AWS Networking Deep Dive: Route 53 DNS

Many of you have been asking for months when my Route 53 course would release. Well, it’s finally here! AWS Networking Deep Dive: Route 53 DNS is now available on Pluralsight.

Topics covered include:

  • Configuring Route 53 to work with any domain name, even one registered with a different registrar
  • DNS concepts and how Route 53 fits in with the internet’s domain name system
  • Creating public hosted zones, health checks, and routing policies
  • Using private hosted zones with multiple VPCs


101 Public DNS Servers Sorted by Speed

You probably know the popular Google DNS server IP addresses by heart: and Before those were around you might have even used Level3’s and Of course, everyone else uses these too, which means these popular servers are under a pretty heavy load.

Fortunately, there are faster public DNS servers out there. Much faster.

101 DNS Servers

I’ve compiled a list of 101 public DNS servers (PDF), sorted in order of fastest to slowest (for me).

A few things to keep in mind

This is not an exhaustive list of all public name servers, nor are these necessarily the fastest servers that exist. But if you’re using one of the more popular public name servers, you can easily see how other servers rank against those in terms of speed.

Not all DNS servers behave the same way. Some will return intentionally incorrect responses, usually if the query is for a malicious domain. Others will return inconsistent results, which can be problematic if you’re testing for recently changed records.

One name server in particular seemed to rate-limit my queries, and this behavior seemed to change based on the query type. For instance, queries for * (all) would time out, while queries for SOA records would work. After waiting a little while and trying again, the server answered all my queries quickly.

The lesson here is test the server thoroughly and get familiar with its quirks before using it everywhere.

Installing PowerShell Core on Amazon Linux

In preparation for my latest course in the AWS Networking Deep Dive series, I wanted to install PowerShell Core on an Amazon Linux instance to test out cross-platform compatibility for some scripts.

Specifically, I wanted to see if I could use methods in the System.Net.Dns class to perform name resolution. The dnsclient PowerShell module provides some cmdlets for this very purpose, but that module is Windows-only, and I needed something that would work on across different platforms.

To my surprise, it wasn’t as easy as just running sudo yum -y install powershell. Fortunately, it wasn’t as difficult as building from source. Here’s what I did:

Install the dependencies

sudo yum install -y curl libunwind libicu libcurl openssl libuuid.x86_64

Download the installation script

This script just fetches the tarball and extracts it to /opt/microsoft/powershell


Set the script to be executable

chmod +x

Run the script, specifying the PowerShell version (6.0.1) and package tarball as the arguments:

sudo ./ 6.0.1 powershell-6.0.1-linux-x64.tar.gz

If you want to install a specific version (like the latest), then refer to the releases on the PowerShell repo.

Run PowerShell!

The command is pwsh, as in “Present Working SHell” (clever points). Be sure to use sudo, as it does require root privileges:

sudo pwsh

Get Your .NET On

The whole point of this exercise was to see if I could use .NET to perform DNS name resolution without any of the cmdlets in the Windows-only dnsclient module. Did it work? Let’s see.

PowerShell v6.0.1
Copyright (c) Microsoft Corporation. All rights reserved.
Type 'help' to get help.
PS /home/ec2-user> [System.Net.Dns]::GetHostAddresses("").IPAddressToString

Yes indeed! Of course, I can still use the usual PowerShell tricks to extract just the data I want:

PS /home/ec2-user> [System.Net.Dns]::GetHostByName("") | Select-Object AddressList

I can also drill down to pick out just the first IP address in the list:

PS /home/ec2-user> ([System.Net.Dns]::GetHostByName("")).AddressList[0].IpAddressToString

Run it again, and I get a different address:

PS /home/ec2-user> ([System.Net.Dns]::GetHostByName("")).AddressList[0].IpAddressToString

Looks like round-robin DNS! But will this command work cross-platform? Let’s try it on my Windows 10 machine:

PS C:\Users\admin> ([System.Net.Dns]::GetHostByName("")).AddressList[0].IpAddressToString

Yes! This is exactly why I chose PowerShell. The same command that works on Linux also works on Windows, which makes it perfect for an OS-agnostic course.

Ready to learn more PowerShell? Sign up for a free trial with Pluralsight and get unlimited access to every course in their humongous library!

Is Social Media Bad?

Most of us have tossed around the idea of restricting our social media consumption, or even giving it up altogether. It’s not that we don’t like it. We love it, sometimes too much. But inherently, something about social media just seems wrong. But what is it?

Social is Not a Neutral Tool

People often say that social media is just a tool, and like any other tool, it can be abused, but it can also be used for good. After mulling on this for several months, I have to disagree. Social media is not a tool. It’s not neutral. And that has nothing to do with the platform. Social can’t be neutral because it’s comprised of people, and people are not neutral.

Think of it this way. Imagine you’re at your favorite hangout. Maybe it’s a coffee shop, restaurant, the library, zoo, whatever. You’re having a good time, when suddenly, a large group of people appears. They all start talking to each other, LOUDLY, and what they’re saying is seriously ticking you off. They’re spewing some of the most unpleasant, irritating, obnoxious garbage you’ve ever heard.

What do you do? Most likely you’d put on your headphones, if you have any, or you’d leave. Yeah, you might engage some of the people for a while, if that’s your personality. But would you purposely subject yourself to that noxious experience day after day? Probably not.

And yet, when it comes to social media, many continually subject themselves to that kind of toxic social interaction multiple times a day.

Technical Solutions Don’t Work

Even before social media was big, people have tried to come up with a technical solution to this problem. Banning, shadowbanning, muting, blocking, throttling, etc. have all been tried.

But none of it has worked, or even helped much. If anything, social media interaction has gotten worse, not better. These solutions are predicated on the notion that social media is just a neutral platform, and if we enforce the right rules, we can maintain that neutrality. But that’s a false notion. Again, social media can’t be neutral because people are not neutral.

The only way for social media to work is for people to properly police their own behavior. This is exactly what happens in real life social situations. Nobody dares to walk into a noisy restaurant and launch into a profanity-laced tirade against a perfect stranger. But much of the time, that inhibition is driven by self-preservation rather than a moral imperative. Remove the risk of getting physically assaulted, and many won’t hesitate to say the vilest, ugliest stuff. That’s what social media does.

Bad Behavior is Contagious

Is social media bad? Not inherently. But it’s not inherently good either. People choose to behave in morally good or bad ways. When immoral speech spills over into social media, it spreads like a cancer. We love to think of ourselves as being in control of our own thoughts and choosing our own influences. But that’s just not true. Bad company corrupts good morals, as the Apostle Paul said, and being exposed to trash on social media day after day does affect you, even if you don’t consciously realize it.

How often have you gotten viscerally angry at something you read on Twitter or Facebook? Sure, you can get mad reading something on any website or even in a book. But those occurrences are few and far between. On social, they’re the norm. When you saw something that made you really mad, how long did you stew about it? Did your mood affect your interactions with other people?

This domino effect isn’t unique to social, of course, but it is amplified. Our use of social media is 180 degrees out of phase. For our own sanity, it should comprise seconds, maybe minutes of our day. Our one-on-one and in-person interactions should be the bulk. That tweet that made you burning mad should be a once-a-week event. Most of your disagreements with another person should be hashed out one-on-one, privately, not in a public forum with spectators.

Is Social Media Worth It?

Should you stop using social media? I think that’s the wrong question. A better question is why should you use it? What value does it hold for you? And is it worth the price you pay in terms of time, sanity, and relationships with others?

It’s not unusual to see someone take a break from social, usually for a week or two, but sometimes a month or more. This is common and doesn’t usually raise any eyebrows. But if you heard someone say, “I’m taking a break from all social interaction for a month!” you’d immediately think something was amiss. This is evidence that instinctively, we know something is off about social. You only take long breaks from something when you detect that it’s not healthy to continue at your current pace.

As ironic as it seems, cutting back on social media would probably make everyone more social.

Understanding the Meltdown Attack

This month, security researchers released a whitepaper describing the Meltdown attack, which allows anyone to read the full physical memory of a system by exploiting a vulnerability in Intel processors. If that sounds bad, that’s because it is. It means that if you’re running workloads on a public cloud provider, and you don’t have a dedicated server, an attacker can read what your workloads are putting into memory. This includes passwords, private keys, credit card numbers, your cat’s middle name, etc.

How Meltdown works

As a way of eking out every ounce of speed, modern processors perform out-of-order execution. Rather than executing a program one instruction at a time, the processor fetches multiple instructions at once and places them in an instruction queue. It then executes each instruction as soon as possible (and usually out-of-order) and stores each instruction’s output (if there is any) in a cache.

Now here’s the kicker. An instruction can do nasty things. Out-of-order execution runs instructions that the program isn’t allowed to run. Take the following assembly instruction:

; rcx = kernel address
 mov al, byte [rcx]

This copies one byte of data from the kernel memory and places it in a temporary portion of CPU memory, called a register. With in-order processing, the CPU would not allow this instruction to execute.

But with out-of-order execution, the CPU does execute the instruction, and it stores the resulting byte value in a temporary cache. The CPU then raises an exception and terminates the program.

But the byte value is still stored in the cache. This is where the flaw in Intel’s microcode lies. The CPU should clear the cache as soon as the exception is raised. But it doesn’t. It leaves it there, vulnerable to another type of side-channel attack called a cache attack.

Cache attacks have been around for years, and there are several different types which an hacker can use in conjunction with Meltdown to figure out the data stored in cache. For a great explanation of how these attacks work, check out Bert Hubert’s article on Spectre and Meltdown. It’s trivial for an attacker to pull one off, quickly.

Only Intel Processors were Shown to be Vulnerable

The researchers were not able to duplicate the results on AMD or ARM processors, which also use out-of-order execution. They speculate that they theoretically could, but they were not able to at the time they released the paper. You certainly shouldn’t assume that all non-Intel processors are immune to Meltdown.

Disabling out-of-order execution isn’t the answer

In order to be effective, the Meltdown attack depends on out-of-order execution as a necessary but not sufficient condition. Thus, simply having out-of-order execution enabled is not enough to make Meltdown possible. Disabling out-of-order execution does prevent Meltdown, but the performance impact is substantial.

What about Spectre?

Spectre is not the same as Meltdown. Although Spectre works against all CPUs, including Intel, AMD, and ARM, pulling off a Spectre attack is trickier. But both are equally bad and rely on out-of-order execution, which is why you usually see them lumped together.

You don’t need to replace your hardware

You don’t need to replace your hardware, and anyone who says you do is either trying to tell you something. Now for the obvious part. To mitigate Meltdown and Spectre, install the latest security patches for your operating system, BIOS, and CPU firmware — after sufficient testing, of course.

[amazon_link asins=’1484200659,1484224027′ template=’ProductCarousel’ store=’benpiperblog-20′ marketplace=’US’ link_id=’f5492b54-f283-11e7-b66c-83ded4902b58′]

3 Ways to Increase Your IT Earnings in 2018

As 2018 draws near, companies go into hiring mode, and people come and go, which often leaves a lot of open positions. If you qualify to fill one of the more in-demand positions, you can often negotiate a higher salary.

My biggest salary jumps have always come in the first quarter of the year. To increase your chances of getting that salary boost, here are three tips that you should start implementing right now.


Tip #1 – Shun the Snake Oil Tech Fads

These are technologies that sound interesting, seem promising, but either have no real-world use case or are actually impossible. Some current examples include blockchain and quantum computing. If you’re interested in these from a theoretical perspective, by all means, indulge yourself. But don’t expect that a real company is going to hire you as a blockchain or quantum computing expert. These are fads, and like all fads, they’ll die. Don’t let your career die with them.

An easy way to spot nonsense tech fads is to ask yourself, “Is this new technology an improvement over what we have now? If so, is it even possible?” Clearly, blockchain isn’t an improvement over any other database, distributed or otherwise. Quantum computing could theoretically blow classical computing out of the water, but quantum computers require temperatures close to absolute zero, making them practically impossible.

Another tech fad that’s captured the attention of the media is artificial intelligence (AI). Not to be confused with machine learning, the AI hype claims that computers will somehow begin working as good as or better than the human brain, perhaps even to the point of developing consciousness and understanding. Machine learning, on the other hand, deals with statistical analysis and making predictions based on large data sets. It has nothing to do with mimicking the human brain or consciousness.


Tip #2 – Get Certified

Rid your mind of the tripe that “certifications are just paper” and “they don’t prove that you know anything.” The fact is that more certifications = more money. But you have to get certified. Just taking courses isn’t enough. I’ve interviewed people whose resumes listed what courses they took, but they didn’t have the corresponding cert. Don’t do this. It’s a huge strike against you. Take all the courses you need to attain the cert, but then go and get it.

Here are some of the most lucrative and in-demand certification categories going into 2018:

Cloud and networking

Three of the most popular certifications are the AWS Certified Solutions Architect – Associate, and the Cisco Certified Network Associate (CCNA) and Cisco Certified Network Professional (CCNP). There’s no reason you can’t get two of these within the next 3 months.

Hybrid cloud and on-prem virtualization

The Citrix Certified Associate – Virtualization (CCA-V) and Citrix Certified Professional (CCP-V) are evergreen certifications that pertain to both cloud and on-prem virtualization and networking skills. Just having the word “Citrix” on your resume is huge. Having one of the certs is even better. With the right training, you should be able to study for and achieve one of these during the first part of the year.


Information security (infosec) is hot, and it gets hotter with every Equifax hack. The Certified Information Systems Security Professional (CISSP) is a very lucrative certification that’s difficult to achieve. You won’t get it in 3 months. But if you’re dedicated and put in the time to attain it, you can write your own ticket.

How to study

Pluralsight has dozens of courses covering all of these certifications, and you can get unlimited access with a free trial. The courses also have practice exams integrated into the learning experience.


Tip #3 – Update your resume

Update your resume at least once a year. Remove references to obsolete technologies. People may chuckle at your references to Banyan Vines and Windows NT, but those won’t get you an interview. Needless to say, add any new technologies you’ve had a hand in implementing.

Put your certifications front and center on your resume. Put them on your LinkedIn, Twitter, Backchat, Kindler, McSpace, and whatever other job boards you use. Make sure people know you have them. It might seem a little braggy, but it will sharpen the distinction between you and everyone else who doesn’t have them.

Resumes might seem old school, but they’re still important because recruiters literally just Ctrl+F through them searching for various keywords. And guess what keywords they’re looking for. Terms like AWS, Citrix, CCNP, CCNA, Cisco, security, networking, TCP/IP, cloud, etc. Many recruiters don’t know what any of that stuff is, nor do they care. They just want to find someone who has those certs and skills!

Let it be you.

4 Inconvenient but Effective Security Measures

Security usually requires sacrificing convenience (or money). So naturally, we tend to get away with as little security as possible. But if you’re a glutton for punishment, here are 4 very inconvenient but highly effective measures you can take right now to protect yourself from the  evils lurking on the interwebs.

Disable JavaScript

Yeah, I know. Every site made since the Web 2.0 days needs JavaScript just for a text input field to work right. It’s a shame, really. But disabling JavaScript isn’t an all-or-nothing deal. Browser extensions lets you allow JavaScript for sites you trust and block them for all others. If you’re still using Firefox (the most obnoxious browser today), you can use the NoScript extension. Chrome users, check out uMatrix.

Disable XSS

Cross-site scripting (XSS) occurs when you go to one website and it loads JavaScript from a different domain. Sadly, this practice has become normal with the advent of CDNs. What makes it risky is not so much the cross-site request, but the fact that it happens without you knowing it. You don’t see that is loading Nasty.js from someone’s hijacked blog site. Using one of the script blocking extensions I just mentioned will warn you about XSS and let you decide whether to allow it. I’ve stopped several malicious scripts this way over the years.

Block wide categories of websites

Taking a whitelist approach is too inconvenient, as there are just way too many sites out there to keep up with. Your next best option is to use content-based filtering to block websites by category. I use OpenDNS to achieve this, and below is my current list of blocked categories. As you can see, it’s pretty broad.

This list covers some sites I don’t want blocked, so I allow those on a case-by-case basis. You might notice that some of these categories tend to carry malware more than others, so blocking them wholesale is a pretty effective way to avoid fallout from clicking the wrong link.

Don’t use the app

Smartphones normalized a concept that would’ve been considered bizarre just a few years ago: installing an app for every website you use regularly. We’ve got Twitter, Facebook, Gmail, LinkedIn, etc. Can you imagine installing “the MySpace app” on your Windows XP machine in 2005? Some sites just don’t need an app. You can browse to them on your phone and they work fine.

When you install an app, you usually give it permissions to various system resources – photos, call logs, camera, microphone, etc. Chances are the core functionality doesn’t require most of those. If that app has a vulnerability – or worse, malicious code – then you’ve just turned your phone into a neat little hacker toolkit.

Blockchain is a Passing Fad

Whenever a tech fad comes to an end, it becomes so obvious why it failed. Yet during the hype, it’s easy to miss the problems lurking just below the surface. I want to explore some of the problems I see with public blockchain and why I think it’s not going to live up to the hype.

Blockchain can’t track real things

Whenever a new technology comes along, there’s always a temptation to use it in ways above and beyond it was originally intended. Blockchain came to popularity because of Bitcoin, and as Bitcoin grew, people became fascinated by its underlying technology.

But what made Bitcoin popular wasn’t the technology. The whole idea behind Bitcoin was to create a global currency that didn’t have a central monetary authority. Blockchain was just a good means to achieve that.

The fact that blockchain works well for cryptocurrency doesn’t mean that it works well for any sort of transactional database. The idea of digitally moving funds from one account to another doesn’t translate to moving goods along a supply chain. Why not? Because with Bitcoin, the blockchain is currency that you’re moving around. You can’t separate a Bitcoin from the blockchain. If you do, the Bitcoin ceases to exist.

When it comes to supply chain, you’re only moving representations of goods, not the goods themselves. This is a key distinction that people miss. You can assert that a certain string of data represents a tangible thing in the real world, but now that linkage is based on your assertion, not on the blockchain itself. Hence, the blockchain doesn’t add much value.

Anyone can create a blockchain

A blockchain is a database, and as anyone who has dealt with those knows, a database is worthless if no one uses it. There are hundreds, probably thousands of different blockchains. If people who work together every day can’t even agree on where to eat lunch, how is everyone in the world going to agree on a single blockchain for any given application? It’s not going to happen.

Ridiculous bandwidth and storage requirements

Right now blockchain is being touted as a security panacea, especially for IoT. There’s just one big problem: IoT devices have small storage and bandwidth capacity, and blockchain requires enormous amounts of storage and bandwidth.

Inconvenient but not more secure

Security always requires giving up some convenience. But the inverse isn’t necessarily true. When I go to pay for my coffee, I can use a piece of plastic, cash, or scan a barcode on my phone. It’s convenient and mostly secure. But if I want to pay with Bitcoin or some other cryptocurrency, I have to drop some bits onto a blockchain and wait minutes or even hours for the hivemind to “confirm” my transaction.

And what benefit do I get in return? Nothing. No, it’s worse than nothing. I lose my ability to dispute the transaction or get a refund because blockchains are designed to be unchangeable (aka immutable).

Controlled by anonymous

Public blockchains are not inherently decentralized. Distributed, yes. Decentralized, no.

When dealing with a credit or debit card, your bank is in charge of keeping track of the transactions. When dealing with cash, keeping up with your spending is entirely up to you. But when it comes to blockchain, thousands of anonymous strangers are in charge of your transactions.

These anonymous strangers are divided into two groups. You’ve got the developers who create and maintain the software required to interact with the blockchain. This gives them the power to change it in any way they see fit, as well as allow or disallow other people to use it (this actually happened recently with the Bitcoin Core/Cash split).

The other group is the people running the nodes which perform validation of blockchain transactions. Ideally this would be a diverse group of honest people spread all over the world. But the reality is that anyone with enough money (e.g. gov’t) can purchase the compute power to comprise the majority of nodes. Whoever controls the majority of nodes controls the blockchain.

This is arguably the biggest strike against public blockchains because it’s not just a theoretical possibility. It’s already happened. 70% of Bitcoin mining is done in China, only 1% in the US.

Ripe for attack

Even if you assume that most people are honest and will operate clean nodes, there’s still the small problem of security. Imagine that former Soviet spies Boris and Natasha develop a worm targeting a particular blockchain implementation like Ethereum. They’re so 1337 that they manage to infect 80% of the nodes, allowing them to inject bogus data into the chain and validate it.

Don’t underestimate the fallout of this. Even if the participants discover the attack quickly, the damage has already been done. Everyone else now has to face the ugly decision of whether to trust a blockchain they know has already been compromised. This isn’t just a theoretical scenario. Something similar already happened with Ethereum. It resulted in the developers forking the Ethereum chain. That’s why we now have two Ethereums (ETH and ETC).

Architected insecurely

The Boris and Natasha scenario might sound a little bit too spy-movie-ish, but the nature of a public blockchain requires it to be open to the internet. This isn’t a private database locked down behind layers of security. It’s a peer-to-peer app that is more than happy to accept your malformed TCP packet.

Does that mean it’s impossible to implement a secure, public blockchain? No. But it does mean that it’s much, much harder than to just use a private database behind more proven layers of security. Once again, why not just use a traditional database? Blockchain doesn’t offer enough of an advantage to outweigh the risks.

Yes, You Need IT Certifications

Certifications are often lambasted as “worthless pieces of paper” and “experience is more important.” But for some people, certifications are more important than experience.

A substitute for experience

Newcomers to the IT world face the classic problem: how do you get experience without a job? Sure, you can tinker around on your own time, but how do you prove that experience? That’s where certifications come in.

Certifications show a prospective employer that you care enough and have the initiative to spend your own time and money to become a better IT professional. You might have tons of experience with IT as a hobby. But how do you prove that?

With a piece of paper.

Certifications get you hired

They are what get your resume looked at, instead of being tossed into the shredder by HR.

They are what get you the interview.

They are the tie-breaker between you and that other equally qualified person who doesn’t have a cert.

If you have a stack of certifications under your belt, you’re going to be a step ahead of the naysayers who think certifications are a joke, a scam, or a racket.

Certifications mean higher pay

My first IT certification was the CompTIA A+ in 2002. That helped me land one very low paying job. During that time, I also got my Microsoft MCSA.

Fast-forward a few years. I got a job at a local technology reseller where I earned my Network+, Cisco CCNA, CCDA, and finally my CCNP, all within a year. Shortly after that, I was able to get a job that almost doubled my salary.

A couple years later, I got my Citrix CCA. My salary went up by 50%. It increased a few percent each year thereafter.

Oh, and I forgot to mention: no college degree.

You’re always a beginner

Even if you’ve been in the field for 20 years, you’re always a beginner when it comes to emerging technologies. You can work your tail off to get experience with the latest and greatest, but if you want to turn that experience into a raise or new position, you have to prove your skills.

When you put in your resume against someone fresh out of college – and they have that highly sought after certification and you don’t – well, you can guess who’s getting the callback.