Here we go, last talk of the day on the production track at #QConLondon, with @rdelvira and "an entertaining outage story" (his own words) when slack rolled out DNSSEC Image
"Who here tried to rollout DNSSEC?, Ok one person... Now how failed when trying to rollout DNSSEC? Welcome to the club!" 😂 @rdelvira #QConLondon
"We planned DNSSEC carefully, with the necessary changes and replicated most of our DNS use cases... And you'll see later why I said 'most'..." @rdelvira #QConLondon Image
The challenge on DNSSEC is that it needs to be applied per domain, cannot be split per subdomain or be progressively rolled out.
The rollout was done per domain, with slack.com being the last one...causing 3 different outages @rdelvira #QConLondon Image
Using netlog capture to debug issues in the chromium engine used behind the Slack client. @rdelvira #QConLondon Image
When encountering issues with the rollout, the traffic team decided to rollbck DNSSEC, with confidence of having done it many times in testing. That wasn't taking into account the 24h cache DNS resolvers worldwide. @rdelvira #QConLondon Image
You know you're in a really bad spot when you need to ask all DNS resolvers operator to clear their cache for your main domain 😱. "This was a very big spreadsheet..." @rdelvira #QConLondon
For the last attempt, the traffic team at slack went back to strengthen run books (especially for very risky rollbacks), increasing observability on DNS (route53 logs for full visibility of dns requests, breakdown by resolvers). @rdelvira #QConLondon Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Pierre Vincent 🇺🇦

Pierre Vincent 🇺🇦 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @PierreVincent

Apr 5
Continuing the #QConLondon production track with @yurynino, and using visual metaphors to understand our production data in a different way. Image
"In our field, observability is about humans and about how humans interact with technology" @yurynino #QConLondon Image
Collecting metrics and signals are only one part of the solution - observability has to come with good visualisation, and engineering a solution for humans. @yurynino #QConLondon ImageImage
Read 8 tweets
Apr 5
Next up on the production track, @mhausenblas on Continuous Profiling #QConLondon Image
"Observability is the capability to continuously generate and discover actionable insights based on signals from the system under observation with the goal to influence that system" and that's for both people (eg debugging) and automation (eg autoscaling) @mhausenblas #QConLondon Image
Observability can go beyond usual metrics, logs and traces: @mhausenblas introducing profiles and eBPF #QConLondon ImageImageImage
Read 9 tweets
Apr 5
First talk of the day on the #QConLondon production track, by @glenathan and a challenge: can we build observable services without logs? Image
"We needed to build a new service in Go, without our usual existing scaffolding in Clojure... That led to some bikeshedding but also gave a chance for experimentation!" @glenathan #QConLondon
"Before this, we spent a lot of money to know what our applications were doing in production" Image
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(