All these zones are operated by the Traffic Engineering team at Slack.įor the last four months, the team has been working on enabling DNSSEC signing on all domains used by Slack. We do this to make use of NS1’s advanced traffic management features. While we are aware of the debate around the utility of DNSSEC among the DNS community, we are still committed to securing Slack for our customers.Īt Slack, we use Amazon Route 53 as our authoritative DNS server for all our public domains, delegating some subzones to NS1. DNSSEC will not protect the last mile of DNS - which is the communication between the client and their DNS recursor - from a MiTM attack. ) and the client’s DNS recursive resolver of choice. DNS has a security extension commonly referred to as DNSSEC, which prevents tampering with responses between the authoritative DNS server of the domain name (i.e. Refer to ‘What is DNS?’ by Cloudflare to read more about how DNS works and all the necessary steps to do a domain name lookup.ĭNS as a protocol is insecure by default, and anyone in transit between the client and the authoritative DNS name server for a given domain name can tamper with the response, directing the client elsewhere. DNS translates domain names to IP addresses, so that browsers can load the sites you need. Web sites are accessed through domain names, but web browsers interact using IP addresses. DNS is like a phone book for the entire internet. The internet relies very heavily on the Domain Name System ( DNS) protocol. This outage was the result of our attempt to enable DNSSEC - an extension intended to secure the DNS protocol, required for FedRAMP Moderate - but which ultimately led to a series of unfortunate events. On September 30th 2021, Slack had an outage that impacted less than 1% of our online user base, and lasted for 24 hours.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |