Instead of running local resolvers for caching, they should have used nscd DNS cache to decrease the volume of queries from those machines running the logs tasks. nscd is not designed for that, but is long known to have this best-use practice:
https://prefetch.net/blog/2011/03/27/configuring-nscd-to-cac...
Yes. Also, nscd is irrelevant in at least a few ecosystems. Java and (I think) Go try to do their own resolving instead of using libc. Java's resolver, in particular, is braindead in the default configuration: infinite record caching, ignoring TTLs.
systemd-resolved solves this, as does running unbound or similar as a local cache.
Yeah but then they not going to have a fancy blog about how they hit the AWS traffic limit to VPC resolver! Now days a tech blog like this is gonna be good tech PR for the company.
That's... quite the interpretation. Do you really think that Stripe's intention is to "encourage people with low skills to apply" by writing a blog post about monitoring DNS?