This paper mainly includes DNS A brief introduction ,DNS Introduction to the principle of query and DNS A brief introduction to load balancing applications .

1、DNS brief introduction

1.1 What is? DNS

First of all, let's understand DNS What is it? . Here's a Wikipedia explanation ：

The domain name system （ English ：Domain Name System, abbreviation ：DNS） Is a service of the Internet . It is used to IP A distributed database with address mapping , Make it easier for people to access the Internet .DNS Use TCP and UDP port 53. At present , The limit for the length of each level of domain name is 63 Characters , The total length of the domain name cannot exceed 253 Characters .

We know that the communication in the computer network actually needs to go through IP To carry out , But let users remember so many complex and irregular IP The address is unrealistic , So people invented domain names , Users only need to remember the domain name , Then you can visit the corresponding website through the domain name , and DNS The domain name we usually use, such as 163.com、google.com Etc. into corresponding IP Address , Then let the client and the IP A system in which addresses communicate .

The Wikipedia above says DNS A distributed database is reasonable , because DNS The main function is to store all kinds of domain names and corresponding IP Address ,DNS The request can be understood as the operation of querying the database . And because DNS It needs to be used frequently by all Internet users around the world , So it must be distributed （ Wide area ）、 High concurrency （ Ask for more ）、 High availability （ High importance ） A system of .

1.2 DNS Parsing type

DNS In fact, there are many types of parsing , What we often come into contact with is A Classes and CNAME, Now, of course, IPv6 When it becomes popular, there will be AAAA class （ amount to IPv6 Version of A class ）.

• A- Point the domain name to a IPV4 Address

  For example, will wikipedia.org This domain name resolves to 103.102.166.224 This IPv4 Address ;

• CNAME- Point the domain name to another domain name

  For example, will wikipedia.org This domain name resolves to wikipedia.org.cn

• AAAA- Point the domain name to a IPV6 Address

  For example, will wikipedia.org This domain name resolves to 2001:df2:e500:ed1a::1 This IPv6 Address ;

• NS- Specify other subdomains DNS Server resolution

  For example, the domain name you purchased in Alibaba cloud , But I want to use Netease cloud to provide DNS Resolution service , Then add a NS Record , Set the record value to the value of Netease cloud DNS Server domain name ;

• MX- Point the domain name to the mail server address

  When setting mailbox , Let the mailbox receive mail , You need to add MX Record .MX Its full name is mail exchanger, It is used to locate the mail server according to the address suffix of the receiver when the email system sends mail . for example , Email someone [email protected] when , The system will wikipedia.org Conduct DNS Medium MX Record resolution . If MX Records exist , The system is based on MX Priority of records , Forward the message to the MX On the corresponding mail server .

• TXT- The text length limit is generally 255, it is customary to SPF Record （ anti-spam ）

  SPF yes Sender Policy Framework Abbreviation , A kind of IP Address authentication e-mail sender identity technology . The recipient will check the domain name first SPF Record , To determine the sender's IP Whether the address is included in SPF In the record , If in , Think it's the right email , Otherwise, it will be considered as a forged e-mail to be returned .

• CAA-CA Certification authority authorization verification

  CAA(Certificate Authority Authorization), That is, the certification authority authorizes . Is a new item that can be added to DNS Additional fields in records , adopt DNS Mechanism creation CAA Resource records , You can limit the certificates and certificates issued by the domain name CA（ Certification authority ） The connection between . An unauthorized third party attempts to use other means CA Register to get the for this domain name SSL/TLS The certificate will be rejected .

  Domain name settings CAA Record , Make the site owner , Can be authorized to specify CA Organizations issue certificates for their domain names , To prevent HTTPS Certificate issued incorrectly , So as to improve website security .

Others are like SRV、 dominance / Recessive URL Equal resolution , For details, you can view the... Provided by the corresponding domain name provider DNS Parse the service description document .

2、DNS The query process

2.1 DNS Server type

DNS There are three kinds of servers , root DNS The server , top DNS The server , authority DNS The server .

• root DNS The server It's the highest level DNS The server , Globally, 13 set , It does not provide direct DNS Domain name resolution service , It is responsible for transferring the corresponding top-level domain name DNS The address of the server is returned to the query client

• Top-level domain name （top level domain, Shorthand for TLD）, That is, corresponding to the second layer in the figure top DNS The server Responsible top-level domain name , alike , Top level domain name servers also do not provide direct DNS Domain name resolution service , Instead, it is responsible for returning the corresponding authoritative domain name server to the query client

• authority DNS The server Is the third layer in the figure , At this time authority DNS The server will return the corresponding domain name IP Address , The client got IP The address can be accessed .

So the fourth layer in the figure example.wikipedia.org by wikipedia.org Subdomain , It can also be called a secondary domain name , The fifth floor www.example.wikipedia.org It's the fourth floor example.wikipedia.org Subdomain , It can also be called Level 3 domain name , And so on .

2.2 DNS Request process

Next, let's visit Wikipedia (wikipedia.org) For example , Analyze the following figure ：

1. First, the client sends a request and needs to access wikipedia.org, Then the first step is to access the local DNS cache ;
2. The local DNS The cache will read the corresponding... Under the system hosts file , That is to say Linux Under the /etc/hosts or Windows Under the C:\Windows\System32\drivers\etc\hsots, If this defines wikipedia.org This domain name corresponds to IP Address , Access this directly IP, There's nothing else going on ;
3. If the local cache file has no records , Then the client will send a request to Local DNS The server , Generally speaking, it will be ISP Provided by default DNS The server , Of course, we can also manually specify as a third party DNS The server . Local DNS The server queries the records in the server , If any, the record will be directly returned to the client ;
4. If Local DNS The server There is no record , Then I will visit Root domain server , inquiry wikipedia.org The address of the corresponding top-level domain name server ;
5. Root domain server Judge whether it is access according to the request .org Domain name request , Will return to the client .org Of Top-level domain server Address ;
6. Local DNS The server After getting the address , Send a request to .org Of Top-level domain server , inquiry wikipedia.org The address of the corresponding authoritative domain name server ;
7. .org Of Top-level domain server Returned to the client wikipedia.org Of Authoritative domain name server The address of ;
8. Local DNS The server After getting the address , Send a request to wikipedia.org Of Authoritative domain name server , inquiry wikipedia.org Of IP Address ;
9. wikipedia.org Of Authoritative domain name server to Local DNS The server Back to wikipedia.org Of IP Address ;
10. Local DNS The server Returned to the client wikipedia.org Of IP Address , Client and this IP Establishing a connection , Start transmitting data , This time DNS End of request .

Actually, the one above is the longest DNS Inquiry , Because in general, our DNS The local server will store the corresponding DNS Cache records , In this way DNS When querying, you can directly return the local cache to the client , Thus, the following recursive query is avoided .

So if we change the domain name DNS How about parsing records ？ such as wikipedia.org Of IP Address from 103.102.166.224 Modified into 103.102.166.225, This involves the time when the resolution takes effect , It's called TTL, The effective time of parsing depends on the local DNS The cache's parsing record's TTL Due time , The general default is 10 minute . For example, parsing the record settings TTL The value is 10 minute , In theory, the effective time of global analysis needs 10 minute ; Parsing record settings TTL The value is 60 second , In theory, the effective time of global analysis needs 60 second .

3、DNS Use of

We already know DNS The most basic and important role is to conduct domain name and IP Record and query of correspondence between addresses , besides ,DNS It can also be used as a load balancer .

First we need to know , Domain name and IP It's not a one-on-one relationship , It's a many to many relationship . That is to say a IP You can bind multiple domain names , A domain name can also be resolved to multiple IP. With this feature , We can use it DNS To achieve load balancing .

Note that load balancing is not just DNS This way

3.1 Internal load balancing （SLB）

for example , An application needs to access a database , The database should be configured in this application IP Address , Or should you configure the domain name of the database ？ Obviously, the domain name should be configured , Because once this database , For some reason , Changed to another machine , If multiple applications are configured with this database , A change IP Address , You need to modify all these applications . But if the domain name is configured , Then just in DNS In the server , Map the domain name to new IP Address , The work is finished , Greatly simplifies operation and maintenance .

On this basis , We can go further . for example , One application wants to access another , If you configure another application IP Address , So this access is one-to-one . But when the visited application can't hold up , We can actually deploy multiple . however , Access its application , How to balance load among multiple ？ Just configure it as a domain name . At domain name resolution , We just need to configure the policy , Return to the first IP, Next time return the second IP, Load balancing can be realized .

3.2 Global load balancing （GSLB）

Or the picture just above , We joined in GSLB1 and GSLB2 Behind the authoritative domain name server , The previous access process of the authoritative server is the same as that mentioned above DNS The request process is the same , Here we still visit Wikipedia (wikipedia.org) For example .

• Let's start with Wikipedia (wikipedia.org) Make one CNAME analysis , Let it resolve to glsb.wikipedia.org This GSLB1 The server ;
• After the client requests the authoritative domain name server , Got a glsb.wikipedia.org The address of , Then the client accesses glsb.wikipedia.org This server , Pay attention to this time glsb.wikipedia.org It should act as an authoritative domain name server ;
• glsb.wikipedia.org After receiving the request , Can be based on the source of IP Determine which region the request is , Suppose China , Then give it a return cn.glsb.wikipedia.org Of GSLB2 The server address of ;
• GSLB2 According to the received request , Returns the name of the server closest to the client IP Address , So that GSLB The effect of .

GSLB And what we often say LVS、NGINX A big difference between load balancing and other methods is that the effect will be better when the coverage is particularly wide . For example, the server business in China , To expand to the United States , Suppose that the traffic of the business doubles , To double the number of machines , You can choose to double the number of machines in the original cluster , Or deploy another set of the same servers in the United States , Then configure DNS Of GSLB Server to achieve . Obviously the effect of the latter will be better , Because the speed of American users accessing Chinese servers is certainly not as fast as that of American servers .

Here is just an inappropriate metaphor , In fact, doubling the number of visits is certainly not so simple . But in this cross regional load balancing strategy ,DNS Of GSLB It's a good choice .