242: DoH: DNS over HTTPS – or One More Way For It To be DNS Fault

Cloud Pod Header
242: DoH: DNS over HTTPS - or One More Way For It To be DNS Fault
78 / 100

Welcome to episode 242 of the The Cloud Pod podcast – where the forecast is always cloudy. This week your hosts Justin, Ryan, Matthew, and Jonathan are talking about DoH – or DNS over HTTPS, the Digital Ocean, CISO issues, and whether employee issues over at Amazon will impact user experience. It’s a quiet week, but some interesting conversations you’re not going to want to miss. 

Titles we almost went with this week:

  • 🌊Tired of the Winter of Other Announcements, The Cloud Pod Hits the Digital Ocean
  • ❄️Breaking Through the Chill: The CloudPod Dives into Digital Ocean’s Latest
  • 🥶Fed Up with the Winter of Other Announcements? Dive into Digital Ocean with the CloudPod!
  • 😴The Cloud Pod Almost Didn’t Bother with an Episode This Week
  • 🦥The Cloud Pod Starts the Year Off Slow
  • 🛏️The Cloud Pod is Silently Slacking Off
  • 💾Running DNS over https Does Not Mean You Can’t Blame DNS for Always Breaking
  • 🖱️DNS over HTTPS, One More Way DNS Will Break

A big thanks to this week’s sponsor:

Foghorn Consulting provides top-notch cloud and DevOps engineers to the world’s most innovative companies. Initiatives stalled because you have trouble hiring?  Foghorn can be burning down your DevOps and Cloud backlogs as soon as next week.

AI is Going Great – Or how ML Makes Money

7:20 OpenAI’s Annualized Revenue Tops $1.6 Billion as Customers Shrug Off CEO Drama

  • Listener Note: paywall article, but worth reading. 
  • According to two people interviewed by the Information, Open AI’s revenue has grown to 1.6B from its ChatGPT product, up from 1.3b as of mid-October. 
    • That’s a 20% growth over two months.  
  • As this happened during the period of the leadership crisis, it seems to not have had much impact. 
  • This roughly means OpenAI is making $130M a month from the sales of subscriptions.  And yes, that includes us. You’re welcome, OpenAI.

8:28📢 Justin – “I’m sure this is a ‘it made 1.3 billion or $1.6 million in revenue’ and they spent $25 billion. I’m pretty sure that’s the current scenario.”


9:23 The AWS Canada West (Calgary) Region is now available

  • Ca-west-1 has opened the thirty-third AWS region with 3 AZ’s. 
  • 70 services available at launch. 
  • According to the announcement, “This second Canadian Region allows you to architect multi-Region infrastructures that meet five nines of availability while keeping your data in the country.”
  • We apologize for Justin’s terrible Canadian accent. 

11:09 DNS over HTTPS is now available in Amazon Route 53 Resolver

  • HTTPS continues to take over the world, coming for your Route 53 Resolver with support for DNS over HTTPS (DoH) protocol for both inbound and outbound resolver endpoints.   
  • There is a specific implementation for FIPS Compliance, and you can find info about that here

12:57📢 Ryan – “DNS is one of those things where, you know, most people don’t think about it, um, you know, it’s just sort of one of the magic ways that the internet just goes. I thought it was pretty interesting that they were posturing this as sort of a zero trust implementation. And so that was sort of where it piqued my interest because I thought that they were trying to do sort of that end client resolver and yeah, I don’t know. Like, I can see a major sea change, but I mean, as long as it’s taken IPv6 to take off and some of these other sort of lower level configurations, I think UDP port 53 DNS is probably going to be here for quite a while.”

15:28 Amazon’s Silent Sacking 

  • Justin Garrison who works at AWS (well at least as of December 30th) on the K8 team has posted a blog on Amazon’s silent sacking. 
    • Give us a break. It’s a slow news week. 
  • In the article he talks about the layoffs that occurred in 2023, and the stock price and how it’s bad for Amazon (and probably for us as customers too.) 
  • RTO was enforced, and people started leaving in droves, or looking or waiting for their next RSU payout. 
  • In Justin’s small world he said no one under L7 didn’t want out.  And that it mostly came down to compensation.
  • IC’s and Managers that are L7 or above make a total comp of between 400-800k and for that much money they can put up with inconveniences. 
  • As Amazon’s pay is 40% stock, they only make those big numbers when the stock stays up.  Amazon is in a vicious cycle of lowering operating costs so their earnings go up and stock rises… but at the cost of burning out everyone doing the work. 
  • Justin points out that the trend is still going up, but that it’s much much slower. And Customers want higher levels of abstraction which AWS has historically struggled with, combined with trailing AI the biggest cost is people. 
  • Many teams at Amazon have been in a hiring freeze for over a year, and he contends that Amazon has shifted from leader to follower and he doesn’t think it’s going well. 
  • Amazon hasn’t put in decades of AI research, doesn’t partner with external companies well unlike microsoft. High margin services like network egress are being given away for free. 
  • He laments the loss of the 2 pizza teams, which he thinks is the purest implementation of devops he has seen. But he realized it’s super expensive, with only a handful of centralized teams at Amazon primarily Pipelines, SDKs, and Security. All components are self-contained and it’s expensive.
  • But with forced RTO it gets worse, as teams have lost institutional knowledge.  Teams were lean  before 2023, now they’re in even more trouble with some that can’t innovate as they’re too busy keeping the lights on.  
  • The next logical shift is to centralize expertise to reduce costs. Giving up autonomy will allow for a reduction in duplication.  
    • Amazon has never had Platform Engineering or Site Reliability Engineers.  
  • He goes on to say he believes there *will be* major AWS outages in 2024, no amount of multi-region redundancy will protect you.  
    • He points to the increase in LSE (large scale events), but that customers haven’t noticed yet. And points this to RTO and Amazon’s silent sacking. Amazon also doesn’t have to share LSE’s. Only customers who are impacted are worthy of dashboard updates. 
  • Now he seems a bit jaded perhaps.. As he wraps up the article about his situation where he has been told in September that his team is being eliminated, but that he has done a great job and they want him to find another role in the company. But the other roles have all been less money, lower titles, require more RTO or other issues. This lack of roles may result in many engineers quitting, and he has asked for Severance but has not received anything yet despite regularly asking. 
  • Is the brain drain a real risk to us, the customers? 

20:07 📢 Justin – “He did talk about pipelines, SDKs and security are all centralized, and tooling so that makes sense. So those are centralized tools, but yeah, the reality is that they, they practice what they preach was, you know, they build cloud native applications that can scale and fault tolerant and they do AB testing and they do canary deployments and they do error rate detection and they do stuff. So even when you’re at Amazon, if you are on call, you know, mostly the automation will take care of whatever the issues are, so you don’t have to get woken up. And if they can’t, then they, then you get paged in and you have to deal with it.”


24:24  Cloud CISO Perspectives: Our 2024 Cybersecurity Forecast report 

26:55 📢  Ryan – “I don’t know if I’m for that, right? Because I don’t think that, you know, hiding those things behind discovery rules or anything like that is really helping anything.”

27:48 📢  Jonathan – “I’m just worried nobody will want to be a CISO in the future. Who’s going to want to take on that risk? I mean, who will want to join a company because they need a CISO, presumably because they’ve got problems that need to be fixed, knowing that there’s problems that haven’t been fixed. I mean, what a huge amount of risk to take on unless there are some rules around where you get like a three to six month period of time by which you’re not liable, but perhaps there’s more transparency in actions that you take or information that you have.”


37:02  What’s new in Azure Data, AI, & Digital Applications: Modernize your data estate, build intelligent apps, and apply AI solutions 

  • Microsoft Azure has added Llama 2 to their Models as a Service (MaaS) service. This allows model providers to offer their latest open and frontier LLMs on Azure for generative AI developers to integrate into their applications. 
  • In addition they have launched several multi-modal AI capabilities including Dall-E 3, GPT 3.5 Turbo and GPT 4 Turbo
  • GPT 4 Turbo  with Vision
  • Fine tuning of Azure Open AI including Babbage-002, Davinci-002, and GPT-35-Trubo
  • GPT 4 updates to the model as well as ability for fine tuning as well. 

38:23 📢  Jonathan – “The problem is on smaller GPUs, which pretty much anybody has at home, you have to kind of round down the precision of the model to make it fit in memory sensibly. And so you chop off, you know, they’re 8-bit models, but you chop off the least of the input in four bits, so you really kind of impact the performance of the model so it fits in memory.”

Other Providers

40:45  Product Updates What’s new and what’s next at DigitalOcean: Managed Kafka, more Droplet choices, GPUs for AI/ML apps, and more 

  • It’s been a bit since we talked about Digital Ocean, but recently someone on the show mentioned managed services over there.  I mentioned they had a K8 service, but they have announced even more. 
  • They have announced Digital Ocean Managed Kafka, which is a fully managed event streaming platform as a service.  
  • They are now offering a Paper Space AI platform with support for GPUs, the Nvidia H100, Paperspace was an acquisition digital ocean made in July. 
  • Digital Ocean backup service
  • Scalable storage for managed postgres and mysql, that allows you to increase storage capacity without upgrading the full cluster. 
  • New DDOS capabilities
  • Support plans
  • And much much more.
  • If you don’t need cloud parity as you’ve written things agnostically, Digital Ocean is worth looking at. 

41:12 📢  Justin – “…with moving to Kubernetes and moving to containers, like the ability to use DigitalOcean for a lot of workloads is much, much more available for dev workloads and something to check out if you are not totally locked into your cloud vendor in some terrible way. You might be able to run your Dev and Senses here or some of your smaller projects that don’t need quite the same level of services. You get a pretty nice little setup here.”


And that is the week in the cloud! We would like to thank our sponsors Foghorn Consulting. Check out our website, the home of the Cloud Pod where you can join our newsletter, slack team, send feedback or ask questions at theCloud Pod.net or tweet at us with hashtag #theCloud Pod

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.