Anycast has proven to be an effective mechanism to
enhance resilience in the DNS ecosystem and for scaling DNS
nameserver capacity, both in authoritative and the recursive
resolver infrastructure. Since its adoption for root servers,
anycast has mitigated the impact of failures and DDoS attacks
on the DNS ecosystem. In this work, we quantify the adoption
of anycast to support...
The Domain Name System (DNS) has been frequently abused for distributed denial-of-service (DDoS) attacks and cache poisoning because it relies on the User Datagram Protocol (UDP). Since UDP is connection-less, it is trivial for an attacker to spoof the source of a DNS query or response. While other secure transport mechanisms provide identity management, such as the Transmission Control...
Attacks against DNS have long plagued the Internet, requiring continual investigation and vigilance to prevent the abuse of this critical infrastructure. In recent years, the severity of DNS hijacking has motivated renewed interest in developing more robust defenses. The size, dynamism, and diversity of the DNS ecosystem present nontrivial challenges to crafting an effective and scalable...
On September 30th 2021, Slack had an outage that impacted less than 1% of our online user base, and lasted for 24 hours. This outage was the result of our attempt to enable DNSSEC, but which ultimately led to a series of unfortunate events.
On this talk we'll cover our DNSSEC rollout to all Slack critical domains and the three failed attempts to enable DNSSEC on slack.com – doing a deep...
