In order to better control the resolution process, website administrators often set authoritative DNS configuration to achieve the purpose of controlling the resolution end and eliminating uncontrollable users. However, after the operation, it is often found that there is an impact factor in the resolution path, that is, the local recursive DNS .
Recursive analysis is provided by the operators of each line, so neither the website administrator nor the authoritative analysis party has the right to make configuration changes to the recursive analysis. But in the actual website analysis process, the efficiency of recursive analysis is often the key to the entire analysis process .
Speaking of the recursive resolution mechanism, I have to talk about a key word in the resolution record: time to live (TTL) .
TTL refers to the effective time for the recursive analysis to obtain the analysis record of the authoritative analysis answer. When the time exceeds the TTL value, this analysis is considered invalid, and the new access request is sent to the recursive analysis. , Recursive analysis will re-query this analysis record.
There is a certain contradiction in the setting of the TTL value : if the administrator wants to refresh the analytical records at a high frequency to ensure that the address modification effect can be quickly presented to the client, or wants to quickly refresh the wrong address caused by operational errors or *** Set TTL to a small value; if the address of the server is stable, and the administrator hopes that customers can access the website to get a better access experience, instead of having to go through the waiting process of parsing layer by layer for each visit, you can set TTL Is the larger value.
In addition to the TTL value that affects the refresh of the parsing record, a " lazy " mechanism of recursive parsing, the mutual inquiry mechanism , also plays an important role.
When a parsing record is invalid but a new access request comes, the recursive parsing, which should have asked the authoritative parsing, is unwilling to look up the authoritative address according to the rules and regulations, and then travels a long distance to the "teacher's house" for answers, but tends to look for " "Students around you"-that is, other recursive analysis nearby, directly copy the other party's analysis record and return it to the visitor.
Due to the access mechanism, recursive analysis has become one of the most convenient starting points for the *** analysis system.
The main purpose of *** is nothing more than hijacking or polluting DNS. Analyzing cache poisoning is one of the most commonly used *** methods. According to the content mentioned above, if the TTL value is set to be large, the cache poisoning will exist for a long time; if the TTL value is set to be small, in addition to the user access experience will be worse, due to the recursive resolution mechanism of mutual inquiry, the cache will be caused Poisoning is repeatedly transmitted in the recursive analysis community, which is difficult to eradicate.
In order to solve the trouble caused by recursive analysis, cloud analysis service providers choose to apply a new technical means to deal with it, namely DNS cloud acceleration technology .
DNS cloud acceleration is a domain name resolution acceleration technology that deploys massive acceleration nodes across the entire network, actively accelerates nearby public DNS, reduces the recursive process of public DNS, and effectively improves user access experience.
The specific operation mechanism is: deploy service nodes in various places to cover recursive analysis points in various places, and distribute the pre-entered analysis records to each node, and then the node sends access request messages to nearby recursive analysis to ensure that the recursive analysis can respond immediately When accessing the request, check the received response and the real analysis record to determine whether there is a problem such as poisoning. If there is a problem, the correct analysis record will be directly issued to the target in the form of an authoritative analysis message. Recursive analysis will cover its cached errors As a result, to achieve the effect of purifying recursive analysis.
Although the Internet is full of crises, basic Internet service providers can always come to cover up the water. As a website administrator, even if you can't take precautions, you can't make up for it in time. I believe that through the concerted efforts between service providers and administrators, we will work together to create a safe and stable Internet environment just around the corner.