Ƙananan jinkirin DNS shine maɓalli don saurin binciken intanet. Don rage girman shi, yana da mahimmanci don zaɓar sabar DNS a hankali kuma . Amma mataki na farko shine kawar da tambayoyin marasa amfani.
Wannan shine dalilin da ya sa aka fara tsara DNS azaman ƙa'idar da za a iya adanawa sosai. Masu kula da shiyyar suna saita lokacin rayuwa (TTL) don shigarwar ɗaiɗaikun, kuma masu warwarewa suna amfani da wannan bayanin lokacin adana abubuwan shiga cikin ƙwaƙwalwar ajiya don guje wa zirga-zirgar da ba dole ba.
Shin caching yana da tasiri? Shekaru biyu da suka gabata, ɗan binciken da na yi ya nuna cewa ba cikakke ba ne. Mu kalli halin da ake ciki a yanzu.
Don tattara bayanai na faci don adana ƙimar TTL don amsawa. An bayyana shi azaman ƙaramar TTL na bayanan sa don kowace buƙatu mai shigowa. Wannan yana ba da kyakkyawan bayyani na rarraba TTL na ainihin zirga-zirga, kuma yana la'akari da shaharar buƙatun mutum. Sigar uwar garke ta yi aiki na sa'o'i da yawa.
Saitin bayanan da aka samo ya ƙunshi bayanan 1 (suna, qtype, TTL, timestamp). Anan ne gaba ɗaya rarraba TTL (X-axis shine TTL a cikin daƙiƙa):
Baya ga ƙaramin kara a 86 (mafi yawa don rikodin SOA), a bayyane yake cewa TTLs suna cikin ƙananan kewayo. Mu duba a hankali:
To, TTLs sama da awa 1 ba su da mahimmancin ƙididdiga. Sannan bari mu mai da hankali kan kewayon 0-3600:
Yawancin TTL suna daga 0 zuwa mintuna 15:
Mafi rinjaye daga 0 zuwa 5 minutes:
Ba shi da kyau sosai.
Rarraba tarawa yana sa matsalar ta ƙara fitowa fili:
Rabin martanin DNS suna da TTL na minti 1 ko ƙasa da haka, kuma kashi uku cikin huɗu suna da TTL na mintuna 5 ko ƙasa da haka.
Amma jira, a zahiri ya fi muni. Bayan haka, wannan TTL ne daga sabar masu iko. Koyaya, masu warwarewar abokin ciniki (misali magudanar ruwa, caches na gida) suna karɓar TTL daga masu warwarewa na sama, kuma yana raguwa kowace daƙiƙa.
Don haka abokin ciniki na iya zahiri amfani da kowace shigarwa don, a matsakaita, rabin ainihin TTL kafin aika sabuwar buƙata.
Wataƙila waɗannan ƙananan TTLs sun shafi buƙatun da ba a saba gani ba kuma ba shahararrun gidajen yanar gizo da APIs ba? Bari mu duba:
Axis X shine TTL, axis Y shine shahararriyar tambaya.
Abin takaici, shahararrun tambayoyin su ma sun fi muni ga cache.
Bari mu zuƙowa:
Hukunci: hakika yana da muni. Ya riga ya yi muni a da, amma ya yi muni. Caching na DNS ya zama kusan mara amfani. Yayin da mutane kaɗan ke amfani da ISP's DNS solver (saboda kyawawan dalilai), haɓakar latency ya zama sananne.
Caching DNS ya zama mai amfani kawai don abun ciki wanda babu wanda ya ziyarta.
Da fatan za a kuma lura cewa software na iya fassara ƙananan TTLs.
Me yasa haka?
Me yasa aka saita rikodin DNS zuwa irin wannan ƙananan TTL?
- An bar ma'aunin nauyi na gado tare da saitunan tsoho.
- Akwai tatsuniyoyi cewa daidaita nauyin nauyin DNS ya dogara da TTL (wannan ba gaskiya ba ne - tun zamanin Netscape Navigator, abokan ciniki sun zaɓi adireshin IP na bazuwar daga saitin RRs kuma a fili gwada wani idan ba za su iya haɗawa ba)
- Masu gudanarwa suna son aiwatar da canje-canje nan da nan, don haka yana da sauƙin tsarawa.
- Mai gudanarwa na uwar garken DNS ko ma'aunin nauyi yana ganin aikin nasa yana aiwatar da tsarin yadda masu amfani ke buƙata yadda ya kamata, kuma ba yana hanzarta shafuka da ayyuka ba.
- Ƙananan TTLs suna ba ku kwanciyar hankali.
- Mutane sun fara saita ƙananan TTLs don gwaji sannan su manta da canza su.
Ban saka "failover" a cikin jerin ba saboda yana ƙara ƙaranci. Idan kana buƙatar tura masu amfani zuwa wata hanyar sadarwa kawai don nuna shafin kuskure lokacin da komai ya karye, jinkirin fiye da minti 1 yana yiwuwa a yarda.
Bugu da ƙari, TTL na minti ɗaya yana nufin cewa idan an katange sabar DNS masu iko fiye da minti 1, babu wanda zai iya samun damar yin amfani da sabis na dogara. Kuma sakewa ba zai taimaka ba idan dalilin shine kuskuren daidaitawa ko hack. A gefe guda, tare da TTL masu ma'ana, abokan ciniki da yawa za su ci gaba da amfani da tsarin da suka gabata kuma ba za su taɓa lura da komai ba.
Ayyukan CDN da masu daidaita ma'auni sune mafi girman zargi ga ƙananan TTLs, musamman idan sun haɗa CNAMEs tare da ƙananan TTLs da rikodin tare da ƙananan ƙananan (amma masu zaman kansu) TTLs:
$ drill raw.githubusercontent.com raw.githubusercontent.com. 9 IN CNAME github.map.fastly.net. github.map.fastly.net. 20 IN A 151.101.128.133 github.map.fastly.net. 20 IN A 151.101.192.133 github.map.fastly.net. 20 IN A 151.101.0.133 github.map.fastly.net. 20 IN A 151.101.64.133
A duk lokacin da CNAME ko ɗaya daga cikin bayanan A ya ƙare, dole ne a aika sabon buƙatun. Dukansu suna da TTL na biyu na 30, amma ba iri ɗaya bane. Matsakaicin matsakaicin TTL zai kasance daƙiƙa 15.
Amma jira! Ya ma fi muni. Wasu masu warwarewa suna nuna mummunan hali a cikin wannan yanayin tare da ƙananan TTL guda biyu masu alaƙa:
$ drill raw.githubusercontent.com @4.2.2.2 raw.githubusercontent.com. 1 IN CNAME github.map.fastly.net. github.map.fastly.net. 1 A cikin A 151.101.16.133
Mai yiwuwa Level3 mai warwarewa yana aiki akan BIND. Idan ka ci gaba da aika wannan buƙatar, za a dawo da TTL na 1 koyaushe. raw.githubusercontent.com ba a taɓa ɓoyewa ba.
Ga wani misali na irin wannan yanayin tare da sanannen yanki:
$ drill detectportal.firefox.com @1.1.1.1 detectportal.firefox.com. 25 IN CNAME detectportal.prod.mozaws.net. detectportal.prod.mozaws.net. 26 IN CNAME detectportal.firefox.com-v2.edgesuite.net. detectportal.firefox.com-v2.edgesuite.net. 10668 IN CNAME a1089.dscd.akamai.net. a1089.dscd.akamai.net. 10 IN A 104.123.50.106 a1089.dscd.akamai.net. 10 IN A 104.123.50.88
Akalla bayanan CNAME guda uku. Ay. Mutum yana da TTL mai kyau, amma ba shi da amfani. Sauran CNAMEs suna da TTL na farko na daƙiƙa 60, amma don yanki akamai.net Matsakaicin TTL shine daƙiƙa 20 kuma babu ɗayansu da ke cikin lokaci.
Me game da yankunan da ke jefa kuri'a na na'urorin Apple akai-akai?
$ drill 1-courier.push.apple.com @4.2.2.2 1-courier.push.apple.com. 1253 IN CNAME 1.courier-push-apple.com.akadns.net. 1.courier-push-apple.com.akadns.net. 1 IN CNAME gb-courier-4.push-apple.com.akadns.net. gb-courier-4.push-apple.com.akadns.net. 1 IN A 17.57.146.84 gb-courier-4.push-apple.com.akadns.net. 1 IN A 17.57.146.85
Matsala iri ɗaya kamar Firefox da TTL za su kasance a makale a daƙiƙa 1 mafi yawan lokacin amfani da mai warware matsalar Level3.
Dropbox?
$ drill client.dropbox.com @8.8.8.8 client.dropbox.com. 7 A CNAME abokin ciniki.dropbox-dns.com. abokin ciniki.dropbox-dns.com. 59 IN A 162.125.67.3 $ drill client.dropbox.com @4.2.2.2 client.dropbox.com. 1 A CNAME abokin ciniki.dropbox-dns.com. abokin ciniki.dropbox-dns.com. 1 A cikin A 162.125.64.3
A cikin rikodin safebrowsing.googleapis.com Ƙimar TTL shine daƙiƙa 60, kamar yankunan Facebook. Kuma, kuma, daga ra'ayi na abokin ciniki, waɗannan dabi'u sun ragu.
Yaya game da saita mafi ƙarancin TTL?
Yin amfani da sunan, nau'in buƙatun, TTL, da tambarin lokaci na asali, na rubuta rubutun don yin kwatankwacin buƙatun miliyan 1,5 da ke wucewa ta hanyar mai warware caching don ƙididdige ƙarar buƙatun da ba dole ba da aka aiko saboda shigarwar cache da ya ƙare.
47,4% na buƙatun an yi su bayan ƙarewar rikodin da ke akwai. Wannan yana da girma mara hankali.
Menene zai zama tasiri akan caching idan an saita mafi ƙarancin TTL?
Axis X shine mafi ƙarancin ƙimar TTL. Rubuce-rubuce masu tushen TTLs sama da wannan ƙima ba su da tasiri.
Axis Y shine adadin buƙatun daga abokin ciniki wanda ya riga ya sami shigarwar cache, amma ya ƙare kuma yana yin sabon buƙatu.
An rage rabon buƙatun "ƙarin" daga 47% zuwa 36% ta hanyar saita mafi ƙarancin TTL zuwa mintuna 5. Ta hanyar saita mafi ƙarancin TTL zuwa mintuna 15, adadin waɗannan buƙatun ya ragu zuwa 29%. Ƙananan TTL na awa 1 yana rage su zuwa 17%. Bambanci mai mahimmanci!
Yaya game da rashin canza wani abu a gefen uwar garken, amma a maimakon haka saita mafi ƙarancin TTL a cikin caches na abokin ciniki na DNS (masu amfani da hanyar sadarwa, masu warwarewar gida)?
Adadin buƙatun da ake buƙata ya ragu daga 47% zuwa 34% tare da ƙaramin TTL na mintuna 5, zuwa 25% tare da ƙaramin mintuna 15, zuwa 13% tare da ƙaramin awa 1. Wataƙila minti 40 ya fi kyau.
Tasirin wannan ƙaramin canji yana da yawa.
Menene sakamakon?
Tabbas, ana iya matsar da sabis ɗin zuwa sabon mai ba da girgije, sabon uwar garken, sabon hanyar sadarwa, yana buƙatar abokan ciniki don amfani da sabbin bayanan DNS. Kuma ƙaramin TTL yana taimakawa wajen yin irin wannan sauyi cikin sauƙi da rashin fahimta. Amma tare da sauyawa zuwa sababbin abubuwan more rayuwa, babu wanda ke tsammanin abokan ciniki suyi ƙaura zuwa sabbin bayanan DNS a cikin minti 1, mintuna 5, ko mintuna 15. Sanya mafi ƙarancin TTL zuwa mintuna 40 maimakon mintuna 5 ba zai hana masu amfani samun damar sabis ɗin ba.
Koyaya, wannan zai rage jinkiri sosai da haɓaka sirri da aminci ta hanyar guje wa buƙatun da ba dole ba.
Tabbas, RFCs sun ce dole ne a bi TTL sosai. Amma gaskiyar ita ce tsarin DNS ya zama marar inganci.
Idan kuna aiki tare da sabar DNS masu iko, da fatan za a bincika TTL naku. Shin kuna buƙatar gaske irin waɗannan ƙananan ƙima masu ban dariya?
Tabbas, akwai kyawawan dalilai don saita ƙananan TTL don bayanan DNS. Amma ba don 75% na zirga-zirgar DNS wanda ya rage kusan baya canzawa.
Kuma idan saboda wasu dalilai da gaske kuna buƙatar amfani da ƙananan TTLs don DNS, a lokaci guda ku tabbata cewa rukunin yanar gizonku bai kunna caching ba. Don dalilai guda.
Idan kuna da cache na gida da ke gudana, kamar wanda ke ba ku damar saita mafi ƙarancin TTLs, yi amfani da wannan aikin. Wannan yayi kyau. Babu wani abu mara kyau da zai faru. Saita mafi ƙarancin TTL zuwa kusan mintuna 40 (2400 seconds) da awa 1. Kewayo mai ma'ana sosai.
source: www.habr.com