Alibaba Cloud DNS Practice ICANN64 TechDay - - PowerPoint PPT Presentation

alibaba cloud dns practice
SMART_READER_LITE
LIVE PREVIEW

Alibaba Cloud DNS Practice ICANN64 TechDay - - PowerPoint PPT Presentation

Mar 29, 2023 441 likes •605 views

Alibaba Cloud DNS Practice ICANN64 TechDay guochuan.gc@alibaba-inc.com introduction Who we are Alibaba Cloud DNS team (Managed DNS/Cloud DNS/DNS service provider?) What we do? SLD Authoritative Sever / Local Resolver Server /

slide-1
SLIDE 1

Alibaba Cloud DNS Practice

ICANN64 TechDay

guochuan.gc@alibaba-inc.com

slide-2
SLIDE 2

introduction

  • Who we are?
  • Alibaba Cloud DNS team (Managed DNS/Cloud

DNS/DNS service provider?)

  • What we do?
  • SLD Authoritative Sever / Local Resolver Server /

Public Resolver Server …

slide-3
SLIDE 3

authoritative server

  • How many SLDs in our cloud DNS?14+ millions
  • How many query per day?160+ billions
  • How many security attack?everyday
slide-4
SLIDE 4

goals

  • Stable, e.g. provide SLA service
  • Fast, e.g. user data distribution / client user query
  • Safe, e.g. user login / network attack
  • Customize, e.g. private zone / weighted records
slide-5
SLIDE 5

fast

Managed DNS System Client Data Distributed System DB pop pop pop

Interface Traffic Manage System Uniform Login System

Internet Users

submit configuration dig out the result

1s

key point

slide-6
SLIDE 6

fast

Managed DNS System Client Data Distributed System DB pop pop pop

Interface Traffic Manage System Uniform Login System

Internet Users

  • 1. dpdk-based servers
  • 2. anycast architecture
slide-7
SLIDE 7

stable

Managed DNS System Client Data Distributed System DB pop pop pop

Interface Traffic Manage System Uniform Login System

Internet Users

  • 1. disaster recovery &

backup system

  • 2. cluster management

1)disaster recovery 2)data consistency

slide-8
SLIDE 8

safe

Managed DNS System Client Data Distributed System DB pop pop pop

Interface Traffic Manage System

Internet Users

Uniform Login System

security

  • 1. login system
  • 2. configuration modify
  • 3. interface traffic
slide-9
SLIDE 9

a customize example: weighted A

dns server

weight web.domain A x.x.x.x 2 y.y.y.y 1

Client

1 2 3

web.domain x.x.x.x

dns server

Client

web.domain x.x.x.x

dns server

Client

web.domain y.y.y.y

three times query, there will be 2/3 return x.x.x.x, 1/3 return y.y.y.y

slide-10
SLIDE 10

local resolver

cache + forwarder cache + forwarder cache + forwarder configure distribution system … … anycast cluster in every data center kernel module as cache for performance custom configuration for example PVT zone(Virtual Private Cloud) data center A data center B data center C

slide-11
SLIDE 11

public resolver

cache + forwarder cache + forwarder cache + forwarder cluster management system 223.5.5.5/223.6.6.6 custom configuration for example PVT zone(Virtual Private Cloud) … …

slide-12
SLIDE 12

dns in private cloud

DNSAPI etcd etcd etcd server server DNSAPI

raft raft raft

agent

agent

stateless api etcd cluster anycast servers

slide-13
SLIDE 13

in the future…

  • DoH + DNSSec are security?
  • What will be the next killer app?

client user+https client httpsserver+dnssec client dnssec server email system world wide web what's next?

slide-14
SLIDE 14

Thank you!