DNS high availability architecture

Others 2019-06-13 16:41:25 views: null

Introduction to DNS

1. Concept

DNS (Domain Name System, the domain name system), DNS service is used to request the network, the domain name into an IP address. Internet domain names and IP addresses as mutual mapping of a distributed database, enabling users to more easily access the Internet, without having to remember the IP number of strings that can be directly read by a machine.


7528671-a9d78c380494050f.png
image.png

2. resolution mechanism

  • Recursive queries: If the host inquired about the local domain name server does not know the queried domain name IP address, local domain name server to DNS client, to continue to send a query message to other root name servers, rather than allowing the hosts themselves the next query.

  • Iterative query: When the root name server receives a local domain name server sends an iterative query request packets, or given IP address to be queried, or tell the local domain name server: Your next step should be queried to which the domain name server. Then let the local domain name server for subsequent query, rather than subsequent queries for the local domain name server.


    7528671-28e82be6ce84859d.png
    image.png

Thus, the client to the Local DNS server, belonging to Local DNS recursive queries between the DNS server and superiors; belonging to the iterative query before DNS server and the root DNS servers.

Traditional DNS problems

Whenever the use of the domain name to provide services to users of Internet companies are more or less inevitable encounter a variety of domain names are cached in the Internet environment with Chinese characteristics, the user inter-network access slow and other issues. So Tencent for such a number of domain names in the 100,000-level in terms of Internet companies, domain name resolution abnormal situation in the end how serious it? Tencent daily distributed DNS system is constantly monitoring all key national LocalDNS detection, Tencent domain name in May across the country to resolve the abnormal amount has exceeded 800,000.

1. The domain name cache problems caused

Cache Cache is LocalDNS domain analytical results Tencent domain name, do not initiate the authoritative DNS recursion


7528671-609dcc4a558d54b9.png
image.png

  • Page can not update
    the country's various Internet access providers of bandwidth, interconnection costs, IDC engine room distribution, there is a big difference ICP resource distribution within the network. In order to ensure access to quality within the network users, while reducing cross-network billing, operators to build a content cache server in the network, through the IP address of the domain name to point to force the contents of the cache server, on the realization of the local Ben flow completely left in the local purpose, which led to a real-time user can not access the page, but access to the local cache provided by the operator.
    A, only 80 ports http caching service done, if the domain name is served by https protocol or other ports, user access will be a failure. Such as payment services, by specifying a game port connect server services.
    Operation and maintenance level B, uneven cache server, the cache server failure occurs when users access abnormalities cause problems.

  • Advertising push
    the content caching DNS section LocalDNS that some of the results pointed to, and replace the third-party ad networks advertising. This is what we often see in the lower right corner of the page some inexplicable advertising, these ads may add that operators come in. (Switch to https protocol avoids operators push ad)

2. LocalDNS analytical result in the user being forwarded to the wrong IDC

In addition to the domain name buffer, carriers LocalDNS there resolved to forward the phenomenon. Forwarding is resolved operator's own domain name is not recursive resolution, but the domain name resolution request to the behavior of other operators recursive DNS.

7528671-7c22cfbc178bfb70.png
image.png

While some small operators in order to save resources, it will be forwarded directly to the resolution requests other operators recursive LocalDNS go up.
This is a direct consequence of the authoritative DNS domain name resolution source IP received a request to become other operators IP, end-user traffic is directed to the wrong IDC, user access slow.


7528671-4b68c472b2dd7577.png
image.png

3. LocalDNS recursive exports NAT result in users being directed to the wrong IDC

LocalDNS recursive exports NAT refers to the operator's LocalDNS recursive DNS protocol in accordance with the standard, but because of the presence on the network and configure the multi-destination routing exports NAT, IP exports have resulted in the probability LocalDNS ultimately recursive resolution is not the time the IP address of this site.
This is a direct consequence of the source domain name resolution requests received GSLB DNS IP or become other operators IP, end-user traffic is directed to the wrong IDC, user access slow.


7528671-0aec4d16757f487c.png
image.png

4. DNS hijacking

Traditional public DNS service based on UDP vulnerable DNS hijacking occurred, causing security problems.

Conventional solutions

1. Real-time monitoring + promote business

  • By means of promoting business operators to solve these problems;
  • By user complaints of local operators troubleshoot DNS issues;
    time-consuming and the general effect.

2. bypass is automatically assigned DNS

Use 114dns (114.114.114.114) or google public dns (8.8.8.8)

  • Need guidance provided corresponding user PC, wifi moving end, the presence of the threshold;
  • Edit mobile Internet (3G, 4G) DNS configuration environment, is very difficult ;

3. completely abandoned domain names, self connectcenter traffic scheduling

Need self serverlist list, issued a corresponding IP IP address.
If you want to use this, then this scheme, first you have to get an accurate IP address database to determine the user's home, and then to develop a protocol take a connect center to do the scheduling, and then the access layer to do scheduling transformation. This program and the second scheme, like, not can not do, but the cost will be relatively high, especially for such a large-scale Tencent this business for companies.

Mobile Internet solutions HttpDNS

Introduction 1. HttpDNS

Tencent GSLB team introduced a new domain name resolution scheduling system: HttpDNS. HttpDNS for mobile clients tailor-made based on Http protocol and DNS traffic scheduling solutions, cures LocalDNS resolve exceptions, and traffic scheduling allowed. HttpDNS using the HTTP protocol to interact with the DNS server, instead of the traditional DNS interaction UDP-based protocol, bypassing the Local DNS operators to effectively prevent the domain name hijacking, improving domain name resolution efficiency. In addition, because the DNS server to obtain the real client IP instead of Local DNS IP, to pinpoint client location, operator information, so as to effectively improve scheduling accuracy.

7528671-4579047f33cddf50.png
image.png

2. HttpDNS basic principles

HttpDNS principle is very simple, there are two steps:
A, clients to directly access HttpDNS interface to gain access to domain name service configuration on a configuration management system delayed the optimal IP. (Based disaster recovery considerations, or to retain the second best to resolve domain names using operators LocalDNS way)
B, the client obtains the IP after this IP to send a direct business agreement request. Http request to, for example, by specifying the host header field, returns to the standard HttpDNS IP Http request to send.


7528671-fd8e8aeff448fd44.jpg
HttpDNS

3. HttpDNS advantage

In principle, HttpDNS just the domain name resolution protocol agreement Http replaced by the DNS protocol, is not complicated. However, this tiny converter, has brought numerous benefits:

  • Because the request to bypass the troubled carrier LocalDNS, the user resolve the domain name through Http protocol transparently transmitted on Tencent HttpDNS server IP, the user domain name resolution requests the client will not suffer from abnormal DNS: DNS radical abnormal .

  • LocalDNS hijacking: As HttpDNS is a direct request by ip http server to obtain an A record address, asking domain to local operators resolution process does not exist, so fundamentally avoids the problem of hijacking.

  • The average decline in access latency: Because it is eliminating the need for a direct access to ip domain resolution process.

  • User connection failure rate has dropped:
    by the previous algorithm reduces the high failure rate of server sorting, sorting through the data to improve server time recently visited the historical track record of success by improving access server sorted.

  • Precise scheduling: HttpDNS IP user can directly, by binding to IP address database and velocimetry generated Tencent own proprietary technology can guarantee the fastest access to guide the user's node IDC.

  • Low implementation costs: HttpDNS business needs access only to the client access layer to do a small amount of renovation, without the user root or jailbreak phone; and because the agreement Http requests structure is very simple, compatible with all versions of the mobile operating system would pose no problem; in addition back-end configuration HttpDNS full reuse of existing authoritative DNS configuration, management costs are very low. All in all, the transformation is to minimize the cost to solve the problem of name resolution service suffered abnormal, and meet business needs accurate traffic scheduling.


    7528671-75505cbd19311320.png
    image.png

  • Scalability: HttpDNS reliable domain name resolution service, the service can dispatch its own logic and returns the result HttpDNS binding to achieve a more refined traffic scheduling. Such as the specified version of the client IP address of the connection request, the user specifies the network connection type specified IP address.

4. HttpDNS extending

The user's preferred domain name resolution mode switch to HttpDNS, then HttpDNS high availability and how to ensure it? Also different operators of the service users access to the same IP HttpDNS user access latency how to ensure that?
In order to ensure availability and enhance the user experience, HttpDNS by the BGP Anycast network access Tencent public network switching platform, with the country more mainstream operators to establish a BGP Internet, these operators to ensure that users can quickly access to HttpDNS Service ; Further HttpDNS are deployed in multiple data centers, you can seamlessly switch to any of a node failure when the backup node to ensure that the user properly resolve.

7528671-0669fe9c5ae56821.png
image.png

If only one VIP (Virtual IP), which can increase the DNS records TTL, resolved to reduce delays.
Anycast can use an IP, routing data to the most recent set of servers, by BGP announcement this IP, but that there are two problems:

  • If a node carrying too many users will overload
  • BGP route calculation may cause connection reset
    is required a "stable Anycast" technology.

Reproduced in: https: //www.jianshu.com/p/c945e427d788

Guess you like

Origin blog.csdn.net/weixin_34117522/article/details/91140661
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com