spotify’s love/hate relationship with dns · dns@spotify — $ dig +short...

Spotify’s Love/Hate Relationship with DNS

Lynn Root | SRE | @roguelynn

$ whoami

why we love DNS

• It’s boring • Stable query language • Free caching • Service discovery

agenda—

agenda

• Our infrastructure • Our DNS curiosities • What we’ve learned • Future of DNS @ Spotify

Our Infrastructure—

DNS@Spotify—

Record Generation & Deployment—

/msg #sre DNS DEPLOY!

DNS@Spotify—

Service Discovery—

DNS@Spotify—

Namelessservices.spotify.net

Monitoring—

DNS@Spotify—

Global Server Load Balancing—

Responding to the DynDNS attack—

Response to DynDNS attack

• Monitoring dashboards & VPN were inaccessible • Internal SSO login inaccessible • Pagerduty also affected

• Couldn’t easily access DNS data repo • 3-year-old manual deployment documentation

• Internal services ➡ removed GSLB mapping • Spotify clients ➡ Route53 • Websites ➡ Route53

Our DNS Curiosities—

Client Error Reporting—

DNS@Spotify—

DHT Ring—

DNS@Spotify—

lon6-storage-a5678.lon6.spotify.net:1234

tracks.1234.lon6-storage-a5678.lon6.spotify.net

Microservice lookups—

DNS@Spotify—

$ dig +short dnsresolver.roles.lon6.spotify.net

10.1.2.3

10.4.5.6

10.7.8.9

$ dig +short -t PTR dnsresolver.roles.ash2.spotify.net

ash2-dnsresolver-a1337.ash2.spotify.net.

DNS@Spotify—

$ dig +short dnsresolver.roles.lon6.spotify.net

10.1.2.3

10.4.5.6

10.7.8.9

$ dig +short -t PTR dnsresolver.roles.lon6.spotify.net

lon6-dnsresolver-a1337.lon6.spotify.net.

What we’ve learned—

Differences in Linux distros—

Scaling is hard—

Dropped Responses—

Docker—

The future of DNS @ Spotify—

Ephemerality—

DNS@Spotify—

• On-premise infrastructure • Leveraging DNS beyond its intentions • It’s always DNS • Handing off the responsibility

thanks!

Lynn Root | SRE | @roguelynn

spotify’s love/hate relationship with dns · dns@spotify — $ dig +short...

Documents

strenthening your external dns external dns overview dns...

dns: edgecast route - technical dns service overview

dns for dummies ebook amazon | dns

usenix | the advanced computing systems association · dns,...

dns and troubleshooting dns issues in linux

digright park-n-dig dig strong. dig fast. dig right. dig...

securing dns: doing dns as if dns actually...

negative caching of dns records...dig asdsadas.google.com...

domain name system. contents definitions. dns naming...

dns dns overview dns operation dns zones. dns overview name...

dns ile alakalı diyer kelimeler · dns failover 1300 0,36...

dns 103: dns performance and security

monitor windows dns server using dns analytics … ·...

networking:! udp&!dns! · 2018-06-27 · root dns servers...

digright park-n-dig dig strong. dig fast. dig right. dig

dns security pacific it pros nov. 5, 2013. topics dos...

networking:! udp&!dns! · root dns servers com dns servers...

overview - twnic · overview • dns protocol overview •...

module 4: dns as a solution for name resolution. overview...

dns session 2: dns cache operation and dns...