GitHub open sources OctoDNS, new tool for managing DNS records

OctoDNS makes it easier for any member of the GitHub team to manage DNS records, and it enables GitHub to keep records in sync over multiple providers.

The frailty of the DNS system became all too evident last year, when DNS host Dyn was hit by a major Distributed Denial of Service (DDoS) attack that brought down large swaths of the internet. With the threat of DDoS attacks only expected to grow, experts urge organizations to build redundancy into their DNS services.

FURTHER READING

The largest DDoS attack didn't break the internet, but it did try

A 300Gbps distributed denial-of-service attack thought to be the largest in the world has put key internet infrastructure to the test, and, so far, the attack has failed.

Read More

GitHub, the online code-sharing and development platform, is introducing a new open source tool to make it easier to create that redundancy.

OctoDNS is the system GitHub has been using for a few months now to manage its own DNS records, explained Ross McFarland, the lead GitHub engineer behind the tool.

"We have many, many domains we use for different purposes at GitHub, some of those may have hundreds of records in them," he told ZDNet. "It's a relatively complex process managing those, and it can be really error prone if it's a human taking action and making changes manually."

OctoDNS allows GitHub to to keep its records in sync over multiple providers, so if any DNS provider runs into a problem, there's another still there to serve user requests. "Basically, redundancy is at the core of it," McFarland said.

It also allows effectively anyone within GitHub -- from engineers to marketers -- to submit a pull request to make changes. For example, the GitHub events team could be working to spin up a website for a user conference, and it may want to add a URL such as universe.github.com.

"If they know the name they want, and they know wherever that URL needs to point to," McFarland explained, "they would come in and add a couple lines to a particular file to make that change, so when users type universe.github.com in their browser, it would take them to the right place."

Previously, someone from McFarland's team would have to manually make such changes.

McFarland started investigating this sort of "split authority" solution for DNS management about a year ago.

It's "definitely something that not enough people know they should be thinking about doing," he said. "OctoDNS relieves a lot of the reasons you might have for not going through the trouble."

OctoDNS supports commercial providers including Cloudflare, DNSimple, Dynect, and Route53. It also has support for PowerDNS, software that can be used to run DNS servers yourself (often internally).

GitHub is open sourcing the tool in keeping with its values, McFarland said.

"This is not something that gives us a competitive advantage. There's no reason for us to keep it to ourselves," he said. GitHub's philosophy, he said, is that the systems it builds "should be open source unless there's a reason not to, and there's seldom a reason not to."

This attack uses a phone's camera to crack Android pattern locks

Read More:

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All