Overcoming DNS barriers for Kubernetes Scaling

It was a cloudy winter morning when I had arrived at the office and found, to our horror, that a Kubernetes cluster was suffering from extremely high CPU and network usage and had become almost completely non-functional. To make things worse, restarting the nodes (the go-to DevOp solution), seemed to have absolutely no effect on the issue. Something was poisoning the network and we had to find out what it was and fast.


Avoid DNS Outages: Decrease Downtime with DNS Monitoring

Cloudflare, Amazon, Microsoft, and Google are some of the largest managed Domain Name Server (DNS) service providers in the world. They are also just a few of the many DNS providers that have struggled with DNS outages. In fact, Cloudflare had an outage earlier this year due to a bad software deployment.


DNS Rebinding: A Frightening Attack Vector with Spooky Security Impacts

One of the greatest misconceptions about online safety is that home networks are somehow private. Unfortunately, this hasn’t been true since around the turn of the century when we started filling our home networks with Internet-connected boxes serving local web pages. The problem is that web browsers typically make little distinction between web sites on the public internet versus those on a home or office network.


Top 10 DNS Monitoring Tools

Monitoring is a fundamental component for building observable IT infrastructure and applications, no matter how your services are structured. By adding a domain to a DNS (domain name system) provider’s name servers, you’re defining those servers as authoritative for any queries coming into your domain. DNS is a crucial aspect of network performance and can show the responsiveness between authoritative name servers and recursive name servers (essentially end-users).


DNS Lookup Explained

The Domain Name System, DNS for short, is one of the most important protocols on the internet, and yet relatively few people understand its purpose. DNS is a protocol which governs how computers exchange data online. Its purpose, simply stated, is to match names with numbers, helping to convert memorable domain names (such as statuscake.com), into an IP address (such as that your browser can use.


Monitor CoreDNS with Datadog

CoreDNS is a DNS server that can also provide service discovery for microservice-based applications. It’s the default DNS server in Kubernetes, providing name resolution and service discovery for the services operating in the cluster. CoreDNS is easily customizable, so you can define how it should act on each request beyond simply executing a DNS lookup.


Dolos DNS Rebinder: What You Need to Know

Although DNS rebinding attacks have been known for over a decade now, they are only recently receiving attention as a practical attack surface. In the last year, quite a few popular products have been shown to lack DNS rebinding protections, and as a result, someone could operate them remotely using a malicious web site. Manufacturers have made a habit of giving consumers connected devices that are controlled by unauthenticated HTTP requests via the local network.


DNSSEC Basics and How to Set Up DNS Security Extensions

We’ve mentioned security and DNSSEC in a few different places in this series, but we wanted to give DNSSEC basics proper attention as we put together our final post on DNS. Due to the nature of DNS, it’s just not secure on its own. When the DNS protocol was first written, the internet was much smaller, and users were less concerned with security. Since then that’s changed significantly, and while DNSSEC has been around for almost 10 years adoption is far from universal.


How to avoid these common DNS Mistakes

Now that we’ve laid out some best practices, this week we wanted to talk about some common DNS mistakes we see many companies make when it comes to their hostname and authoritative DNS. Some of them may seem obvious because they ignore many of the best practices we’ve discussed previously, but we still want to touch on them so we can offer solutions for as many use cases as possible.