How Stack Overflow plans to survive the next DNS attack

Stack Overflow is usually the place I go when I think I might want to learn to code. I quickly see that my time would be better spent watching cat videos, and I move on with my life.

Personal laziness aside, the site is an invaluable learning tool for any number of people. It does well over a billion pageviews a month, and has a thriving community. So when I get a peak at some of their decision making process, I’m all ears.

Mark Henderson, a site engineer, walks through how the site picked their DNS provider. The site previously bounced between on-premises BIND servers and DNS services offered through Cloudflare. In light of the Dyn DDoS attack, the site wanted more robust protection from a future outage.

It’s a really interesting look at their decision making, plus they include lots of graphs!

Mark Henderson comments:

Let’s talk about DNS. After all, what could go wrong? It’s just cache invalidation and naming things.


This blog post is about how Stack Overflow and the rest of the Stack Exchange network approaches DNS:

  • By bench-marking different DNS providers and how we chose between them
  • By implementing multiple DNS providers
  • By deliberately breaking DNS to measure its impact
  • By validating our assumptions and testing implementations of the DNS standard

The good stuff in this post is in the middle, so feel free to scroll down to “The Dyn Attack” if you want to get straight into the meat and potatoes of this blog post.

Read more at: How Stack Overflow plans to survive the next DNS attack

About the author

Rich Stroffolino

Rich has been a tech enthusiast since he first used the speech simulator on a Magnavox Odyssey². Current areas of interest include ZFS, the false hopes of memristors, and the oral history of Transmeta.

Leave a Comment