DOCSLIB.ORG

PDF Document

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
PDF Document dnsdist PowerDNS.COM BV Sep 30, 2021 CONTENTS 1 dnsdist Overview 1 1.1 Running dnsdist...........................................1 1.2 Questions, requests or comments?..................................1 2 Installing dnsdist 3 2.1 Installing from Packages.......................................3 2.1.1 Debian............................................3 2.1.2 Red Hat...........................................3 2.1.3 FreeBSD..........................................3 2.2 Installing from Source........................................3 2.2.1 From tarball.........................................4 2.2.2 From git...........................................4 2.2.3 OS Specific Instructions..................................5 3 Quickstart Guide 7 3.1 Running in the Foreground......................................7 3.2 dnsdist Console and Configuration................................7 3.2.1 Changing Server Settings..................................8 3.3 Restricting Access..........................................9 3.4 More Information..........................................9 4 Running and Configuring dnsdist 11 4.1 Running as unprivileged user.................................... 11 4.2 Understanding how queries are forwarded to backends....................... 11 5 Packet Policies 13 5.1 Packet Actions............................................ 13 5.1.1 Examples.......................................... 13 5.2 Rule Generators........................................... 14 5.3 Managing Rules........................................... 15 5.4 Matching Packets (Selectors).................................... 19 5.4.1 Combining Rules...................................... 24 5.4.2 Convenience Functions................................... 25 5.5 Actions................................................ 25 6 Statistics 39 6.1 acl-drops............................................... 39 6.2 cache-hits............................................... 39 6.3 cache-misses............................................. 39 6.4 cpu-iowait.............................................. 39 6.5 cpu-steal............................................... 40 6.6 cpu-sys-msec............................................. 40 6.7 cpu-user-msec............................................ 40 6.8 doh-query-pipe-full.......................................... 40 6.9 doh-response-pipe-full........................................ 40 i 6.10 downstream-send-errors....................................... 40 6.11 downstream-timeouts......................................... 40 6.12 dyn-block-nmg-size......................................... 40 6.13 dyn-blocked............................................. 40 6.14 empty-queries............................................ 40 6.15 fd-usage............................................... 41 6.16 frontend-noerror........................................... 41 6.17 frontend-nxdomain.......................................... 41 6.18 frontend-servfail........................................... 41 6.19 latency-avg100............................................ 41 6.20 latency-avg1000........................................... 41 6.21 latency-avg10000........................................... 41 6.22 latency-avg1000000......................................... 41 6.23 latency-slow............................................. 41 6.24 latency-sum.............................................. 41 6.25 latency-count............................................. 42 6.26 latency-bucket............................................ 42 6.27 latency0-1.............................................. 42 6.28 latency1-10.............................................. 42 6.29 latency10-50............................................. 42 6.30 latency50-100............................................ 42 6.31 latency100-1000........................................... 42 6.32 no-policy............................................... 42 6.33 noncompliant-queries........................................ 42 6.34 noncompliant-responses....................................... 42 6.35 proxy-protocol-invalid........................................ 43 6.36 queries................................................ 43 6.37 rdqueries............................................... 43 6.38 real-memory-usage.......................................... 43 6.39 responses............................................... 43 6.40 rule-drop............................................... 43 6.41 rule-nxdomain............................................ 43 6.42 rule-refused.............................................. 43 6.43 rule-servfail.............................................. 43 6.44 rule-truncated............................................. 43 6.45 security-status............................................ 44 6.46 self-answered............................................. 44 6.47 servfail-responses.......................................... 44 6.48 tcp-listen-overflows......................................... 44 6.49 trunc-failures............................................. 44 6.50 udp-in-errors............................................. 44 6.51 udp-noport-errors........................................... 44 6.52 udp-recvbuf-errors.......................................... 44 6.53 udp-sndbuf-errors.......................................... 45 6.54 uptime................................................ 45 7 Caching Responses 47 8 Exporting statistics via Carbon 49 8.1 Setting up a carbon export...................................... 49 8.2 Query counters............................................ 49 9 Working with the dnsdist Console 51 10 DNS-over-HTTPS (DoH) 53 10.1 Incoming............................................... 53 10.1.1 Custom responses...................................... 54 10.1.2 DNS over HTTP...................................... 54 10.1.3 Internal design....................................... 54 ii 10.1.4 Investigating issues..................................... 55 10.2 Outgoing............................................... 55 10.2.1 Internal design....................................... 55 11 DNS-over-TLS 57 11.1 Incoming............................................... 57 11.2 Outgoing............................................... 57 11.3 Investigating issues.......................................... 58 12 DNSCrypt 59 13 Configuring Downstream Servers 61 13.1 Healthcheck............................................. 61 13.2 Source address selection....................................... 62 13.3 Securing the channel......................................... 62 14 Dynamic Rule Generation 63 14.1 DynBlockRulesGroup........................................ 63 15 Guides 65 15.1 Built-in webserver.......................................... 65 15.1.1 Security of the Webserver.................................. 65 15.1.2 dnsdist API......................................... 65 15.2 Server pools............................................. 74 15.3 Loadbalancing and Server Policies.................................. 75 15.3.1 Built-in Policies....................................... 75 15.3.2 Lua server policies..................................... 77 15.3.3 ServerPolicy Objects.................................... 78 15.3.4 Functions.......................................... 78 16 Advanced Topics 81 16.1 Access Control............................................ 81 16.1.1 Listening on different addresses.............................. 81 16.1.2 Modifying the ACL..................................... 82 16.2 Passing the source address to the backend.............................. 82 16.2.1 Using EDNS Client Subnet................................. 82 16.2.2 X-Proxied-For........................................ 83 16.2.3 Proxy Protocol....................................... 83 16.2.4 Influence on caching.................................... 84 16.3 TeeAction: copy the DNS traffic stream............................... 84 16.4 Lua actions in rules.......................................... 85 16.5 Runtime-modifiable IP address sets................................. 85 16.6 Rules for traffic exceeding QPS limits................................ 86 16.7 eBPF Socket Filtering........................................ 86 16.8 Performance Tuning......................................... 88 16.8.1 UDP and incoming DNS over HTTPS........................... 88 16.8.2 Outgoing DoH....................................... 90 16.8.3 TCP and DNS over TLS.................................. 91 16.8.4 Rules and Lua........................................ 92 16.8.5 Lock contention and sharding............................... 92 16.8.6 Memory usage....................................... 93 16.9 SNMP support............................................ 93 16.10 AXFR, IXFR and NOTIFY..................................... 106 16.11 Running multiple instances..................................... 107 16.11.1 Using systemd....................................... 107 16.12 Out-of-order............................................. 107 16.13 OCSP Stapling............................................ 107 16.13.1 Local PKI.......................................... 108 16.13.2 Certificate signed by an external authority......................... 108 iii 16.13.3 Testing........................................... 109 16.14 TLS Sessions Management..................................... 109 16.14.1 TLS sessions........................................ 109 16.14.2 Keys management for incoming connections in dnsdist.................. 110 16.14.3 Content
Load more

Recommended publications
  • Ispconfig 3 Manual]
    [ISPConfig 3 Manual] ISPConfig 3 Manual Version 1.0 for ISPConfig 3.0.3 Author: Falko Timme <[email protected]> Last edited 09/30/2010 1 The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed form for your personal use. All rights reserved. This copy was issued to: Thomas CARTER - [email protected] - Date: 2010-11-20 [ISPConfig 3 Manual] ISPConfig 3 is an open source hosting control panel for Linux and is capable of managing multiple servers from one control panel. ISPConfig 3 is licensed under BSD license. Managed Services and Features • Manage one or more servers from one control panel (multiserver management) • Different permission levels (administrators, resellers and clients) + email user level provided by a roundcube plugin for ISPConfig • Httpd (virtual hosts, domain- and IP-based) • FTP, SFTP, SCP • WebDAV • DNS (A, AAAA, ALIAS, CNAME, HINFO, MX, NS, PTR, RP, SRV, TXT records) • POP3, IMAP • Email autoresponder • Server-based mail filtering • Advanced email spamfilter and antivirus filter • MySQL client-databases • Webalizer and/or AWStats statistics • Harddisk quota • Mail quota • Traffic limits and statistics • IP addresses 2 The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by any process (electronic or otherwise) without the written specific consent of projektfarm GmbH.
    [Show full text]
  • To the Members of the Senate Judiciary Committee: We, The
    To the members of the Senate Judiciary Committee: We, the undersigned, have played various parts in building a network called the Internet. We wrote and debugged the software; we defined the standards and protocols that talk over that network. Many of us invented parts of it. We're just a little proud of the social and economic benefits that our project, the Internet, has brought with it. We are writing to oppose the Committee's proposed new Internet censorship and copyright bill. If enacted, this legislation will risk fragmenting the Internet's global domain name system (DNS ), create an environment of tremendous fear and uncertainty for technological innovation, and seriously harm the credibility of the United States in its role as a steward of key Internet infrastructure. In exchange for this, the bill will introduce censorship that will simultaneously be circumvented by deliberate infringers while hampering innocent parties' ability to communicate. All censorship schemes impact speech beyond the category they were intended to restrict, but this bill will be particularly egregious in that regard because it causes entire domains to vanish from the Web, not just infringing pages or files. Worse, an incredible range of useful, law-abiding sites can be blacklisted under this bill. These problems will be enough to ensure that alternative name-lookup infrastructures will come into widespread use, outside the control of US service providers but easily used by American citizens. Errors and divergences will appear between these new services and the current global DNS, and contradictory addresses will confuse browsers and frustrate the people using them.
    [Show full text]
  • Storm Clouds Platform: a Cloud Computing Platform for Smart City Applications
    RESEARCH ARTICLE Storm Clouds Platform: a cloud computing platform for smart city applications Marco Battarra, Marco Consonni*, Samuele De Domenico and Andrea Milani Hewlett Packard Italiana S.R.L., 9, Via Di Vittorio Giuseppe – 20063 Cernusco Sul Naviglio, Italy Abstract: This paper describes our work on STORM CLOUDS[1], a project with the main objective of migrating smart-city services, that Public Authorities (PAs) currently provided using traditional Information Technology, to a cloud-based environment. Our organization was in charge of finding the technical solutions, so we designed and im- plemented a cloud computing solution called Storm Clouds Platform (SCP), for that purpose. In principle, the applica- tions we ported could run on a public-cloud service, like Amazon Web ServicesTM[2] or Microsoft® Azure[3], that pro- vide computational resources on a pay-per-use paradigm. However, these solutions have disadvantages due to their proprietary nature: vendor lock-in is one of the issues but other serious problems are related to the lack of full control on how data and applications are processed in the cloud. As an example, when using a public cloud, the users of the cloud services have very little control on the location where applications run and data are stored, if there is any. This is identi- fied as one of the most important obstacles in cloud computing adoption, particularly in applications manage personal data and the application provider has legal obligation of preserving end user privacy[4]. This paper explains how we faced the problem and the solutions we found. We designed a cloud computing platform — completely based on open-software components — that can be used for either implementing private clouds or for porting applications to public clouds.
    [Show full text]
  • Domain Name Server Comparison
    DomainNameServerComparison: BIND8vs.BIND9vs.djbdnsvs.??? BradKnowles SeniorConsultantforSnow,BV [email protected] http://www.shub-internet.org/brad/papers/dnscomparison/ Entirecontentscopyright©2003byBradKnowles,allrightsreserved Overview • Meta Information • TLD Survey Results • Software – Installation – Features – Performance • Conclusions 2003-01-28 Copyright©2003byBradKnowles 2 MetaInformation • Hardware Used • Software Used • Methodology 2003-01-28 Copyright©2003byBradKnowles 3 HardwareUsed • TLD Survey – OS: BSD/OS 4.2 – CPU: Pentium III – RAM: 512MB real, 1.0GB virtual 2003-01-28 Copyright©2003byBradKnowles 4 HardwareUsed • Performance Testing – Compaq Armada 4131T Laptop • OS: FreeBSD 4.6.2-RELEASE • CPU: Pentium 133 • RAM: 48MB real, 384MB virtual • NICs: Asanté FriendlyNET AL1011 “Prism2” 802.11b WiFi PC Card & Linksys EtherFast 10/100 PC Card (PCM100) • HD: 10GB IBM Travelstar 20GN – 4200 RPM – 12ms avg. seek 2003-01-28 Copyright©2003byBradKnowles 5 HardwareUsed: PerformanceTesting Image copyright © 2001 Sunset Computer Services, Inc. All Rights Reserved. 2003-01-28 Copyright©2003byBradKnowles 6 SoftwareUsed • ISC – BIND 8.3.3-REL – BIND 9.2.2rc1 • djbdns 1.05 – daemontools 0.76 – ucpsi-tcp 0.88 – tinydns-bent 1.1 • nsd 1.02b1 • Nominum – ANS (Authoritative Name Server) 2.0.1-1eval – CNS (Caching Name Server) 1.1.0b1 • PowerDNS 2.9.4 2003-01-28 Copyright©2003byBradKnowles 7 SomeSoftwareConsidered • QuickDNS (authoritative) – See <http://www.menandmice.com/2000/2600_isp_dns_solution.html> • Aimed at small-to-medium size businesses,
    [Show full text]
  • Sirdom. Sistema Para La Gestión Del Servicio De Resolución De Nombres De Dominios
    Revista de investigación Editada por Área de Innovación y Desarrollo, S.L. Envío: 27-01-2013 Aceptación: 30-01-2013 Publicación: 19-02-2013 SIRDOM. SISTEMA PARA LA GESTIÓN DEL SERVICIO DE RESOLUCIÓN DE NOMBRES DE DOMINIOS SIRDOM. MANAGEMENT SYSTEM FOR THE RESOLUTION NAMES DOMAINS SERVICE. Yoedusvany Hernández Mendoza1 Yordanis Arencibia López2 Yankier Crespo González3 1. Máster, Ingeniero Informático. Profesor del Departamento de Redes, UNICA. 2. Máster, Ingeniero Informático. Profesor del Departamento de Redes, UNICA. 3. Máster, Ingeniero Informático. Profesor del Departamento de Redes, UNICA. RESUMEN Este artículo presenta un estudio del comportamiento del servicio DNS, su funcionamiento, herramientas y por último se propone un sistema informático que permite configurar y gestionar dicho servicio a través de una serie de prestaciones y facilidades que las aplicaciones actuales no posibilitan. Este sistema permitirá gestionar el servicio de resolución de nombres de dominio sobre BIND en su versión 9. ABSTRACT This paper presents a study of the behavior of DNS, its operating principle, tools and finally proposes a computer system to configure and manage this service through a number of benefits and facilities that do not allow current applications. This system will manage the service of domain name resolution on BIND version 9. PALABRAS CLAVE Bind, DNS, dominio, resolución, sistema. KEYWORDS Bind, DNS, domain, resolution, system. SIRDOM. SISTEMA PARA LA GESTIÓN DEL SERVICIO DE RESOLUCIÓN DE NOMBRES DE DOMINIOS DE NOMBRES DE RESOLUCIÓN DE SERVICIO DEL GESTIÓN LA PARA SISTEMA SIRDOM. 2 INTRODUCCIÓN Las diferentes instituciones y organizaciones, siendo los centros educacionales unos de los principales, han tenido que cambiar sus esquemas tradicionales para adaptarse a la actual era de la información.
    [Show full text]
  • Powerdns Offerings ­ Version Current As of November 2012 ● Remotely Pollable Statistics for Real Time Graphing ● High Performance ● SNMP Statistics Bridge (Read Only)
    Products, Features & Services PowerDNS PowerDNS, founded in the late 1990s, is a premier supplier of DNS software, services and support. Deployed throughout the world with some of the most demanding users of DNS, we pride ourselves on quality software and the very best support available. PowerDNS customers include leading telecommunications service providers, large scale integrators, content distribution networks, cable networks / multi service operators and Fortune 500 software companies. In various important markets, like Scandinavia, Germany and The Netherlands, PowerDNS is the number one supplier of nameserver software. PowerDNS is based in The Netherlands, Europe and is privately held. Products Authoritative Server The PowerDNS Authoritative Server is the only solution that enables authoritative DNS service from all major databases, including but not limited to MySQL, PostgreSQL, SQLite3, Oracle, Sybase, Microsoft SQL Server, LDAP and plain text files. DNS answers can also be fully scripted using a variety of (scripting) languages like for example Lua, Java, Perl, Python, Ruby, C and C++. Such scripting can be used for dynamic redirection, (spam)filtering or real time intervention. In addition, the PowerDNS Authoritative Server is the leading DNSSEC implementation, hosting the majority of all DNSSEC domains worldwide. The Authoritative Server hosts at least 30% of all domain names in Europe, and around 90% of all DNSSEC domains in Europe. Recursor The PowerDNS Recursor is a high­end, high­performance resolving name server which powers the DNS resolution of at least a hundred million subscribers. Utilizing multiple processors and supporting the same powerful scripting ability of the Authoritative Server, the Recursor delivers top performance while retaining the flexibility modern DNS deployments require.
    [Show full text]
  • AIT Haproxy.Key
    HEIG-VD | TIC – Technologies de l’Information et de la Communication HAProxy (C) 2015 Marcel Graf HEIG-VD | TIC – Technologies de l’Information et de la Communication HAProxy ■ HAProxy (High Availability Proxy) is a load balancer implemented in software ■ Available as Open Source (GPL/LGPL license) (http://www.haproxy.org) ■ Available as commercial product (http://www.haproxy.com) ■ Also available as appliance: ALOHA ■ Runs on FreeBSD, Linux, OpenBSD and Solaris ■ Written by Willy Tarreau in 2000 ■ Willy is the maintainer of the Linux 2.4 kernel ■ Lives in Fontenay aux Roses ■ Used by high-profile websites: GitHub, Bitbucket, Stack Overflow, Reddit, Tumblr, Twitter 2 Administration IT | HAProxy | Année 2015/16 (C) 2015 Marcel Graf HEIG-VD | TIC – Technologies de l’Information et de la Communication HAProxy Features ■ HAProxy can be used for ■ Load balancing on TCP layer and HTTP layer ■ Normalization / filtering of TCP and HTTP traffic ■ HTTP rewriting ■ SSL offloading ■ HTTP compression offloading ■ Traffic regulation ■ Protection against DDoS and service abuse ■ … 3 Administration IT | HAProxy | Année 2015/16 (C) 2015 Marcel Graf HEIG-VD | TIC – Technologies de l’Information et de la Communication HAProxy operations ■ Health checks ■ HAProxy periodically sends probes to servers to check if they are still operational. A probe can be superficial or go deeper: ■ ping to server’s IP address (TCP mode) ■ TCP connection to server’s HTTP port (TCP mode) ■ HTTP request to server (HTTP mode) ■ Based on health checks HAProxy sets a server’s state to UP or DOWN ■ Server administrative state ■ The administrator can set a server into one of three administrative states ■ READY — Server is in normal mode, accepting requests ■ DRAIN — Removes server from load balancing, but still allows it to be health-checked and accept new persistent connections.
    [Show full text]
  • Cloud Onload Haproxy Cookbook
    Cloud Onload® HAProxy Cookbook The information disclosed to you hereunder (the “Materials”) is provided solely for the selection and use of Xilinx products. To the maximum extent permitted by applicable law: (1) Materials are made available "AS IS" and with all faults, Xilinx hereby DISCLAIMS ALL WARRANTIES AND CONDITIONS, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, OR FITNESS FOR ANY PARTICULAR PURPOSE; and (2) Xilinx shall not be liable (whether in contract or tort, including negligence, or under any other theory of liability) for any loss or damage of any kind or nature related to, arising under, or in connection with, the Materials (including your use of the Materials), including for any direct, indirect, special, incidental, or consequential loss or damage (including loss of data, profits, goodwill, or any type of loss or damage suffered as a result of any action brought by a third party) even if such damage or loss was reasonably foreseeable or Xilinx had been advised of the possibility of the same. Xilinx assumes no obligation to correct any errors contained in the Materials or to notify you of updates to the Materials or to product specifications. You may not reproduce, modify, distribute, or publicly display the Materials without prior written consent. Certain products are subject to the terms and conditions of Xilinx’s limited warranty, please refer to Xilinx’s Terms of Sale which can be viewed at https://www.xilinx.com/legal.htm#tos; IP cores may be subject to warranty and support terms contained in a license issued to you by Xilinx.
    [Show full text]
  • Updates from the Open Quantum Safe Project
    Updates from the Open Quantum Safe Project Open Quantum Safe core team: Michael Baentsch Vlad Gheorghiu, evolutionQ & University of Waterloo Basil Hess, IBM Research Christian Paquin, Microsoft Research John Schanck, University of Waterloo Douglas Stebila, University of Waterloo Goutam Tamvada, University of Waterloo April 23, 2021 Abstract The Open Quantum Safe (OQS) project is an open-source project that aims to support the development and prototyping of quantum-resistant cryptography. This short note provides an update on the tools OQS makes available. 1 Introduction The Open Quantum Safe (OQS) project1 is an open-source project that aims to support the develop- ment and prototyping (of applications) of quantum-resistant cryptography. OQS consists of the following main lines of work: liboqs, an open source C library for quantum- resistant cryptographic algorithms, and prototype integrations into protocols and applications, including a fork of the widely used OpenSSL library. These tools support research by ourselves and others. To reduce the hurdle for getting started and to aid the uptake and use of these components, our tools are also available as ready-to-use binaries in the form of Docker images and test servers. In this short note, we provide an update on the Open Quantum Safe project. 2 liboqs liboqs is an open source C library for quantum-safe cryptographic algorithms. liboqs makes accessible a collection of open-source implementations of quantum-safe key encapsulation mechanism (KEM) and digital signature algorithms through a common API. liboqs builds on Linux, macOS, and Windows, on Intel, AMD, and ARM platforms. Some of the implementations of these algorithms have been directly contributed to liboqs by members of the NIST submission teams; others are incorporated from the PQClean project.
    [Show full text]
  • Red Hat Codeready Containers 1.19 Getting Started Guide
    Red Hat CodeReady Containers 1.19 Getting Started Guide Quick-start guide to using and developing with CodeReady Containers Last Updated: 2020-12-04 Red Hat CodeReady Containers 1.19 Getting Started Guide Quick-start guide to using and developing with CodeReady Containers Kevin Owen [email protected] Legal Notice Copyright © 2020 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent.
    [Show full text]
  • Självständigt Arbete På Grundnivå
    Självständigt arbete på grundnivå Independent degree project - first cycle Datateknik Computer Engineering Master's thesis Hantering av nätverkscache i DNS Two ye Hans Lindqvist i MITTUNIVERSITETET Avdelningen för informationssystem och -teknologi (IST) Examinator: Ulf Jennehag, [email protected] Handledare: Johannes Lindén, [email protected] Författare: Hans Lindqvist, [email protected] Utbildningsprogram: Datateknik, 180 hp Huvudområde: Datateknik Termin, år: VT, 2019 ii Hantering av nätverkscache i DNS Hans Lindqvist 2019-06-13 Sammanfattning Domännamnsystemet, DNS, utgör en fundamental del av användbarheten för Internet, men dess cachefunktion utmanas av adressers ökande storlek, antal och automatisering. Parallellt råder begränsad minneskapacitet hos vissa enheter i Internets utkant mot Internet of Things. Studien har tittat närmare på nutida behov av namnuppslagning och har då betraktat hur DNS påverkats av IPv6- adressutbredning, mobila enheter, innehållsleveransnätverk och webbläsarfunktioner. Undersökningen har i två fritt tillgängliga serverprogramvaror för DNS-uppslag sökt efter den optimala hanteringen av cache hos begränsade enheter i, eller på gränsen till, Sakernas Internet. Med hjälp av tillgången till öppen källkod för programmen, Unbound och PowerDNS Recursor, har dess respektive strukturer tolkats för att uppskatta och jämföra minnesbehov. Därefter har en simulering gjorts i en laborativ miljö med fiktiva DNS-data av verklighetstrogen karaktär för att mäta den faktiska förbrukningen av minne på DNS-serverns process. Vid simuleringen undveks att individuellt anpassa programmens inställningar, att blanda in data för DNSSEC, samt att införa minnesbegränsningar i testmiljön. Undersökningen av källkod beräknade att Unbound var mer optimalt för posttyperna A+AAAA medan PowerDNS Recursor var effektivare för posttypen PTR. För båda posttyperna som helhet visade mätningarna i simuleringen att Unbound kunde lagra DNS-data tätare än PowerDNS Recursor.
    [Show full text]
  • Openstack Installation
    TECH GUIDE OpenStack Installation: A Practitioner’s Guide Introduction TECH GUIDE: OpenStack Installation: A Practitioner’s Guide One of the great things about OpenStack is all the options you have for deploying it – from homebrew to hosted OpenStack to vendor appliances to OpenStack-as-a-service. Previously, Platform9 published a tech guide comparing various OpenStack deployment models. If you opt for a do- it-yourself (DIY) approach, then you face the question of which tool to use. This guide will familiarize you with the landscape of OpenStack installation tools, including an overview of the most popular ones: DevStack, RDO Packstack, OpenStack-Ansible, Fuel and TripleO. OpenStack Architecture Overview If you’re new to OpenStack it may be helpful to review the OpenStack components. (Skip this section if you’re already familiar with OpenStack.) OpenStack’s design, inspired by Amazon Web Services (AWS), has well-documented REST APIs that enable a self-service, elastic Infrastructure-as-a Service (IaaS) cloud. In addition, OpenStack is fundamentally agnostic to the underlying infrastructure and integrates well with various compute, virtualization, network and storage technologies. Heat Clarity UI CLI / Tools Scripts (orchestration) Nova Compute Scheduler (images) Cinder Keystone Glance (identity) Basic Storage Basic Network Neutron Network Block Controller Storage Figure 1: OpenStack architecture is loosely coupled, and extensible to support any hypervisor / container, storage, and network system 2 Plan to get NO help to install & manage
    [Show full text]