There are many more dark secrets of DNS packets. Especially, in the context of internet providers and censorship industry - DNS Filtering, DNS Spoofing/Poisoning, Blocking Public DNS, etc
Instead of running local resolvers for caching, they should have used nscd DNS cache to decrease the volume of queries from those machines running the logs tasks. nscd is not designed for that, but is long known to have this best-use practice:
<a href="https://prefetch.net/blog/2011/03/27/configuring-nscd-to-cache-dns-host-lookups/" rel="nofollow">https://prefetch.net/blog/2011/03/27/configuring-nscd-to-cac...</a>
AWS natively provides this (1024 PPS) as a metric (‘ linklocal_allowance_exceeded’) via eth tool, which is automatically scraped by most Observability stacks. See <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-network-performance-ena.html#network-performance-metrics" rel="nofollow">https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitori...</a>
Another super interesting article that talks about DNS and how it’s used at Spotify [0] (or was used in 2013)<p>[0]: <a href="https://engineering.atspotify.com/2013/02/in-praise-of-boring-technology/" rel="nofollow">https://engineering.atspotify.com/2013/02/in-praise-of-borin...</a>
As an experienced developer, I would like to know: In the context of optimizing DNS resolution for latency-sensitive applications, what specific strategies or configurations does Stripe recommend implementing based on the insights from the blog post, and how do these strategies compare to traditional DNS setups in terms of performance and reliability?
> We realized we may be hitting the AWS limit for how much traffic can be sent to a VPC resolver<p>Never rely on an AWS service until you've understood it's quotas. They are reliable services, but to maintain that standard, they have to impose limits at many different levels of the plane. There are some good "quota surprises" tucked away in there.