The frailty of the DNS system became all too evident last year, when DNS host Dyn was hit by a major Distributed Denial of Service (DDoS) attack that brought down large swaths of the internet. With the threat of DDoS attacks only expected to grow, experts urge organizations to build redundancy into their DNS services.
GitHub, the online code-sharing and development platform, is introducing a new open source tool to make it easier to create that redundancy.
OctoDNS is the system GitHub has been using for a few months now to manage its own DNS records, explained Ross McFarland, the lead GitHub engineer behind the tool.
"We have many, many domains we use for different purposes at GitHub, some of those may have hundreds of records in them," he told ZDNet. "It's a relatively complex process managing those, and it can be really error prone if it's a human taking action and making changes manually."
OctoDNS allows GitHub to to keep its records in sync over multiple providers, so if any DNS provider runs into a problem, there's another still there to serve user requests. "Basically, redundancy is at the core of it," McFarland said.
It also allows effectively anyone within GitHub -- from engineers to marketers -- to submit a pull request to make changes. For example, the GitHub events team could be working to spin up a website for a user conference, and it may want to add a URL such as universe.github.com.
"If they know the name they want, and they know wherever that URL needs to point to," McFarland explained, "they would come in and add a couple lines to a particular file to make that change, so when users type universe.github.com in their browser, it would take them to the right place."
Previously, someone from McFarland's team would have to manually make such changes.
McFarland started investigating this sort of "split authority" solution for DNS management about a year ago.
It's "definitely something that not enough people know they should be thinking about doing," he said. "OctoDNS relieves a lot of the reasons you might have for not going through the trouble."
OctoDNS supports commercial providers including Cloudflare, DNSimple, Dynect, and Route53. It also has support for PowerDNS, software that can be used to run DNS servers yourself (often internally).
GitHub is open sourcing the tool in keeping with its values, McFarland said.
"This is not something that gives us a competitive advantage. There's no reason for us to keep it to ourselves," he said. GitHub's philosophy, he said, is that the systems it builds "should be open source unless there's a reason not to, and there's seldom a reason not to."
This attack uses a phone's camera to crack Android pattern locks