How We Un-Scattered Our DNS Setup and Unlocked New Automation Options

Thursday, 30 August, 2018 - 11:3512:00

Dan Lüdtke,


We own over a hundred different domains. They were spread over multiple registrars. DNS servers were not under active management and DNS data was neither version controlled nor reviewed. Deployments were risky and rollbacks challenging.

We gained control over the situation by reducing the number of contracts with registrars, selecting a cloud-based DNS service, and convinced the teams to manage DNS data in a version-controlled manner. To deploy DNS changes, we build tooling that we open-sourced. Today, we are able to deploy much faster and safer. We also have automated checks and implemented some safety measures to prevent the most common mistakes I made in the past. Sharing the mistakes will be part of the presentation, as well as quick outlook to the new automation options we unlocked by having a more robust DNS setup.

Dan Lüdtke,

Dan served his country, worked as a security consultant, wrote a book about IPv6, contributes to open source software projects, regularly helps to organize large hacker events, runs an autonomous system for fun, and dreams of space travel.

SREcon18 Europe/Middle East/Africa Open Access Videos
Sponsored by Indeed

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {218923,
author = {Dan L{\"u}dtke},
title = {How We {Un-Scattered} Our {DNS} Setup and Unlocked New Automation Options},
booktitle = {SREcon18 Europe/Middle East/Africa (SREcon18 Europe)},
year = {2018},
address = {Dusseldorf},
url = {},
publisher = {USENIX Association},
month = aug,

Presentation Video 

Presentation Audio