XDPeriments: Tinkering with DNS and XDP

 

XDPeriments: Tinkering with DNS and XDP

Luuk Hendriks, NLnet Labs

Willem Toorop, NLnet Labs

The eXpress Data Path (XDP) is a "hook" in the Linux kernel providing programmability at the lowest layer of the Network Stack (at the device driver layer) and can even be hardware offloaded to programmable devices (e.g. SmartNICs). XDP provides an easy way to perform some parts of DNS handling in the kernel but still have traditional userspace software 'after' that. XDP does not have to replace DNS software in userspace, it can **augment** it. XDP programs are well suited for dealing with Denial of Service attacks. Furthermore XDP programs can be put to work on an ad-hoc basis on a running system without interruption. We think using XDP to augment an existing DNS service is an exciting new idea, and a great new tool in the DNS operator's toolbox. In this presentation we will explore how DNS can benefit from XDP with hands-on examples of directly usable running code. We will show how operators can use XDP programs to deal with Denial of Service attacks and/or otherwise tweak their DNS service behaviour.

XDPeriments: Tinkering with DNS and XDP (pdf)

Watch the NANOG 81 Playlist