adeptima | 0 comments | 2 weeks ago
There are many more dark secrets of DNS packets. Especially, in the context of internet providers and censorship industry - DNS Filtering, DNS Spoofing/Poisoning, Blocking Public DNS, etc
makiniq0z | 2 comments | 2 weeks ago
Instead of running local resolvers for caching, they should have used nscd DNS cache to decrease the volume of queries from those machines running the logs tasks. nscd is not designed for that, but is long known to have this best-use practice:
https://prefetch.net/blog/2011/03/27/configuring-nscd-to-cac...
ahoka | 1 comment | 2 weeks ago
Doesn’t systemd-resolved do this by default now, so this is a non-issue?
placatedmayhem | 0 comments | 2 weeks ago
Yes. Also, nscd is irrelevant in at least a few ecosystems. Java and (I think) Go try to do their own resolving instead of using libc. Java's resolver, in particular, is braindead in the default configuration: infinite record caching, ignoring TTLs.
systemd-resolved solves this, as does running unbound or similar as a local cache.
factormeta | 1 comment | 2 weeks ago
Yeah but then they not going to have a fancy blog about how they hit the AWS traffic limit to VPC resolver! Now days a tech blog like this is gonna be good tech PR for the company.
bux93 | 1 comment | 2 weeks ago
This kind of blog is mainly to give potential hires an insight into the day-to-day goings on of their prospective employer.
This blog doesn't make any sense whatsoever, encouraging people with low skills to apply.
emushack | 0 comments | 2 weeks ago
That's... quite the interpretation. Do you really think that Stripe's intention is to "encourage people with low skills to apply" by writing a blog post about monitoring DNS?
dougifresh94 | 0 comments | 2 weeks ago
AWS natively provides this (1024 PPS) as a metric (‘ linklocal_allowance_exceeded’) via eth tool, which is automatically scraped by most Observability stacks. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitori...
mattrighetti | 0 comments | 2 weeks ago
Another super interesting article that talks about DNS and how it’s used at Spotify [0] (or was used in 2013)
[0]: https://engineering.atspotify.com/2013/02/in-praise-of-borin...
aeden | 0 comments | 2 weeks ago
I'd love to see an update of this for how things look in 2024.
morgansolis | 0 comments | 2 weeks ago
As an experienced developer, I would like to know: In the context of optimizing DNS resolution for latency-sensitive applications, what specific strategies or configurations does Stripe recommend implementing based on the insights from the blog post, and how do these strategies compare to traditional DNS setups in terms of performance and reliability?
tetnis | 2 comments | 2 weeks ago
What is with the trend of making stupid ass titles to explain some small tech issue?
CyberDildonics | 0 comments | 2 weeks ago
What is the trend called? Hacker news.
msdundarss | 0 comments | 2 weeks ago
I really wonder the profit margin you are targetting with the current pricing.
akira2501 | 1 comment | 2 weeks ago
> We realized we may be hitting the AWS limit for how much traffic can be sent to a VPC resolver
Never rely on an AWS service until you've understood it's quotas. They are reliable services, but to maintain that standard, they have to impose limits at many different levels of the plane. There are some good "quota surprises" tucked away in there.