/plushcap/analysis/cloudflare/the-story-of-a-little-dns-easter-egg

The story of a little DNS easter egg

What's this blog post about?

In 2013, CloudFlare faced challenges with their DNS infrastructure using PowerDNS and decided to create a custom authoritative name server called RRDNS. The new system allowed for easy addition of application logic, leading to the creation of fun Easter Eggs such as querying for job listings via DNS request. However, concerns were raised about potential misuse of these features in DNS reflection attacks. To address this, Ian implemented a safeguard that forced RRDNS to respond with a 0-byte UDP response and the DNS message truncated flag when receiving an Easter Egg-generating query, causing clients to retry via TCP and preventing source IP spoofing. This highlights how extensibility in systems like RRDNS can be used for both fun features and enhanced security measures.

Company
Cloudflare

Date published
Aug. 27, 2013

Author(s)
Matthew Prince

Word count
1202

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.