Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love...
Transcript of Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love...
![Page 1: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/1.jpg)
Human-friendly DNSpowered by Golang
![Page 2: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/2.jpg)
We love to work in a casual environment that energizes us to revolutionize the fitness industry.
![Page 3: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/3.jpg)
Site Reliability Engineering @ eGym
● Scale
![Page 4: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/4.jpg)
Site Reliability Engineering @ eGym
![Page 5: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/5.jpg)
![Page 6: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/6.jpg)
Site Reliability Engineering @ eGym
![Page 7: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/7.jpg)
Site Reliability Engineering @ eGym
![Page 8: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/8.jpg)
Room for more SREs :)
![Page 9: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/9.jpg)
Site Reliability Engineering @ eGym
● Scale● Automate● Own reliability
○ 24/7 Monitoring○ On-call
● Consult teams
![Page 10: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/10.jpg)
DNS Basics
![Page 11: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/11.jpg)
DNS Basics
![Page 12: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/12.jpg)
Names
www egym de $NULL. . .
separator
label
![Page 13: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/13.jpg)
DNS Hosts
www egym de. .
domain
host
Top-level domain
![Page 14: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/14.jpg)
DNS Name Spacing
int egym de. .
zone
Sub zone
![Page 15: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/15.jpg)
DNS Name Spacing
http
s://e
n.w
ikip
edia
.org
/wik
i/Dom
ain_
Nam
e_S
yste
m
![Page 16: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/16.jpg)
DNS @ eGym● 20+ domains
○ and counting...
● 18 delegations to sub zones○ “team spaces”
● 700+ resource records○ without sub zone records
Registrar
HosterCloud DNS
Delegation (NS RR)
ZoneFile
Deployment
Change
Scripts
Scripts
Scripts
Read/Parse
![Page 17: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/17.jpg)
![Page 18: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/18.jpg)
Rethinking DNS @ eGym
Single SourceOf Truth
Production DNS(Cloud DNS)Tools
Single Source of Truth● Version Controlled● Human Readable● Non-repetitive
Cloud DNS● Scales● API
Tools● Rollbacks● Replays● Automated (non-interactive mode)● Safeguards
![Page 19: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/19.jpg)
Rethinking DNS @ eGym
Single SourceOf Truth
Production DNS(Cloud DNS)Tools
Single Source of Truth● Version Controlled● Human Readable● Non-repetitive
Cloud DNS● Scales● API
Tools● Rollbacks● Replays● Automated (non-interactive mode)● Safeguards
YAML
Templates
![Page 20: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/20.jpg)
![Page 21: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/21.jpg)
DNS Tooling● PaPuDNS
○ Parses YAML-formatted zone information○ Parses YAML-formatted templates○ Applies templates○ In-Memory database with all resource records○ Fetches current zone information from Cloud DNS via API○ Calculates difference○ Pushes the changes (atomically)
● dns-check○ Parses YAML-formatted “expectations”○ Checks via live DNS if expectations are meet○ Does not (yet) use the same format/database
![Page 22: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/22.jpg)
Zones
github.com/egymgmbh/papudns
zones: - zone: egym.coffee description: Test zone. ttl: 300 templates: - gmail - website names: - name: '@' texts: data: - foobar-site-verification-123456 - name: paloalto forwarding: ttl: 60 target: flaky.cloud.example.com. - name: losangeles addresses: literals: - 192.0.2.99 - 2001:db8:200::99
- Sets zone TTL- Pulls in “names” from templates
- TXT resource record
- CNAME resource record(custom TTL)
- A and AAAA resource records
![Page 23: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/23.jpg)
Templatestemplates: - template: gmail description: > This template adds Google mailservers to a zone. names: - name: '@' mail: ttl: 604800 # 1 week = 604800 seconds mailservers: - mailserver: aspmx.l.google.com. priority: 10 - mailserver: alt1.aspmx.l.google.com. priority: 20 - name: google._domainkey texts: data: - > v=DKIM1; k=rsa; p=foobar123456
www egym de $NULL. . .
github.com/egymgmbh/papudns
![Page 24: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/24.jpg)
Go and YAML● Package yaml.v2
○ gopkg.in/yaml.v2
● func Unmarshal(in []byte, out interface{}) (err error)○ Byte stream to custom struct type○ Struct fields are only unmarshalled if they are exported
(have an upper case first letter), and are unmarshalledusing the field name lowercased as the default key.
● See demo!
![Page 25: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/25.jpg)
Go and DNS● Pure Go resolver
○ export GODEBUG=netdns=go # force pure Go resolver
● Cgo resolver○ export GODEBUG=netdns=cgo # force cgo resolver
● Raw DNS queries○ github.com/miekg/dns/
By default the pure Go resolver is used, because a blocked DNS request consumes only a goroutine, while a blocked C call consumes an operating system thread.
https://golang.org/pkg/net/#Resolver
![Page 26: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/26.jpg)
On the wire: Pure Go resolver vs. Cgo resolver16:33:52.097709 IP (tos 0x0, ttl 64, id 53695, offset 0, flags [DF], proto UDP (17), length 88)
force.59722 > google-public-dns-a.google.com.domain: [bad udp cksum 0x7757 -> 0x35c8!] 18325+ [1au] AAAA? danrl.com. ar: . OPT UDPsize=4096 DO (60)
16:36:26.279509 IP (tos 0x0, ttl 64, id 15282, offset 0, flags [DF], proto UDP (17), length 88)
force.55245 > google-public-dns-a.google.com.domain: [bad udp cksum 0x7757 -> 0x6724!] 10166+ [1au] AAAA? danrl.com. ar: . OPT UDPsize=4096 DO (60)
![Page 27: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/27.jpg)
Resolvers● See demo!
![Page 28: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/28.jpg)
CNAME
www.egym.de.
dualstack.egym-server-1779992439.eu-west-1.elb.amazonaws.com.
2a01:578:3::36d9:cf8b
2a01:578:3::2e89:6e8a
2a01:578:3::36f7:bfb5
CNAME
AAAA
![Page 29: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/29.jpg)
Putting it all together● DNS check
○ Install dns-check○ Define expectations○ Reality check
● PaPuDNS○ Install PaPuDNS○ Define zone information○ Deploy!
![Page 30: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/30.jpg)
Summary● We started building tools in Go
○ SRE ❤� Go
● We intentionally NOT use goroutines for critical deployments○ We want humans (slow) to be able to veto the tool’s actions (fast)
● TODO: Use goroutines/channels for dns-check● TODO: Use single source of truth for monitoring, too
○ And see if that works well (debatable)
![Page 31: Human-friendly DNS powered by Golang - danrl€¦ · Human-friendly DNS powered by Golang. We love to work in a casual environment that energizes us to revolutionize the fitness industry.](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f070e507e708231d41b149b/html5/thumbnails/31.jpg)
- career.egym.com (we are growing!)- code.egym.de (dev blog)- github.com/egymgmbh/papudns (deploy tool)- github.com/egymgmbh/dns-tools (monitoring tool)
- @danrl_com (twitter)- danrl.com (my homepage)- github.com/danrl/playground-2017-08-gopher-meetup
(today’s code)
What time is it?
Time to socialize!