TLD glue sticks around too long
Recent headline grabbing DDoS attacks provoked heated debates in the DNS community. Everyone has strong opinions on how to harden DNS to avoid downtime in the future. Is it better to use a single DNS provider or multiple? What DNS TTL values are best? Does DNSSEC make you more or less exposed?
CC BY 2.0 image by Leticia Chamorro
These are valid questions worth serious discussion, but tuning your own DNS server settings is not the full story. Together, as a community, we need to harden the DNS protocol itself. We need to prepare it to withstand the toughest DDoS attacks the future will surely bring. In this blog post I'll point out an obscure feature in the core DNS protocol. It is not practical to use this "hidden" feature for DDoS mitigation now, but with a small tweak it could become extremely useful. The feature is currently unused not due to protocol problems - it's unused because of the DNS Top Level Domain (TLD) operators' apathy. If it was working it would reduce DDoS recovery time for the DNS servers under attack.
The feature in question is: DNS TLD glue records. More specifically DNS TLD glue records with Continue reading
Microservices: The Infrastructure Impact
Simplifying application development leads to complications for IT operations, but the cloud can help.
Networking 2016: The Year In Review
A look back at a year filled with hot startups, Facebook networking innovations, and SD-WAN.
Response: Snap 1.0 is Here
Intel Snap reaches 1.0 milestone. This is a valuable troubleshooting tool for NFV.
The post Response: Snap 1.0 is Here appeared first on EtherealMind.
Network Virtualization And Unintended Consequences
Virtualizing the network solves many problems, but could also create new ones.
Beyond Scale to Flexible Cloud Networking
In the early 2000’s a new generation of smartphones revolutionized the cell phone industry, eliminating the market for “flip phones,” introducing new tools and completely redefining “phones” to universal internet devices. New companies rose and old ones adapted or failed. In 2015, a new generation of electric cars (Tesla being the most well-known), were introduced...Continue reading »
Network Automation Online Course: a Vendor Perspective
A few days after I published the blog post describing why it might make sense to attend the Building Network Automation Solutions course even when you’re already using a $vendor network management system/platform, I got a surprising email from one of my friends working for a major networking vendor:
Read more ...Automating Cisco Nexus Switches with Ansible
For the past several years, the open source [network] community has been rallying around Ansible as a platform for network automation. Just over a year ago, Ansible recognized the importance of embracing the network community and since then, has made significant additions to offer network automation out of the box. In this post, we’ll look at two distinct models you can use when automating network devices with Ansible, specifically focusing on Cisco Nexus switches. I’ll refer to these models as CLI-Driven and Abstraction-Driven Automation.
Note: We’ll see in later posts how we can use these models and a third model to accomplish intent-driven automation as well.
For this post, we’ve chosen to highlight Nexus as there are more Nexus Ansible modules than any other network operating system as of Ansible 2.2 making it extremely easy to highlight these two models.
CLI-Driven Automation
The first way to manage network devices with Ansible is to use the Ansible modules that are supported by a diverse number of operating systems including NX-OS, EOS, Junos, IOS, IOS-XR, and many more. These modules can be considered the lowest common denominator as they work the same way across operating systems requiring you to define the Continue reading