaningful action. Security empowerment must empower the grassroots and provide the tools to push back on the root cause. This talk will explore these issues, highlight the dysfunction in our “security” economy, and present “take home” tools that would facilitate immediate action.
The document outlines a "Cyber Strategy of Action" for 2012 that calls for increased private industry collaboration, both privately and in public-private partnerships, to better prepare for and respond to cybersecurity threats. It recommends investing in existing security technologies and incident response communities, exercising legal options like civil lawsuits, and establishing real-time security data sharing to identify malicious actors and networks.
OpenDNS Enterprise Web Filtering allows organizations of all sizes to block websites at work. Choose from over 50 customizable categories. Use block page bypass to grant exceptions to your Web filtering policy. OpenDNS Enterprise offers web filtering without an appliance, can be deployed nearly instantly, and can be managed anywhere you have an Internet connection.
This document discusses using Ansible to manage PostgreSQL databases. It begins with an introduction to Ansible, explaining that it is an agentless automation tool used for configuration management, deployment, and orchestration. It then provides an overview of installing and using Ansible to provision infrastructure on Amazon Web Services and install PostgreSQL with streaming replication across multiple servers. Key components of Ansible like templates, variables, tasks, and playbooks are demonstrated in an example repository for automating PostgreSQL configuration management.
This document provides an overview of network security concepts and techniques. It defines common attacks such as denial of service attacks, man-in-the-middle attacks, and SQL injection. It also describes defenses such as firewalls, intrusion detection systems, and encryption. The document outlines the stages of a cyber operation from target identification to gaining access and establishing persistence. It provides examples of passive and active attacks and how to classify network services and roles to implement security zones and isolation.
Speaking from experience building MyGet.org: users are insane. If you are lucky, they use your service, but in reality, they probably abuse. Crazy usage patterns resulting in more requests than expected, request bursts when users come back to the office after the weekend, and more! These all pose a potential threat to the health of our web application and may impact other users or the service as a whole. Ideally, we can apply some filtering at the front door: limit the number of requests over a given timespan, limiting bandwidth, ...
In this talk, we’ll explore the simple yet complex realm of rate limiting. We’ll go over how to decide on which resources to limit, what the limits should be and where to enforce these limits – in our app, on the server, using a reverse proxy like Nginx or even an external service like CloudFlare or Azure API management. The takeaway? Know when and where to enforce rate limits so you can have both a happy application as well as happy customers.
This document provides an overview and tutorial of the getdns API, which is a new DNS API specification created by and for application developers. It aims to provide a natural follow-on to the getaddrinfo() function. The getdns API and its first implementation, getdns, highlight features like bootstrapping encrypted channels to prevent man-in-the-middle attacks. The tutorial covers DNSSEC and how getdns allows applications to directly query for and validate DNSSEC records like TLSA to securely establish TLS connections using DANE, bypassing the need to trust recursive resolvers. It demonstrates simple getdns functions for full recursion, stub resolution, and fallback options.
Query-name Minimization and Authoritative Server BehaviorShumon Huque
This document discusses query name minimization in DNS resolution and examines how some authoritative DNS servers behave when handling minimized queries. It finds that while name minimization aims to improve privacy, some CDNs and DNS hosting providers respond incorrectly to queries for empty non-terminal names, returning NXDOMAIN instead of NODATA. This prevents complete resolution. The document suggests providers will need to address this to allow wider adoption of name minimization.
This document provides 7 habits for success as an internet engineer:
1. Be disciplined in your work through consistency of action, values, goals and methods.
2. Write things down through documents like requirements, design, operations and testing plans.
3. It's okay to not know things, but not okay to remain clueless - ask others for help.
4. Read technical manuals and source materials to learn from experts.
5. Build a network of people in the field to learn from and contribute to.
6. Connect with networking groups and read their materials to stay informed of the latest developments.
7. Invest in your professional network through answering questions and sharing knowledge with
DNS and Troubleshooting DNS issues in LinuxKonkona Basu
The DNS is the system that translates domain names to IP addresses on the internet. It was created in 1983 and allows users to reference internet resources by name. The document then describes the step-by-step resolution process where a client's request is recursively resolved through root servers, TLD servers, and authoritative name servers to return the requested IP address. It also discusses caching for improved performance and common issues like hostname-IP mismatches that can be resolved by editing host files and DNS records.
BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"Barry Greene
Learn how to turn your network’s DNS into a Security Tool! Webinar-Oct 12th
What do you do if the security tools are not protecting your network? Cyber-criminals are constantly finding ways to bypass your security tools and own your network. When the threat changes, you should grow with the threat - think out of the box – using tools that the criminals have not yet considered; the DNS.
ISC’s Internet Critical Open Source DNS software BIND has a new feature that would turn a DNS Caching Resolver into a tool to help protect your network from malware. All the computers in your network must contact your DNS Resolvers to get to the outside world. Your DNS Resolvers are critical “choke-point” for which all devices in your network must interact to get to the outside world. This "choke-point" is a logical choice to put security capabilities to check if a domain is "clean" or "dirty."
How can you have your DNS Resolver check if a domain is clean or dirty? Use BIND’s new feature – the DNS Response Policy Zone (DNSRPZ). DNSRPZ uses secure and fast zone transfer technologies to pull down black list of bad domains and put them into your DNS resolver.
The archived recording of the Webinar is here: www.isc.org/webinars
Who should watch this Webinar?
E-mail Administrators: Find out how DNSRPZ offers more effective way to work with the Anti-Spam black list.
Network Operators: Learn how DNSRPZ can be used inside your network to keep your users from being in-inadvertently infected by malware, zero-days, and malvertisements.
Security Engineers: Discover how DNSRPZ is a tool to help contain infections that get into your network and try to “call home” to a BOTNET controller.
Hosting Providers: By default, most of your hosting customers are using your DNS resolvers. Learn how DNSRPZ can help prevent and contain the threat of your customers getting infected.
Service Providers: Learn how to turn your DNS services into a tool to help protect all your customers from infection.
Mobile Telecoms Operators: Find a new tool that would prevent miscreant smart phone applications from calling home with DNS and infecting your customer’s phones.
SCADA and Critical Industrial System Operators: Learn how DNSRPZ is a tool to help protect legacy control systems that need DNS to work.
Verisign Public DNS is a free DNS resolution service that provides stable and secure routing of internet navigation while respecting user privacy. It utilizes Verisign's patented ATLAS technology and over 17 years of experience operating the .com and .net domains to deliver 100% accurate and reliable resolution. User queries are not sold to third parties or used to redirect users to ads, keeping DNS data private. The service leverages Verisign's expertise in DNS infrastructure to offer a less vulnerable alternative to other public DNS platforms.
The document provides an overview of the Domain Name System (DNS) including its history, key components, and configuration. DNS converts domain names to IP addresses and vice versa by using a distributed database with a hierarchical structure. The database is divided into zones stored on nameservers. Resolvers query nameservers to lookup names and return results to requesting programs. The document outlines the DNS namespace, nameservers, zones, resource records, configuration files, and utilities for testing and querying DNS.
DNS is a globally distributed database that translates domain names to IP addresses. It consists of a name space organized in a hierarchical tree structure, servers that store data about parts of the name space, and resolvers that query servers to map names to addresses. The resolution process involves recursively querying servers at higher levels, like root and TLD servers, until reaching an authoritative name server that can provide the address. Caching improves performance by storing previous lookups.
This document provides an overview and introduction to DNS and DNSSEC. It begins with introducing the presenter, Nurul Islam Roman, and his background and areas of expertise. The overview section lists the topics to be covered, including DNS overview, forward and reverse DNS, DNS security overview, TSIG, and DNSSEC. The document then delves into explanations of DNS overview, how it works, its features and components. It also covers IP addresses vs domain names, the DNS tree hierarchy, domains, root servers, resolvers, authoritative and recursive nameservers. Finally, it discusses resource records, common RR types, reverse DNS, delegation, glue records and responsibilities around APNIC and ISPs for reverse delegations.
Install and Understand DNSSEC in Linux Server running BIND 9 with CHROOT JAIL system and Service.
By Utah Networxs
Follow - @fabioandpires
Follow - @utah_networxs
The document introduces the DNS system by explaining its purpose of mapping names to resources for easier lookup than numbers. It describes DNS features like global distribution, loose coherency, scalability, reliability, and dynamic updates. Key concepts are explained such as hierarchical DNS names, domains and delegation of subdomains, authoritative and recursive name servers, resource records including SOA and NS records, and how TTL and zone refresh timers maintain consistency.
The document provides an overview of the Domain Name System (DNS) including:
- DNS is an internet directory service that maps hostnames to IP addresses through a hierarchical domain name space.
- The top of the DNS naming hierarchy is managed by ICANN and includes over 250 top-level domains like .com, .edu, .gov, and country-specific domains.
- DNS resource records like A, MX, NS, and CNAME contain information mapped to domain names, such as IP addresses, mail servers, name servers, and aliases. This information is stored in DNS databases distributed across name servers.
DNS, which stands for domain name system, controls your domain name's website and email settings. When visitors go to your domain name, its DNS settings control which company's server it reaches out to.
The document discusses Domain Name System (DNS) servers and how they work. It provides information on:
1) DNS servers translate domain names to IP addresses so computers can locate systems on the internet. The DNS database hierarchy includes root servers, TLD servers, and authoritative name servers.
2) DNS uses a distributed database and client-server model. Root servers point to TLD servers, which point to authoritative servers that maintain records for domains.
3) DNS configuration files include named.conf, resolv.conf, zone files, and include files that define DNS settings and mappings.
The document provides step-by-step instructions for configuring a master DNS server on Linux. It discusses installing bind packages, configuring the named.conf and zones files to define domains and records, creating zone files for forward and reverse lookups, restarting services, and testing the name resolution. Key aspects covered include defining the master server IP, domains and records in the zones file, generating zone files from templates, configuring firewall rules and resolving configuration.
This document provides an introduction to DNS (Domain Name System) in 3 paragraphs:
It explains that DNS was created to address the problems with using a centralized HOSTS.TXT file to map hostnames to IP addresses as the Internet grew. DNS introduced a distributed and hierarchical namespace that maps domain names to IP addresses through a global network of name servers.
It describes the basic structure and functionality of DNS, including that it is organized in a tree structure with top-level domains at the root, each domain can be delegated to different administrators, and name servers contain parts of the distributed database that maps domain names and resource records like A records (IPv4 addresses) and MX records (mail servers).
The
The document discusses the Domain Name System (DNS), including:
- DNS allows humans to use domain names to access internet resources while computers use IP addresses.
- DNS is hierarchical, distributed across servers globally, and designed for resilience and to avoid single points of failure.
- DNS works by mapping domain names to IP addresses through a hierarchy of root servers, top-level domain servers and authoritative DNS servers.
- The DNS namespace is hierarchical with top-level domains like .com and country domains, with future improvements focusing on security, IPv6 integration, and ties to directory services.
This document discusses domain name system (DNS) configuration and troubleshooting. It describes DNS components like name servers, domains, and zones. It provides instructions for configuring DNS in Linux and Windows, including setting up primary and secondary servers with zone files. Troubleshooting tools like ping, nslookup, and dig are also covered.
Overview of the Domain Name System (DNS).
In the early days of the Internet, hosts had a fixed IP address.
Reaching a host required to know its numeric IP address.
With the growing number of hosts this scheme became quickly awkward and difficult to use.
DNS was introduced to give hosts human readable names that would be translated into a numeric IP addresses on the fly when a requesting host tried to reach another host.
To facilitate a distributed administration of the domain names, a hierarchic scheme was introduced where responsibility to manage domain names is delegated to organizations which can further delegate management of sub-domains.
Due to its importance in the operation of the Internet, domain name servers are usually operated redundantly. The databases of both servers are periodically synchronized.
About DNS name service.
If you looking for Domain Name Registar, check out the review: https://medium.com/@JohnBeardslee/best-domain-name-registrars-top-recommendations-b3d65128b46a
This document provides an overview of the Domain Name System (DNS) including how DNS works, the record types stored in DNS, caching and authoritative servers, and delegation. It discusses how DNS queries work by recursively searching through the DNS hierarchy from the root servers down. Key record types like A, AAAA, NS, MX and SOA are described. The roles of caching servers, which forward queries on behalf of clients, and authoritative servers, which serve data from their own zone files, are compared. Delegation allows separate administration of different domains through the hierarchical structure of DNS.
The document provides an overview of the Domain Name System (DNS). It discusses how DNS was developed to solve problems with the early HOSTS.TXT file system for mapping names to IP addresses. DNS implements a distributed database hierarchy with name servers, resolvers, and a namespace to translate between hostnames and IP addresses. The document outlines the components of DNS and how the domain name resolution process works by querying multiple name servers in a recursive manner to ultimately return an IP address.
The document discusses the Domain Name System (DNS) which translates human-friendly domain names to IP addresses. It describes DNS as the internet's equivalent of a phone book. DNS uses a hierarchical, domain-based naming scheme and distributed database to implement this naming system. The DNS database contains resource records (RRs) that map domain names to IP addresses and other attributes. There are different types of name servers, including authoritative, caching, primary, and secondary servers that maintain the DNS database and resolve queries. DNS resolution can occur through either recursive or iterative queries to translate names to addresses.
The Domain Name System (DNS) was created to translate human-friendly domain names to computer-friendly IP addresses. DNS is hierarchical and distributed, allowing names and IP addresses to be managed across multiple name servers around the world. DNS uses a client-server model where resolvers query caches or authoritative name servers to lookup resource records associated with domain names, such as A records mapping names to IP addresses.
Similar to DNS for Developers - NDC Oslo 2016 (20)
Bringing nullability into existing code - dammit is not the answer.pptxMaarten Balliauw
The C# nullability features help you minimize the likelihood of encountering that dreaded System.NullReferenceException. Nullability syntax and annotations give hints as to whether a type can be nullable or not, and better static analysis is available to catch unhandled nulls while developing your code. What's not to like?
Introducing explicit nullability into an existing code bases is a Herculean effort. There's much more to it than just sprinkling some `?` and `!` throughout your code. It's not a silver bullet either: you'll still need to check non-nullable variables for null.
In this talk, we'll see some techniques and approaches that worked for me, and explore how you can migrate an existing code base to use the full potential of C# nullability.
Nerd sniping myself into a rabbit hole... Streaming online audio to a Sonos s...Maarten Balliauw
After buying a set of Sonos-compatible speakers at IKEA, I was disappointed there's no support for playing audio from a popular video streaming service. They stream Internet radio, podcasts and what not. Well, not that service I want it to play!
Determined - and not knowing how deep the rabbit hole would be - I ventured on a trip that included network sniffing on my access point, learning about UPnP and running a web server on my phone (without knowing how to write anything Android), learning how MP4 audio is packaged (and has to be re-packaged). This ultimately resulted in an Android app for personal use, which does what I initially wanted: play audio from that popular video streaming service on Sonos.
Join me for this story about an adventure that has no practical use, probably violates Terms of Service, but was fun to build!
Building a friendly .NET SDK to connect to SpaceMaarten Balliauw
Space is a team tool that integrates chats, meetings, git hosting, automation, and more. It has an HTTP API to integrate third party apps and workflows, but it's massive! And slightly opinionated.
In this session, we will see how we built the .NET SDK for Space, and how we make that massive API more digestible. We will see how we used code generation, and incrementally made the API feel more like a real .NET SDK.
Microservices for building an IDE - The innards of JetBrains Rider - NDC Oslo...Maarten Balliauw
Ever wondered how IDE’s are built? In this talk, we’ll skip the marketing bit and dive into the architecture and implementation of JetBrains Rider. We’ll look at how and why we have built (and open sourced) a reactive protocol, and how the IDE uses a “microservices” architecture to communicate with the debugger, Roslyn, a WPF renderer and even other tools like Unity3D. We’ll explore how things are wired together, both in-process and across those microservices.
Indexing and searching NuGet.org with Azure Functions and Search - .NET fwday...Maarten Balliauw
Which NuGet package was that type in again? In this session, let's build a "reverse package search" that helps finding the correct NuGet package based on a public type.
Together, we will create a highly-scalable serverless search engine using Azure Functions and Azure Search that performs 3 tasks: listening for new packages on NuGet.org (using a custom binding), indexing packages in a distributed way, and exposing an API that accepts queries and gives our clients the best result.
NDC Sydney 2019 - Microservices for building an IDE – The innards of JetBrain...Maarten Balliauw
Ever wondered how IDE’s are built? In this talk, we’ll skip the marketing bit and dive into the architecture and implementation of JetBrains Rider.
We’ll look at how and why we have built (and open sourced) a reactive protocol, and how the IDE uses a “microservices” architecture to communicate with the debugger, Roslyn, a WPF renderer and even other tools like Unity3D. We’ll explore how things are wired together, both in-process and across those microservices. Let’s geek out!
JetBrains Australia 2019 - Exploring .NET’s memory management – a trip down m...Maarten Balliauw
This document discusses .NET memory management and the garbage collector. It explains that the CLR manages memory in a heap and the garbage collector reclaims unused memory. It describes how objects are allocated in generations and discusses how to help the garbage collector perform better by reducing allocations, using value types when possible, and properly disposing of objects. The document also provides examples of hidden allocations and demonstrates tools for analyzing memory usage like ClrMD and dotMemory Unit.
.NET Conf 2019 - Indexing and searching NuGet.org with Azure Functions and Se...Maarten Balliauw
Which NuGet package was that type in again? In this session, let's build a "reverse package search" that helps finding the correct NuGet package based on a public type.
Together, we will create a highly-scalable serverless search engine using Azure Functions and Azure Search that performs 3 tasks: listening for new packages on NuGet.org (using a custom binding), indexing packages in a distributed way, and exposing an API that accepts queries and gives our clients the best result.
https://blog.maartenballiauw.be/post/2019/07/30/indexing-searching-nuget-with-azure-functions-and-search.html
CloudBurst 2019 - Indexing and searching NuGet.org with Azure Functions and S...Maarten Balliauw
Which NuGet package was that type in again? In this session, let's build a "reverse package search" that helps finding the correct NuGet package based on a public type.
Together, we will create a highly-scalable serverless search engine using Azure Functions and Azure Search that performs 3 tasks: listening for new packages on NuGet.org (using a custom binding), indexing packages in a distributed way, and exposing an API that accepts queries and gives our clients the best result.
NDC Oslo 2019 - Indexing and searching NuGet.org with Azure Functions and SearchMaarten Balliauw
Which NuGet package was that type in again? In this session, let's build a "reverse package search" that helps finding the correct NuGet package based on a public type.
Together, we will create a highly-scalable serverless search engine using Azure Functions and Azure Search that performs 3 tasks: listening for new packages on NuGet.org (using a custom binding), indexing packages in a distributed way, and exposing an API that accepts queries and gives our clients the best result.
Approaches for application request throttling - Cloud Developer Days PolandMaarten Balliauw
Speaking from experience building a SaaS: users are insane. If you are lucky, they use your service, but in reality, they probably abuse. Crazy usage patterns resulting in more requests than expected, request bursts when users come back to the office after the weekend, and more! These all pose a potential threat to the health of our web application and may impact other users or the service as a whole. Ideally, we can apply some filtering at the front door: limit the number of requests over a given timespan, limiting bandwidth, ...
In this talk, we’ll explore the simple yet complex realm of rate limiting. We’ll go over how to decide on which resources to limit, what the limits should be and where to enforce these limits – in our app, on the server, using a reverse proxy like Nginx or even an external service like CloudFlare or Azure API management. The takeaway? Know when and where to enforce rate limits so you can have both a happy application as well as happy customers.
Indexing and searching NuGet.org with Azure Functions and Search - Cloud Deve...Maarten Balliauw
This document discusses indexing NuGet packages using Azure Functions and Azure Search to power search capabilities in ReSharper and Rider. It proposes using Functions triggered by changes to the NuGet.org catalog to download packages, index them using reflection metadata, and upload the results to an Azure Search index. Each step would be a separate function to allow independent scaling. The final system would watch the catalog, index new/updated packages, and provide APIs for searching packages by type or namespace.
Approaches for application request throttling - dotNetCologneMaarten Balliauw
Speaking from experience building a SaaS: users are insane. If you are lucky, they use your service, but in reality, they probably abuse. Crazy usage patterns resulting in more requests than expected, request bursts when users come back to the office after the weekend, and more! These all pose a potential threat to the health of our web application and may impact other users or the service as a whole. Ideally, we can apply some filtering at the front door: limit the number of requests over a given timespan, limiting bandwidth, ...
In this talk, we’ll explore the simple yet complex realm of rate limiting. We’ll go over how to decide on which resources to limit, what the limits should be and where to enforce these limits – in our app, on the server, using a reverse proxy like Nginx or even an external service like CloudFlare or Azure API management. The takeaway? Know when and where to enforce rate limits so you can have both a happy application as well as happy customers.
CodeStock - Exploring .NET memory management - a trip down memory laneMaarten Balliauw
The .NET Garbage Collector (GC) is really cool. It helps providing our applications with virtually unlimited memory, so we can focus on writing code instead of manually freeing up memory. But how does .NET manage that memory? What are hidden allocations? Are strings evil? It still matters to understand when and where memory is allocated. In this talk, we’ll go over the base concepts of .NET memory management and explore how .NET helps us and how we can help .NET – making our apps better. Expect profiling, Intermediate Language (IL), ClrMD and more!
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...Maarten Balliauw
Ever wondered how IDE’s are built? In this talk, we’ll skip the marketing bit and dive into the architecture and implementation of JetBrains Rider. We’ll look at how and why we have built (and open sourced) a reactive protocol, and how the IDE uses a “microservices” architecture to communicate with the debugger, Roslyn, a WPF renderer and even other tools like Unity3D. We’ll explore how things are wired together, both in-process and across those microservices. Let’s geek out!
ConFoo Montreal - Approaches for application request throttlingMaarten Balliauw
Speaking from experience building a SaaS: users are insane. If you are lucky, they use your service, but in reality, they probably abuse. Crazy usage patterns resulting in more requests than expected, request bursts when users come back to the office after the weekend, and more! These all pose a potential threat to the health of our web application and may impact other users or the service as a whole. Ideally, we can apply some filtering at the front door: limit the number of requests over a given timespan, limiting bandwidth, ...
In this talk, we’ll explore the simple yet complex realm of rate limiting. We’ll go over how to decide on which resources to limit, what the limits should be and where to enforce these limits – in our app, on the server, using a reverse proxy like Nginx or even an external service like CloudFlare or Azure API management. The takeaway? Know when and where to enforce rate limits so you can have both a happy application as well as happy customers.
Microservices for building an IDE – The innards of JetBrains Rider - TechDays...Maarten Balliauw
Ever wondered how IDE’s are built? In this talk, we’ll skip the marketing bit and dive into the architecture and implementation of JetBrains Rider. We’ll look at how and why we have built (and open sourced) a reactive protocol, and how the IDE uses a “microservices” architecture to communicate with the debugger, Roslyn, a WPF renderer and even other tools like Unity3D. We’ll explore how things are wired together, both in-process and across those microservices. Let’s geek out!
JetBrains Day Seoul - Exploring .NET’s memory management – a trip down memory...Maarten Balliauw
The .NET Garbage Collector (GC) is really cool. It helps providing our applications with virtually unlimited memory, so we can focus on writing code instead of manually freeing up memory. But how does .NET manage that memory? What are hidden allocations? Are strings evil? It still matters to understand when and where memory is allocated. In this talk, we’ll go over the base concepts of .NET memory management and explore how .NET helps us and how we can help .NET – making our apps better. Expect profiling, Intermediate Language (IL), ClrMD and more!
The .NET Garbage Collector (GC) is really cool. It helps providing our applications with virtually unlimited memory, so we can focus on writing code instead of manually freeing up memory. But how does .NET manage that memory? What are hidden allocations? Are strings evil? It still matters to understand when and where memory is allocated. In this talk, we’ll go over the base concepts of .NET memory management and explore how .NET helps us and how we can help .NET – making our apps better. Expect profiling, Intermediate Language (IL), ClrMD and more!
VISUG - Approaches for application request throttlingMaarten Balliauw
Speaking from experience building a SaaS: users are insane. If you are lucky, they use your service, but in reality, they probably abuse. Crazy usage patterns resulting in more requests than expected, request bursts when users come back to the office after the weekend, and more! These all pose a potential threat to the health of our web application and may impact other users or the service as a whole. Ideally, we can apply some filtering at the front door: limit the number of requests over a given timespan, limiting bandwidth, ...
In this talk, we’ll explore the simple yet complex realm of rate limiting. We’ll go over how to decide on which resources to limit, what the limits should be and where to enforce these limits – in our app, on the server, using a reverse proxy like Nginx or even an external service like CloudFlare or Azure API management. The takeaway? Know when and where to enforce rate limits so you can have both a happy application as well as happy customers.
Choose our Linux Web Hosting for a seamless and successful online presencerajancomputerfbd
Our Linux Web Hosting plans offer unbeatable performance, security, and scalability, ensuring your website runs smoothly and efficiently.
Visit- https://onliveserver.com/linux-web-hosting/
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Chris Swan
Have you noticed the OpenSSF Scorecard badges on the official Dart and Flutter repos? It's Google's way of showing that they care about security. Practices such as pinning dependencies, branch protection, required reviews, continuous integration tests etc. are measured to provide a score and accompanying badge.
You can do the same for your projects, and this presentation will show you how, with an emphasis on the unique challenges that come up when working with Dart and Flutter.
The session will provide a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across an organization with multiple repos. It will also look at the ongoing maintenance involved once scorecards have been implemented, and how aspects of that maintenance can be better automated to minimize toil.
The DealBook is our annual overview of the Ukrainian tech investment industry. This edition comprehensively covers the full year 2023 and the first deals of 2024.
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Erasmo Purificato
Slide of the tutorial entitled "Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Emerging Trends" held at UMAP'24: 32nd ACM Conference on User Modeling, Adaptation and Personalization (July 1, 2024 | Cagliari, Italy)
How Social Media Hackers Help You to See Your Wife's Message.pdfHackersList
In the modern digital era, social media platforms have become integral to our daily lives. These platforms, including Facebook, Instagram, WhatsApp, and Snapchat, offer countless ways to connect, share, and communicate.
Transcript: Details of description part II: Describing images in practice - T...BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...Bert Blevins
Today’s digitally connected world presents a wide range of security challenges for enterprises. Insider security threats are particularly noteworthy because they have the potential to cause significant harm. Unlike external threats, insider risks originate from within the company, making them more subtle and challenging to identify. This blog aims to provide a comprehensive understanding of insider security threats, including their types, examples, effects, and mitigation techniques.
Support en anglais diffusé lors de l'événement 100% IA organisé dans les locaux parisiens d'Iguane Solutions, le mardi 2 juillet 2024 :
- Présentation de notre plateforme IA plug and play : ses fonctionnalités avancées, telles que son interface utilisateur intuitive, son copilot puissant et des outils de monitoring performants.
- REX client : Cyril Janssens, CTO d’ easybourse, partage son expérience d’utilisation de notre plateforme IA plug & play.
UiPath Community Day Kraków: Devs4Devs ConferenceUiPathCommunity
We are honored to launch and host this event for our UiPath Polish Community, with the help of our partners - Proservartner!
We certainly hope we have managed to spike your interest in the subjects to be presented and the incredible networking opportunities at hand, too!
Check out our proposed agenda below 👇👇
08:30 ☕ Welcome coffee (30')
09:00 Opening note/ Intro to UiPath Community (10')
Cristina Vidu, Global Manager, Marketing Community @UiPath
Dawid Kot, Digital Transformation Lead @Proservartner
09:10 Cloud migration - Proservartner & DOVISTA case study (30')
Marcin Drozdowski, Automation CoE Manager @DOVISTA
Pawel Kamiński, RPA developer @DOVISTA
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
09:40 From bottlenecks to breakthroughs: Citizen Development in action (25')
Pawel Poplawski, Director, Improvement and Automation @McCormick & Company
Michał Cieślak, Senior Manager, Automation Programs @McCormick & Company
10:05 Next-level bots: API integration in UiPath Studio (30')
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
10:35 ☕ Coffee Break (15')
10:50 Document Understanding with my RPA Companion (45')
Ewa Gruszka, Enterprise Sales Specialist, AI & ML @UiPath
11:35 Power up your Robots: GenAI and GPT in REFramework (45')
Krzysztof Karaszewski, Global RPA Product Manager
12:20 🍕 Lunch Break (1hr)
13:20 From Concept to Quality: UiPath Test Suite for AI-powered Knowledge Bots (30')
Kamil Miśko, UiPath MVP, Senior RPA Developer @Zurich Insurance
13:50 Communications Mining - focus on AI capabilities (30')
Thomasz Wierzbicki, Business Analyst @Office Samurai
14:20 Polish MVP panel: Insights on MVP award achievements and career profiling
Comparison Table of DiskWarrior Alternatives.pdfAndrey Yasko
To help you choose the best DiskWarrior alternative, we've compiled a comparison table summarizing the features, pros, cons, and pricing of six alternatives.
An invited talk given by Mark Billinghurst on Research Directions for Cross Reality Interfaces. This was given on July 2nd 2024 as part of the 2024 Summer School on Cross Reality in Hagenberg, Austria (July 1st - 7th)
6. Who am I?
Maarten Balliauw
Antwerp, Belgium
Software Engineer, Microsoft
Founder, MyGet
AZUG
Focus on web
ASP.NET MVC, Azure, SignalR, ...
Former MVP Azure & ASPInsider
Big passion: Azure
http://blog.maartenballiauw.be
@maartenballiauw
Shameless self promotion: Pro NuGet - http://amzn.to/pronuget2
7. Agenda
The 101 stuff
How the Internet works (the DNS part)
DNS zones
Security
DNS in application architecture
Failover, load balancing, CDN
Configuration and service discovery
DNS for fun and profit
10. “Let’s Google!”
We need an IP address for www.google.com
Use Domain Name System (“phone book”)
Map www.google.com to 216.58.213.100 / 2a00:1450:4009:80f::2004
After which the browser will do its HTTP magic
11. “Let’s Google!”
Check operating system (hosts file, ...)
Check DNS cache
Ask home router
Check DNS cache at ISP, not in cache? Iterate!
12. “Let’s Google!”
Ask root servers where .com. lives
Ask .com. authoritative server where google.com lives
Ask .google.com. authoritative server for www.google.com. IP address
14. DNS
2 types of servers
Authoritative
“Owns the domain”
Cache (recursor)
“Resolves the domain for you”
15. DNS
Designed in 1983 by Paul Mockapetris (University of California, Irvine)
Converts hostnames to IP addresses
Stores mail delivery information for a domain
Stores other information for a domain (TXT records)
16. How do I get a domain name?
TLD’s managed by separate organisations
Verisign (.com) – DNS Belgium (.be) – EURid (.eu) - …
Rules!
Who can register a name?
Ownership change procedures
Disputes
Technical rules
Usually domain registration done by registrar
E.g. DNSimple - http://bit.ly/dns4developers
18. Root servers
ICANN’s 13 root servers http://root-servers.org/
Why only 13?
UDP packets limited to 512 bytes
Response with > 13 entries would be > 512 bytes
There are more: anycast
19. gTLD, ccTLD, iTLD, … servers
Delegation from root servers to gTLD, ccTLD, iTLD, … servers
List managed by IANA http://www.iana.org/domains/root/db
“Where does .tld live?”
20. Root servers are a convention!
Every OS has them, but they can be replaced
E.g. www.opennicproject.org
They have their own gTLD’s as well, e.g. .bit, .free, .null, .oss, …
Not widely used (?) as it’s an alternate realm
E.g. www.orsn.org Open Root Server Network
Mirrors ICANN root servers
Reduce over-dependence on the USA
“Independent mode” in case political situation requires it
21. Caches, caches everywhere!
“Let’s change the IP address for our webserver in the DNS”
Caches in recursive resolvers (e.g. at ISP’s)
https://www.whatsmydns.net/
Caches in OS
ipconfig /flushdns
Caches in application (e.g. in IE)
Restart browser
Lower TTL beforehand
23. DNS zone
“A Domain Name System (DNS) zone file is a text file that describes a
DNS zone. A DNS zone is a subset, often a single domain, of the
hierarchical domain name structure of the DNS.
The zone file contains mappings between domain names and IP
addresses and other resources, organized in the form of text
representations of resource records (RR).
A zone file may be either a DNS master file, authoritatively describing a
zone, or it may be used to list the contents of a DNS cache. [1]“
24. DNS zone
$ORIGIN example.com. ; designates the start of this zone file in the namespace
$TTL 1h ; default expiration time of all resource records
example.com. IN SOA ns.example.com. username.example.com. ( 2007120710 1d 2h 4w 1h )
example.com. IN NS ns ; ns.example.com is a nameserver for example.com
example.com. IN NS ns.somewhere.example. ; another nameserver
example.com. IN MX 10 mail.example.com. ; mail.example.com is the mailserver for example.com
@ IN MX 20 mail2.example.com. ; equivalent to above line, "@" represents zone origin
@ IN MX 50 mail3 ; equivalent to above line, but using a relative host name
example.com. IN A 192.0.2.1 ; IPv4 address for example.com
IN AAAA 2001:db8:10::1 ; IPv6 address for example.com
ns IN A 192.0.2.2 ; IPv4 address for ns.example.com
www IN CNAME example.com. ; www.example.com is an alias for example.com
mail IN A 192.0.2.3 ; IPv4 address for mail.example.com
mail2 IN A 192.0.2.4 ; IPv4 address for mail2.example.com
mail3 IN A 192.0.2.5 ; IPv4 address for mail3.example.com
25. DNS zone
Contains records describing a domain
Value + TTL
At the minimum: Start of Authority (SOA) record
“which server stores all the information about the website I want to look up”
Name of authoritative master name server
Email address of someone responsible for management of the name server
Expiration parameters
(serial #, slave refresh, slave retry time, slave expiration rime, cache duration or Time To Live)
26. DNS zone
Typical other records:
NS – Who are my nameservers? (or subdomain delegation)
A – IPv4 address pointer
AAAA – IPv6 address pointer
CNAME – Reference to another record (NOT A REDIRECT)
MX – Mail exchangers for the domain, with priorities
TXT – Textual value, often used to validate domain ownership/spam rules/…
SRV – Describes a service type and port
27. PTR
“Reverse DNS” used for e.g. diagnostics tools like ping and traceroute
Email anti-spam uses this as well (check EHLO IP address)
28. Zone transfer
Usually more than one nameserver for a zone
1 primary, other secondaries
No need to maintain zones on every slave!
Zone transfer
Primary knows secondary IP’s (we don’t want to transfer to anyone out there)
Secondary knows zone name, queries primary over TCP (53) to replicate data
Uses SOA serial to check zone version & decide on update
30. DNS cache poisoning
Consider this DNS zone…
Consider this web page…
$ORIGIN evil.com.
$TTL 1h
evil.com. IN SOA ns.evil.com. username.example.com. ( 2007120710 1d 2h 4w 1h )
evil.com. IN NS ns1.google.com.
ns1.google.com. IN A 123.123.123.123
<!-- ... -->
<img src="http://www.evil.com/image.gif"/>
<!-- ... -->
32. DNSSEC (Domain Name SystemSecurity Extensions)
Set of extensions to DNS
Origin verification
Is the record really coming from the proper name server?
Adds signing support (and delegation)
Top-down the chain (root servers have DNSSEC, gTLD servers have DNSSEC, …)
Why did that demo work?
Custom resolver without DNSSEC trust chain broken
33. DNS Amplification for DDoS
DNS recursion is awesome! (and often default)
Lots of DNS servers out there have recursion enabled for all
Lots of open resolvers out there
Saturate a victim’s network connection by using open DNS resolvers
UDP traffic has no source IP verification
Spoof source traffic
34. DNS Amplification for DDoS
Attacker Victim
Open DNS resolver
Open DNS resolver
Open DNS resolver
35. DNS Amplification for DDoS
Make sure to disable recursion
Or limit it to known, trusted networks
Use a DDoS filtering service
Akamai, CloudFlare, Verisign, ...
Use SPI firewall to verify packet origin
37. DNS failover / load balancing
Simple “round-robin”
www.example.local. IN A 192.168.0.1.
www.example.local. IN A 192.168.0.2.
www.example.local. IN A 192.168.0.3.
Most DNS servers return different IP as first item in list
Issues
What if one of the addresses is unreachable?
What if the order is cached at ISP?
38. DNS failover / load balancing
Intelligent DNS server
e.g. Azure Traffic Manager / Amazon Route 53
Scenarios
Round-robin
Failover
Performance
Issues
What if one of the addresses is unreachable? monitoring of endpoints
What if the order is cached at ISP? low TTL (still gaps)
40. Content Delivery Network (CDN)
Serve origin content from edge location close to the user
www.cdnreviews.com
41. Content Delivery Network (CDN)
Serve origin content from edge location close to the user
Intelligent DNS approach
Check user IP address location, return DNS record closer to the user
Try nslookup myget-2e16.kxcdn.com
Use IP Anycast
Advertise the same IP for edge server in different networks
No logic needed in DNS
The DNS root servers use this as well
42. Configuration in DNS
Typical application configuration
Key/value pairs
Hierarchy
Store as DNS records (TXT?)
Typically multiple environments
One special DNS server per environment
One master to which we can recurse (e.g. shared settings)
44. Configuration in DNS
Alternative: store just the hostnames per environment
api.app.local different IP per environment
Downside to configuration in DNS
Still need to maintain “the phone book” when changes occur
Not very flexible with dynamic resources...
Caches, CACHES!
45. Service discovery
“Detect services on various devices on a network of computers with minimal
configuration.”
UPnP
Service Location Protocol (SLP)
Zero Configuration Networking (Zeroconf)
Simple way to find and list services without maintaining a directory
Every service announces itself
46. Service discovery
Multicast DNS (mDNS)
224.0.0.251 port 5353 - every machine on the network listens
DNS Service Discovery (DNS-SD)
Works with mDNS and DNS
SRV (name + type, port, hostname)
PTR (pointer)
A (service IP)
TXT (additional information)
You are probably already using this today!
Printer, Apple Bonjour, Office365, …
46ce01.local. A 192.168.1.101
46ce01._printer._tcp.local. SRV 515 46ce01.local
_printer._tcp.local. PTR 46ce01._printer._tcp.local.
51. HTTP over DNS
Custom client and server
Server
Identify client
Fetch upstream data and make it available as DNS records
Client
Expose itself as a local proxy
Make DNS lookups with custom server
Things to be aware of…
UDP packet size, maximum length of records, maximum # of records
Encrypt transport
52. HTTP over DNS
Local browser
HoD client
HoD server
Target HTTP server
Browser uses local HoD client as proxy HoD server makes upstream request
Translates into DNS response(s)
53. HTTP over DNS on the Internet
Local browser
HoD client
HoD server
Target HTTP server
ISP nameserver
55. IP over DNS
Same idea as HTTP over DNS: tunnel traffic
http://code.kryo.se/iodine/
More elaborate protocol:
User identification
Auto-optimize UDP packet size
Compression
57. Conclusion
DNS is a hierarchical system
Built in 1983, flexible and widely used
Record types
DNSSEC
Application architecture
Failover, load balancing, CDN
Configuration and service discovery
Fun
Run command line
nslookup www.google.comNote that the response is from an unauthoritative server (meaning it is served from a cache somewhere in between our PC and the Internet)
Dig provides us more info about how the name resolution happensdig A www.google.com +trace
Maybe visit the site and look at a few of the servers – there are tonnes of them!
Browser makes a request to a non-existent hostname
Our DNS resolver learns that ns1.google.com is in an IP address that we own
Our OS (or worse, our recursive DNS) caches this, I own Google on your machine
Open 02 CachePoisoning demo
Walk through the code, explain the redirects that happen (our custom domain says it’s in Google’s DNS, for which we send the IP address in the response)
Set machine’s nameserver to 127.0.0.1
Visit the custom HTML page
Visit www.google.com
Ping www.google.com and note the IP address is wrong
Create new Traffic Manager endpoint in new portal (maartenba.trafficmanager.net)
Set DNS TTL to 30 seconds to make the talk more enjoyable
Add external endpoints:
www.bing.com
www.google.com
Run nslookup
set type=CNAME
maartenba.trafficmanager.net
See result, wait 30 seconds and try again
See different result
We can do this failover, round-robin, or “performance”
Mention CDN’s exist with both approaches. Both have own advantages. No logic = no logic, just route. Logic = be smart, eg Cedexis does multi-CDN, picks host based on all kinds of parameters, uses monitoring, …
Open 03 ConfigurationSample demo
Explain ConfigurationServer class – it adds an entry per configuration value we want to store and serves it up as a TXT record
Explain we could have multiple of the same, the client would just get multiple entries instead of one. Useful for failover scenarios etc.
Show server Program.cs where we store some values, then run it
Show client Program.cs where we fetch values, then run it
Explain we could have multiple servers, to which we can recurse for shared settings across environments
You are probably already using this today! (Office 365? Apple Bonjour)
Open 04 ServiceDiscovery
Run ServiceDiscovery.Client and see if there are any printers (or other) on the local network. Probably not but let’s check anyway.
Open ServiceDiscovery.SampleService, explain what we are doing here
We have a simple OWIN Web API running, nothing fancy
Now let’s publish this service!
ZeroconfService package from NuGet
using (var service = new ZeroconfService.NetService( "local.", "_webapi._tcp", "Maarten's awesome API", 9999))
{
service.Publish();
Console.ReadLine();
}
Run the client again, see that our service is now discovered – zero configuration! The service tells everyone else where it lives and what it does.
Open 05 HTTP over DNS
Demonstrate the server – run the server project
Use nslookup
set type=TXT
Query for www.google.com
See that we get back a number of chunks – we need this as the DNS response can only contain a limited amount of data
Get a chunk, 1.www.google.com
Get another, 2.www.google.com
Now look at the server code – Open HttpProxyingDnsServer
Important work is in “ResolveLocal”
Explain the code – we check if we request a chunk or not.
If not, calculate number of chunks and return it as a TXT
If we do want a chunk, fetch the chunk and the next chunks, return TXT records for each
Now look at the custom client we created
Create a DNS client
Get the value for number of chunks
Get the chunks and concatenate them
Run the client as well, see what it does…