#044 /dev/night/online - The power of DNS Load-balancing & DDoS mitigation

This will be an online event!
The link to join: https://join.dev-night.io/
We will use a self-hosted Jitsi instance.

DNS is one of the most fundamental protocols of computer networks, especially the Internet. Unfortunately, this protocol was designed with minimal security features in mind. This has led us to this point that it has become of the easiest and convenient targets for attackers world wide.

There are numerous DNS server implementations (including open source and non-open source ones) with some security features embedded but none of them have fine granularity control over these features. On the other hand, there has not been a proper DNS-aware load balancer until recently. DNSDist (dnsdist.org) is one of the powerful DDoS-aware DNS load balancer out there totally available open source. Previously, there were UDP load balancers which did not understand DNS protocol properly.

In this talk Bahram will introduce us to the DNSDist Loadbalancer and its security features.
Here are some of DNSDist awesome features:

• LoadBalancing Policies
• Effective Caching
• Packet Policies (Drop, Forward, Answer, Delay)
• Various Rules (QPS, QType, RCode, QName, Regex, ACL, etc)
• Dynamic Rule Generation
• Fine control over responses (RecBit, DNSSec, TTL, etc)
• Security Protocols (DoH, DoT, DNSCrypt)
• Using Kernel Features (eBPF, SO_REUSEPORT)
• Builtin-Webserver and Console access for live monitoring
• Provide custom functionality using LUA scripts

DNSDist has a high potential for being a commercial out-of-the-box product.
For example in Open-Xchange they are providing a distribution of DnsDist: https://www.open-xchange.com/portfolio/dnsdist/

### You want to give a talk?
Just submit your session through an issue here (https://github.com/dev-night/talks/issues).