Oct 3 – 5, 2015
Fairmont Queen Elizabeth
US/Eastern timezone

Continuous Integration & Continuous Deployment - For the new nameserver infrastructures of DENIC eG

Oct 4, 2015, 9:30 AM
St-Francois (Fairmont Queen Elizabeth)


Fairmont Queen Elizabeth

900 René-Lévesque Blvd W Montreal, QC H3B 4A5 Canada


Mr Christian Petrasch (DENIC eG)


This Abstract describes the concepts, the development and the functionalities of the DENIC DNS Countinuous Integration and Deployment Pipeline. Furthermore the advantages you could receive through this technics and automated testing. More informations will follow in the summary form.


Author: Christian Petrasch – DNS Operations / DENIC eG


The nameserver infrastructure of a TLD or TLD-like company is, concerning widespreading anycast infrastructures, a service where fast deployments of servers are a necessary feature. This applies to changes onto the server platform (software and OS and configurations) as well as reinstall or add new servers to the existing infrastructure. There are multiple reasons for this, like for example adding new customers,
mitigation of attacks, deploying new software or patches for every type of software ( also the operating system ) running on the platform.

Nevertheless, the stability and security of the servers shouldn't be influenced by increasing the deployment speed. Because of this, automated testing comes in the game. With an automated testing pipeline no new software or patch will be deployed in production without a successful integration test. This guarantees that
the stability of the running production will be provided after the deployment of the new feature.

The orchestration is the next step in this structure. Orchestration melts fast deployment, testing and controlling the service together. The orchestration is a toolstack for controlling the dependencies between new deployments and a maybe unavoidable outtake of a server during reinstallation and the absolutely uninterrupted service for the customer. This is the reason why an orchestration is the mandatory connection between controlling the routing equipment and the server equipment.

The presentation should give a deep overview about the development and the techniques DENIC is using for building and testing the DNS infrastructure and the big wins you can get because of Continuous Delivery in a DNS platform. This includes a comparison between the old infrastructure and the new one, operations, problem handling (debugging, attack mitigation), usability and orchestration.

Furthermore it should show the advantages of CI/CD and automated testing at nameserver structures for implementing new updates, software or any changes which can be done on servers.

DNS Pipeline Infrastructure

Structure of the presentation:

  • Overview Old infrastructure
  • used techniques
  • Problems with old techniques

  • Short overview about what is Continuous Integration & Continuous Deployment

  • How to reach the goal – Development Steps to CI/CD
  • Developing concepts (what is a good way and what not ? )
    • which type of configuration management
    • which type of authoritative datasource for the CMDB
  • Developing the necessary processes
    • testing processes/pipeline
    • deployment strategy pipeline
  • Decision of tools (Virtualization, Automation, GUI, Testing, Routing Control )
  • Steps
    • Authoritative datasource
    • Build necessary toolstack
    • Building a staging pipeline
    • Orchestration
    • Steering the routing (Bonus)
  • Benefits after reaching the goal
    • Deployment speed (Live DEMO)
    • Rolling out new servers
    • Reliability, (Consistency, better ways to update)
    • Automated testing
    • Mitigation of attacks
    • Implementation of monitoring

Estimated duration: approximately 30 min

Primary author

Mr Christian Petrasch (DENIC eG)

Presentation materials