IP of the hardcode server in the applications

[ad_1]

As a result of the Dynamic attack, many major websites were down, including Twitter – browsers could not resolve servers’ IP addresses because the authoritative name server (Dyn) was down. I’m not sure if this could be dealt with globally – there has been an interesting discussion on Reddit about my proposal to increase TTL – how resolution policy and algorithms can be improved, why lower TTL is not always applicable etc.

But while twitter.com was down, the mobile app wasn’t working either. And while we don’t have any control over the browser, we certainly do have control over the mobile app (the same goes for desktop apps, of course, but I’ll mostly talk about mobile apps as being more dominant) . The reason the app was down as well is that it is probably also using the twitter.com domain (e.g. api.twitter.com) as well. And that’s the right way to go, except in those rare situations where DNS fails.

In these cases, you can hard-code a list of server IP addresses into your application and revert to it if queries based on the domain name fail (for example after 3 attempts). If you change your server’s IP addresses, you just update the app. It doesn’t matter that there is an unpredictable delay (until everyone updates) and some clients don’t have a proper IP address – it’s a fallback mechanism at the edge.

This is not, of course, my idea – it has been used by distributed systems like Bitcoin and BitTorrent – for example, when trying to join the network, the Bitcoin client or BitTorrent DHT tries to connect to a node of bootstrap in order to get a list of peers. There is a list of domain names in client applications that resolve using circular DNS to one of the many known seed nodes. However, if DNS resolution fails, clients have a small set of hard-coded IP addresses.

As this post points out, you may have multiple fallback strategies. Instead of, or better yet, in addition to hard-coding the IP address, you can have a backup domain name. foo.com and foo-fallback.com, managed by different DNS providers. This way your application will have a 3 step fallback mechanism – 1. try the primary domain 2. try the fallback domain 3. try the fallback IP addresses.

Events like the Dyn attack are (hopefully) rare, but can be costly for businesses. Adding fallback mechanisms to at least some of the client software is quick and easy and can reduce damage.

[ad_2]

Exposing public IP addresses of Tor services through SSL certificates

Role of IPS agent under scanner ED, Energy News, ET EnergyWorld

GetDotBit has registered over 700 decentralized .Bit domain names, and counting

What is DNS and how does it work?

Official recognition, engagement with the IEA essential for its desired transformation: IPS

The Costs and Damages of DNS Attacks

Group of scientists denounce ‘railroad’ of Kaliwa Dam talks with IPs in Quezon

Sony reveals plans for future PS VR2 games and new IPs

IP of the hardcode server in the applications

Previous How to Enable DNS-over-HTTPS 2022 Tip

Next Supreme Court allows people with disabilities to apply to opt in to IPS, DANIPS, IRPFS

Jessica D. Morrow

Should domain names be considered “service contracts” or “property rights”?

Sci-Hub loses domain names, but remains resilient * TorrentFreak

How to Enable DNS-over-HTTPS 2022 Tip

MYNIC services down, all concerned .my domain names

Suggested Posts

4 Ways to Check Which DNS Server You’re Using in Windows 11

Reminder: There is no Whois privacy for .us domain names – Domain Name Wire

How to fix DNS issue on Windows 11/10

The Costs and Damages of DNS Attacks

1,472 vacancies at IAS, 864 at IPS in various states: Union Minister Jitendra Singh

No Comment

Leave a reply Cancel reply

MENU

More Stories

Users can now sell unused domain names for cash with GoDaddy

Related posts: