DNS

Orchestrating PowerDNS deployments with servfail-sync

February 1, 2026
9:30 AM – 9:55 AM

K.3.401

Live Stream

<p>Given a large enough network of distributed nameservers, updating their configs and keeping all of them in sync becomes a highly error-prone activity. The problems multiply when multiple sysadmins and different operating systems are involved. We have created a low-complexity solution for syncing the NS configuration and keeping all servers aware of the current shape of the network.</p> <ul> <li><a href="https://git.sakamoto.pl/servfail/servfail-sync">Repo</a></li> <li><a href="https://beta.servfail.network/">Project</a></li> </ul>

Additional information

Live Stream	https://live.fosdem.org/watch/k3401
Type	devroom
Language	English

More sessions

2/1/26	Domain crate update: developments, plans; what would you like to see? DNS Philip Homburg K.3.401 <p>Two years have passed since we presented Domain crate, our DNS library written in Rust (https://github.com/NLnetLabs/domain) here at FOSDEM. We added a lot of functionality (for example, DNS client and server support, DNSSEC validation, DNSSEC signing) and started writing our first applications. The most notable application is our new DNSSEC signer called Cascade (https://github.com/NLnetLabs/cascade). In this presentation, I go over the work we have, what our plans are for the coming year. ...
2/1/26	Running a highly available, ad-blocking, private DNS setup in Kubernetes DNS Nadia Santalla (she/her) K.3.401 <p>DNS is the most critical service that runs on small, client-focused networks. Hosting your own DNS unlocks interesting possibilities: Lower latencies, caching, DHCP hostname integration, and ad and malware blocking just to name a few. However, it also comes with great responsibility: For clients, if DNS is down, the internet is down.</p> <p>In this session we will explore how we can have all those delightful features while maintaining resiliency and zero-downtime upgrades, using Kubernetes as ...
2/1/26	Anatomy of a Resilient Nameserver: Concurrency, Resolution, and Protection DNS Nelson Vides K.3.401 <p>On paper, DNS is a simple request-response protocol. In reality, building an authoritative nameserver that delivers under heavy load, processes malformed packets safely, and resists DDoS attacks is a complex engineering challenge.</p> <p>This talk peels back the layers of erldns, DNSimple's open-source high-performance DNS server, to explore the fundamental architecture required to handle millions of queries per second. We will focus on:</p> <ul> <li>Simplified Resolution: How a special ...
2/1/26	Breaking the bad, stopping the ugly by using Open Source DNS Ulrika Vincent K.3.401 <p>Isn’t monitoring DNS queries a really bad idea? If the monitoring crosses the line to surveillance, we agree. Monitoring for bad actors is still needed and valuable for cybersecurity. Building such a platform in Open Source and running it as a non-profit is much better than letting commercial actors consume this data without making it an open data commons. For sure many won’t protect the user’s privacy the way we do.</p> <p>This is the story about the DNS TAPIR Open Source project - the ...
2/1/26	lwresd: how can be obsolete daemon reused for new features DNS Petr Menšík K.3.401 <p><em>lwresd</em> was present long ago in Debian 4, acompanied by the libc library plugin <em>libnss_lwres</em>. It was intended to be a simpler cache than a standard name server, but it never gained wide adoption. Because it offered no significant advantages over using a DNS server like <em>named</em> directly. It was removed from BIND9 after version 9.11.</p> <p>I have a few ideas on how to use it over Unix domain sockets to unlock new features. With some significant modifications to the ...
2/1/26	Querying DNS for software updates DNS Mechiel Lukkien K.3.401 <p>As a developer, how do you add an automated check for software updates to your application? You could use DNS! DNS is lightweight, provides redundancy, responses are cacheable, and going through your network resolver gives you some privacy.</p> <p>But, making DNS changes as part of a software release is not ideal, I've done it. Can we automate this? We can for Go applications! Gopherwatch.org is a free service that monitors the Go sumdb, a transparency log (like certificate transparency) ...
2/1/26	DNS: A Love Affair with Lovecraftian Horrors DNS Shane Kerr (he/him) K.3.401 <p>The DNS is a hoary protocol, with ancient secrets that man was not meant to know.</p> <p>It is said that learning too much about the dark corners of this ancient knowledge might drive one mad.</p> <p>Here is your chance to learn mostly useless things about DNS!</p> <p>This presentation will cover quirks of the DNS protocol which are probably surprising, and hopefully interesting.</p> <p>Warning: Due to constraints no entities from beyond time and space will be summoned during this talk.</p>

FOSDEM 2026

1/31/26 – 2/1/26

Event

Hackerkonferenzen

Created by @CCC 58 Follower

Event Calendar