ProHoster > Blog > Kev tswj hwm > Txhob siv Ridiculously Tsawg TTL rau DNS

Txhob siv Ridiculously Tsawg TTL rau DNS

Tsawg DNS latency yog qhov tseem ceeb rau kev tshawb nrhiav hauv internet ceev. Yuav kom txo qis nws, nws yog ib qho tseem ceeb kom ua tib zoo xaiv DNS servers thiab tsis qhia npe relays. Tab sis thawj kauj ruam yog kom tshem tawm cov lus nug tsis muaj txiaj ntsig.

Qhov no yog vim li cas DNS yog thawj zaug tsim los ua tus txheej txheem cacheable heev. Cov thawj coj hauv cheeb tsam tau teem sijhawm nyob (TTL) rau tus kheej nkag, thiab cov neeg daws teeb meem siv cov ntaub ntawv no thaum khaws cov ntawv nkag hauv lub cim xeeb kom tsis txhob muaj tsheb khiav tsis tsim nyog.

Puas yog caching siv tau? Ob peb xyoos dhau los, kuv qhov kev tshawb fawb me me tau pom tias nws tsis zoo tag nrho. Cia wb mus saib lub xeev xwm txheej tam sim no.

Sau cov ntaub ntawv kuv patched Encrypted DNS Server kom txuag tau tus nqi TTL rau cov lus teb. Nws txhais tau tias yog qhov tsawg kawg nkaus TTL ntawm nws cov ntaub ntawv rau txhua qhov kev thov tuaj. Qhov no muab cov ntsiab lus zoo ntawm TTL kev faib tawm ntawm cov tsheb tiag tiag, thiab tseem yuav siv sij hawm rau hauv tus account qhov nrov ntawm cov neeg thov. Lub patched version ntawm tus neeg rau zaub mov ua haujlwm rau ob peb teev.

Cov ntaub ntawv tshwm sim muaj 1 cov ntaub ntawv (npe, qtype, TTL, timestamp). Ntawm no yog tag nrho TTL faib (X-axis yog TTL hauv vib nas this):

Txhob siv Ridiculously Tsawg TTL rau DNS

Ib cag los ntawm ib qho me me ntawm 86 (feem ntau rau SOA cov ntaub ntawv), nws yog qhov tseeb zoo nkauj tias TTLs nyob rau hauv qhov qis. Cia peb saib ze dua:

Txhob siv Ridiculously Tsawg TTL rau DNS

Okay, TTLs ntau dua 1 teev tsis yog qhov tseem ceeb. Tom qab ntawd cia peb tsom mus rau qhov ntau ntawm 0-3600:

Txhob siv Ridiculously Tsawg TTL rau DNS

Feem ntau TTLs yog los ntawm 0 mus rau 15 feeb:

Txhob siv Ridiculously Tsawg TTL rau DNS

Feem ntau yog los ntawm 0 mus rau 5 feeb:

Txhob siv Ridiculously Tsawg TTL rau DNS

Nws tsis zoo heev.

Kev faib tawm ntau ntxiv ua rau qhov teeb meem pom tseeb dua:

Txhob siv Ridiculously Tsawg TTL rau DNS

Ib nrab ntawm cov lus teb DNS muaj TTL ntawm 1 feeb lossis tsawg dua, thiab peb lub hlis twg muaj TTL ntawm 5 feeb lossis tsawg dua.

Tab sis tos, nws yog qhov phem dua. Tom qab tag nrho, qhov no yog TTL los ntawm cov servers tso cai. Txawm li cas los xij, cov neeg daws teeb meem (xws li routers, hauv zos caches) tau txais TTL los ntawm cov neeg daws teeb meem, thiab nws txo qis txhua ob.

Yog li tus neeg siv khoom tuaj yeem siv txhua qhov nkag rau, qhov nruab nrab, ib nrab ntawm TTL thawj zaug ua ntej xa daim ntawv thov tshiab.

Tej zaum cov TTLs tsawg heev no tsuas yog siv rau cov kev thov txawv txawv thiab tsis yog cov vev xaib nrov thiab APIs? Cia peb saib:

Txhob siv Ridiculously Tsawg TTL rau DNS

X axis yog TTL, Y axis yog nug qhov chaw.

Hmoov tsis zoo, cov lus nug nrov tshaj plaws kuj yog qhov phem tshaj plaws rau cache.

Wb zoom in:

Txhob siv Ridiculously Tsawg TTL rau DNS

Kev txiav txim: nws phem heev. Nws twb phem ua ntej lawm, tab sis nws txawm phem dua. DNS caching tau dhau los ua tsis muaj txiaj ntsig. Raws li cov neeg tsawg dua siv lawv ISP's DNS daws teeb meem (rau qhov laj thawj zoo), qhov nce hauv latency yuav pom ntau dua.

DNS caching tau dhau los ua qhov tseem ceeb rau cov ntsiab lus uas tsis muaj leej twg tuaj xyuas.

Thov nco ntsoov tias lub software yuav txawv txhais TTLs tsawg.

Vim licas?

Vim li cas DNS cov ntaub ntawv tau teeb tsa rau qhov qis TTL?

  • Legacy load balancers tau sab laug nrog kev teeb tsa ua ntej.
  • Muaj cov lus dab neeg hais tias DNS load ntsuas nyob ntawm TTL (qhov no tsis muaj tseeb - txij li hnub ntawm Netscape Navigator, cov neeg siv khoom tau xaiv qhov chaw nyob IP random los ntawm pawg RRs thiab pob tshab sim lwm qhov yog tias lawv tsis tuaj yeem txuas tau)
  • Cov thawj coj xav thov kev hloov tam sim ntawd, yog li nws yooj yim dua rau kev npaj.
  • Tus thawj tswj hwm ntawm DNS server lossis load balancer pom nws txoj haujlwm ua tau zoo siv cov kev teeb tsa uas cov neeg siv thov, thiab tsis ua kom cov chaw thiab cov kev pabcuam.
  • Tsawg TTLs muab kev thaj yeeb nyab xeeb rau koj.
  • Tib neeg pib teeb tsa TTLs qis rau kev sim thiab tom qab ntawd tsis nco qab hloov lawv.

Kuv tsis suav nrog "failover" hauv daim ntawv vim tias nws tau dhau los ua tsawg thiab tsis cuam tshuam. Yog tias koj xav tau hloov cov neeg siv mus rau lwm lub network tsuas yog los tso saib nplooj ntawv yuam kev thaum txhua yam puas lawm, ncua sijhawm ntau dua 1 feeb yog qhov ua tau.

Tsis tas li ntawd, ib-feeb TTL txhais tau hais tias yog kev tso cai DNS servers raug thaiv ntau tshaj 1 feeb, tsis muaj leej twg tuaj yeem nkag mus rau cov kev pabcuam nyob. Thiab redundancy yuav tsis pab yog tias qhov ua rau yog kev teeb tsa yuam kev lossis hack. Ntawm qhov tod tes, nrog TTL tsim nyog, ntau tus neeg siv khoom yuav txuas ntxiv siv cov kev teeb tsa yav dhau los thiab tsis pom dab tsi.

CDN cov kev pabcuam thiab cov khoom sib npaug feem ntau yog liam rau TTLs qis, tshwj xeeb tshaj yog thaum lawv muab CNAMEs nrog TTLs qis thiab cov ntaub ntawv nrog qis sib npaug (tab sis ywj siab) TTLs:

$ drill raw.githubusercontent.com
raw.githubusercontent.com.	9	IN	CNAME	github.map.fastly.net.
github.map.fastly.net.	20	IN	A	151.101.128.133
github.map.fastly.net.	20	IN	A	151.101.192.133
github.map.fastly.net.	20	IN	A	151.101.0.133
github.map.fastly.net.	20	IN	A	151.101.64.133

Thaum twg CNAME lossis ib qho ntawm A cov ntaub ntawv tas sijhawm, yuav tsum xa daim ntawv thov tshiab. Ob leeg muaj 30 thib ob TTL, tab sis nws tsis zoo ib yam. Qhov tseeb nruab nrab TTL yuav yog 15 vib nas this.

Tab sis tos! Nws tseem phem dua. Qee tus neeg daws teeb meem coj tus cwj pwm phem heev hauv qhov xwm txheej no nrog ob qhov cuam tshuam qis TTLs:

$ xyaum raw.githubusercontent.com @4.2.2.2 raw.githubusercontent.com. 1 hauv CNAME github.map.fastly.net. github.map.fastly.net. 1 IB 151.101.16.133

The Level3 daws tej zaum yuav khiav ntawm BIND. Yog tias koj tseem xa daim ntawv thov no, TTL ntawm 1 yuav rov qab mus tas li. Qhov tseem ceeb, raw.githubusercontent.com yeej tsis cached.

Nov yog lwm qhov piv txwv ntawm qhov xwm txheej zoo li no nrog lub npe nrov heev:

$ drill detectportal.firefox.com @1.1.1.1
detectportal.firefox.com.	25	IN	CNAME	detectportal.prod.mozaws.net.
detectportal.prod.mozaws.net.	26	IN	CNAME	detectportal.firefox.com-v2.edgesuite.net.
detectportal.firefox.com-v2.edgesuite.net.	10668	IN	CNAME	a1089.dscd.akamai.net.
a1089.dscd.akamai.net.	10	IN	A	104.123.50.106
a1089.dscd.akamai.net.	10	IN	A	104.123.50.88

Yam tsawg kawg peb CNAME cov ntaub ntawv. Ay. Ib tus muaj TTL zoo, tab sis nws tsis muaj txiaj ntsig kiag li. Lwm CNAMEs muaj qhov pib TTL ntawm 60 vib nas this, tab sis rau cov thawj akamai.net Qhov siab tshaj TTL yog 20 vib nas this thiab tsis muaj leej twg nyob rau theem.

Yuav ua li cas txog cov chaw uas niaj hnub soj ntsuam Apple cov khoom siv?

$ drill 1-courier.push.apple.com @4.2.2.2
1-courier.push.apple.com.	1253	IN	CNAME	1.courier-push-apple.com.akadns.net.
1.courier-push-apple.com.akadns.net.	1	IN	CNAME	gb-courier-4.push-apple.com.akadns.net.
gb-courier-4.push-apple.com.akadns.net.	1	IN	A	17.57.146.84
gb-courier-4.push-apple.com.akadns.net.	1	IN	A	17.57.146.85

Cov teeb meem tib yam li Firefox thiab TTL yuav raug daig ntawm 1 thib ob feem ntau thaum siv Level3 daws teeb meem.

Dropbox?

$ laum client.dropbox.com @8.8.8.8 client.dropbox.com. 7 Hauv CNAME client.dropbox-dns.com. client.dropbox-dns.com. 59 IN A 162.125.67.3 $ laum client.dropbox.com @4.2.2.2 client.dropbox.com. 1 hauv CNAME client.dropbox-dns.com. client.dropbox-dns.com. 1 IB 162.125.64.3

Thaum sau safebrowsing.googleapis.com TTL tus nqi yog 60 vib nas this, zoo li Facebook domains. Thiab, dua, los ntawm tus neeg siv qhov kev xav, cov txiaj ntsig no yog halved.

Yuav ua li cas txog qhov tsawg kawg nkaus TTL?

Siv lub npe, hom kev thov, TTL, thiab lub sijhawm khaws cia thaum xub thawj, kuv tau sau ib tsab ntawv los simulate 1,5 lab qhov kev thov dhau los ntawm kev daws teeb meem caching los kwv yees qhov ntim ntawm cov ntawv thov tsis tsim nyog xa vim qhov kev nkag mus rau cache tas sij hawm.

47,4% ntawm kev thov tau ua tom qab cov ntaub ntawv uas twb muaj lawm tau tas sijhawm. Qhov no yog qhov tsis tsim nyog siab.

Dab tsi yuav cuam tshuam rau caching yog tias qhov tsawg kawg nkaus TTL raug teeb tsa?

Txhob siv Ridiculously Tsawg TTL rau DNS

X axis yog qhov tsawg kawg nkaus TTL tus nqi. Cov ntaub ntawv nrog qhov TTLs saum toj no tus nqi tsis cuam tshuam.

Y axis yog qhov feem pua ​​​​ntawm kev thov los ntawm tus neeg siv khoom uas twb muaj qhov nkag mus hauv cached, tab sis nws tau tas sij hawm thiab tab tom ua qhov kev thov tshiab.

Qhov sib faib ntawm qhov kev thov "ntxiv" raug txo los ntawm 47% mus rau 36% los ntawm kev teeb tsa qhov tsawg kawg nkaus TTL rau 5 feeb. Los ntawm kev teeb tsa TTL yam tsawg kawg nkaus rau 15 feeb, tus lej ntawm cov kev thov no poob rau 29%. Qhov tsawg kawg nkaus TTL ntawm 1 teev txo lawv mus rau 17%. Qhov txawv tseem ceeb!

Yuav ua li cas tsis hloov ib yam dab tsi ntawm server sab, tab sis hloov qhov tsawg kawg nkaus TTL hauv cov neeg siv DNS caches (routers, cov neeg daws teeb meem hauv zos)?

Txhob siv Ridiculously Tsawg TTL rau DNS

Tus naj npawb ntawm kev thov yuav tsum poob los ntawm 47% mus rau 34% nrog qhov tsawg kawg nkaus TTL ntawm 5 feeb, mus rau 25% nrog tsawg kawg yog 15 feeb, thiab mus rau 13% nrog tsawg kawg yog 1 teev. Tej zaum 40 feeb yog qhov zoo.

Qhov cuam tshuam ntawm qhov kev hloov me me no loj heev.

Dab tsi yog qhov tshwm sim?

Tau kawg, qhov kev pabcuam tuaj yeem hloov mus rau qhov chaw pabcuam huab tshiab, server tshiab, network tshiab, xav kom cov neeg siv khoom siv cov ntaub ntawv DNS tshiab. Thiab ib qho me me TTL pab ua kom muaj kev hloov pauv zoo thiab tsis pom zoo. Tab sis nrog kev hloov pauv mus rau cov txheej txheem tshiab, tsis muaj leej twg xav kom cov neeg siv khoom tsiv mus rau cov ntaub ntawv DNS tshiab hauv 1 feeb, 5 feeb, lossis 15 feeb. Kev teeb tsa qhov tsawg kawg nkaus TTL rau 40 feeb es tsis txhob siv 5 feeb yuav tsis tiv thaiv cov neeg siv los ntawm kev nkag mus rau qhov kev pabcuam.

Txawm li cas los xij, qhov no yuav txo qis latency thiab txhim kho kev ceev ntiag tug thiab kev ntseeg siab los ntawm kev zam kev thov tsis tsim nyog.

Tau kawg, RFCs hais tias TTL yuav tsum tau ua raws li nruj me ntsis. Tab sis qhov tseeb yog tias DNS system tau dhau los ua tsis muaj txiaj ntsig.

Yog tias koj ua haujlwm nrog DNS servers tso cai, thov xyuas koj TTLs. Koj puas xav tau cov txiaj ntsig tsis zoo li no tiag?

Tau kawg, muaj cov laj thawj zoo los teeb tsa TTL me me rau cov ntaub ntawv DNS. Tab sis tsis yog rau 75% ntawm DNS tsheb uas tseem tsis tau hloov pauv.

Thiab yog tias vim qee yam koj xav tau siv TTL qis rau DNS, tib lub sijhawm kom paub tseeb tias koj lub xaib tsis muaj caching enabled. Vim tib yam.

Yog tias koj muaj DNS cache hauv zos khiav, xws li dnscrypt-proxyuas tso cai rau koj los teeb tsa TTL yam tsawg kawg nkaus, siv cov haujlwm no. Qhov no zoo. Tsis muaj dab tsi phem yuav tshwm sim. Teeb TTL yam tsawg kawg nkaus rau kwv yees li 40 feeb (2400 vib nas this) thiab 1 teev. Heev tsim nyog ntau yam.

Tau qhov twg los: www.hab.com

Yuav txhim khu kev qha hosting rau cov chaw nrog DDoS tiv thaiv, VPS VDS servers 🔥 Yuav lub vev xaib hosting txhim khu kev qha nrog kev tiv thaiv DDoS, VPS VDS servers | ProHoster