The story of a little DNS easter egg
In 2013, CloudFlare faced challenges with their DNS infrastructure using PowerDNS and decided to create a custom authoritative name server called RRDNS. The new system allowed for easy addition of application logic, leading to the creation of fun Easter Eggs such as querying for job listings via DNS request. However, concerns were raised about potential misuse of these features in DNS reflection attacks. To address this, Ian implemented a safeguard that forced RRDNS to respond with a 0-byte UDP response and the DNS message truncated flag when receiving an Easter Egg-generating query, causing clients to retry via TCP and preventing source IP spoofing. This highlights how extensibility in systems like RRDNS can be used for both fun features and enhanced security measures.
Company
Cloudflare
Date published
Aug. 27, 2013
Author(s)
Matthew Prince
Word count
1202
Language
English
Hacker News points
None found.