From 9 â 6:00
So â first step â where are we going?! All Internet communications use URLs, from browsers to API calls and these need to be resolved to IP addresses. DNS is the Internet service that translates these URLs to IP addresses; itâs a Complex system: Distributed servers must work together
So itâs a complex system â itâs own protocol â running on the internet â Distributed servers must work together. In essence consists of a hierarchy of servers hosted by different provivders that recursively search for the auth server â your DNS provider, that can translate a URL into an actual IP addrsss.
it can be a pretty significant point of vulnerability, particularly when you consider that the top eight DNS providers now control 59 percent of name resolution for the biggest Websites. So when Dyn was the target of a massive DDoS attack in 2016, the impact radius of that attack reached far beyond their own base of customers.
Local Resolvers cache (locally store) answers. DNS - local DNS --> recursive server (at ISP) which ferry's the folowing requests: --> root servers (.com, .net, etc) --> TLD (Top Level Domain) Server (top level .com to second level .mydomain.com mappings) answers with the IP of the domains "Domain Name Server" --> Authoratative Domain Name Server (returns actual IP address)
So how can DNS impact digital experienceâŠ
So now we know where weâre going⊠how do we get there⊠ISPs⊠many many ISPâŠ
BGP â which is the routing protocol of the Internet â the mechanism used to figure out how your customer gets to your front door â is notoriously fragile and vulnerable to misconfiguration or security threats. It can be used to hijack websites and services. We saw this recently when AWSâ DNS service, Route 53, was effectively hijacked using BGP. This was all part of a pretty brazen a cryptocurrency theft.
Instead of having one copy of the data in a centralized location, CDNs create copies of the same data and cache it closer to the user
Increases redundancy through load-balancing and avoids a single point of failure
Now, that whole process was just for the root object. Now we need to load the rest of the app.
The âappâ resides or is âhostedâ in a public cloud provider like AWS
It is not one big piece of code anymore â but a distributed, decentralized software architecture with smaller components.
Each of these components can reside in the same place or hosted in different places
Relies on multiple external software pieces through APIâs
For example â letâs take a airline ticketing or flight search service. APIs for looking up flights, correlating with hotels â separate service and API â payment processing services and APIs for processing payment, and a whole set of backend services for issuing tickets.
Itâs nto always DNS but when it is, we really know about it!
Itâs nto always DNS but when it is, we really know about it!