dns

Keynote: DNS Wars: Episode IV - A New Bypass

Keynote: DNS Wars: Episode IV - A New Bypass

March 4, 2020

Since commercialization and privatization of the Internet first began in the 1990's, there has been a steady push to move access side DNS (called "recursive") away …
Lightning Talk: DNS Shotgun - realistic DNS benchmarking

Lightning Talk: DNS Shotgun - realistic DNS benchmarking

March 3, 2020

We are introducing a new open-source tool for realistic DNS benchmarking - "DNS Shotgun". It can simulate real workloads on DNS resolvers in a way which allows mea …
IETF Track

IETF Track

March 2, 2020

Learn the latest about work underway in the Internet Engineering Task Force (IETF), the Internet standards body developing open standards through open processes. D …
Lightning Talk: DNS Transparency Project

Lightning Talk: DNS Transparency Project

March 1, 2020

Recent attacks on the DNS, such as those detailed in Cisco Talos' report "Sea Turtle", expose a critical lack of visibility / audit trail within the DNS hierarchy. …
Analyzing the Costs (and Benefits) of DNS, DoT, and DoH for the Modern Web

Analyzing the Costs (and Benefits) of DNS, DoT, and DoH for the Modern Web

February 29, 2020

Essentially all Internet communication relies on the Domain Name System (DNS), which first maps a human-readable Internet destination or service to an IP address b …
DNSSEC. What it is and what it isn't.

DNSSEC. What it is and what it isn't.

February 28, 2020

DNS hijacking has become a mainstream technique for subverting websites, stealing login credentials, fraud and abuse. The DNS is a complex system with many attack …
Lightning Talk: DNS Flag Day 2020

Lightning Talk: DNS Flag Day 2020

February 26, 2020

I presented on DNS Flag Day 2019 at NANOG75. The 2019 Flag Day was a success with very little disruption to production DNS services. This success has emboldened th …
DNS Flag Day and beyond - how will it affect you?

DNS Flag Day and beyond - how will it affect you?

February 25, 2020

A number of DNS software and service providers have announced that we will all cease implementing DNS resolver workarounds to accommodate DNS authoritative systems …
Best Practices and Lessons Learned for Running Kubernetes on Bare-Metal at Scale

Best Practices and Lessons Learned for Running Kubernetes on Bare-Metal at Scale

February 22, 2020

Platform9 offers a SaaS hybrid cloud solution, managing +300 cloud regions & thousands of nodes for our users, globally. Our offering is built on top of Kubernetes on bare-metal. When running Kubernet …
Fixing the performance of your (probably broken) HTTP/2 deployment

Fixing the performance of your (probably broken) HTTP/2 deployment

January 21, 2020

Patrick Meenan lets you in on how HTTP/2 prioritization is effectively broken in most deployments and shows you how to detect, debug, and fix the issues.
Which edge do you need: Managing multiple edges to deliver the next industrial revolution (sponsored by Verizon Digital Media Services)

Which edge do you need: Managing multiple edges to deliver the next industrial revolution (sponsored by Verizon Digital Media Services)

January 18, 2020

Dave Andrews sheds light on how the edge landscape has beenand is stillevolving with a look at the new class of low-latency/high-bandwidth application domains and how Verizon Digital Media Services is helping to deliver this to its customers.
Can Artificial Intelligence Secure Your Infrastructure?

Can Artificial Intelligence Secure Your Infrastructure?

January 8, 2020

While intrusion detection systems are the basis of every security aware organization and most of the network based threats have been successfully mitigated in the past; it has a major drawback. And th …
Lightning Talk: Is Your Kubernetes Cluster's DNS Working?

Lightning Talk: Is Your Kubernetes Cluster's DNS Working?

December 23, 2019

Your Kubernetes cluster is gaining traction and more and more developers are bringing up new services. Thats great news. But youve been getting reports of intermittent service failures that you have …
Kubernetes at Cruise: Two Years of Multitenancy

Kubernetes at Cruise: Two Years of Multitenancy

December 22, 2019

Cruise has been working on self-driving cars for six years and growing exponentially for most of that time. Two years ago they started using Kubernetes, betting on namespace-level multitenancy to prov …
Masquerading malicious DNS traffic

Masquerading malicious DNS traffic

December 22, 2019

Malicious DNS traffic patterns are inconsistent and typically thwart anomaly detection. David Rodriguez explains how Cisco uses Apache Spark and Stripes Bayesian inference software, Rainier, to fit the underlying time series distribution for millions of domains and outlines techniques to identify artificial traffic volumes related to spam, malvertising, and botnets (masquerading traffic).
CAP_NET_RAW and ARP Spoofing in Your Cluster: It's Going Downhill From Here

CAP_NET_RAW and ARP Spoofing in Your Cluster: It's Going Downhill From Here

December 18, 2019

Did you know that by default, your applications running in Kubernetes can open raw network sockets? This talk demonstrates how, in the right circumstances, the CAP_NET_RAW capability that allows this …
Rethinking the K8s DNS for the Modern Enterprise

Rethinking the K8s DNS for the Modern Enterprise

December 18, 2019

The Domain Name System (DNS) is the component that provides the most vital piece of information for one to locate and communicate with services running in a Kubernetes cluster. This technology provide …
10 Weird Ways to Blow Up Your Kubernetes

10 Weird Ways to Blow Up Your Kubernetes

December 15, 2019

Its a brand new world in infrastructure with the advent of microservices, containerization, Kubernetes, and service mesh. And all is well. Or is it? Find out how easy it is to break container runtime …
Serverless content delivery (a.k.a. Livin' on the edge)

Serverless content delivery (a.k.a. Livin' on the edge)

December 15, 2019

The lines between static and dynamic content are blurred, and its more difficult than ever to choose the right technologies for your requirements and budget. John Chapin takes you on a step-by-step journey from hosting static content on AWS S3 to deploying dynamic, complex business logic mere milliseconds away from your users with AWS CloudFront, Lambda@Edge, and more.
Service Discovery With Hybrid and Multi-Cloud: Introduction to CoreDNS

Service Discovery With Hybrid and Multi-Cloud: Introduction to CoreDNS

December 14, 2019

CoreDNS is a flexible and extensible DNS server with a focus on service discovery. While best known for its ability to serve as the cluster DNS of Kubernetes, CoreDNS is also capable of service discov …
CoreDNS Deep Dive

CoreDNS Deep Dive

November 29, 2019

A close look at the CoreDNS extension points for developers. Learn how to customize build custom DNS applications based on CoreDNS, including: * Building a custom CoreDNS binary that includes external …
Tutorial: Debug Your Kubernetes Apps

Tutorial: Debug Your Kubernetes Apps

November 26, 2019

Please bring your laptop fully charged as we will have limited charging stations available in the room.Your Kubernetes application is running well, and then all of a sudden the service stops respondin …
CoreDNS: Beyond the Basics

CoreDNS: Beyond the Basics

November 22, 2019

This session will cover aspects of CoreDNS's configuration beyond the basics, including signing DNS data with DNSSEC, supporting DNS over TLS (DoT), manipulating queries and responses, managing zone d …
Tinder's Move to Kubernetes

Tinder's Move to Kubernetes

November 21, 2019

Almost 2 years ago, Tinder decided to move its platform to Kubernetes. Kubernetes afforded us an opportunity to drive Tinder Engineering toward containerization and low-touch operation through immutab …
Intro: CoreDNS

Intro: CoreDNS

November 13, 2019

CoreDNS is a flexible and extensible DNS server with a focus on service discovery. Best known for its ability to serve as the cluster DNS of Kubernetes, CoreDNS is now the default DNS and part of the …
Inside the CNCF Project Security Reviews

Inside the CNCF Project Security Reviews

November 2, 2019

Last year the CNCF started funding security reviews for its projects. This talk examines the review process from the inside and looks at the outcomes and lessons from the reviews that have been perfor …
Deep Dive: CoreDNS

Deep Dive: CoreDNS

November 1, 2019

CoreDNS is a flexible and extensible DNS server with a focus on service discovery. It is written in Go and has a unique plugin-based architecture. This means CoreDNS could be easily extended with cust …
Reinventing Networking: A Deep Dive into Istio's Multicluster Gateways

Reinventing Networking: A Deep Dive into Istio's Multicluster Gateways

October 31, 2019

Service mesh software is challenging the current networking state of the art. With Istios gateways technology, it is possible to connect large numbers of Kubernetes clusters. Connectivity between clo …