Understand DNS cache

Understand DNS cache

Produced by learning scum, technical/English learning records, it is inevitable that there will be understanding/translation flaws or even errors, please correct me.
It is recommended to read the original text: Understanding DNS cache

When I first learned DNS resolution , I was surprised by this long and complicated process. Imagine how many websites you visit every day, and then think about how many times you visit every day. Now imagine that every time you visit, the ISP DNS server on the other end must repeat the entire recursive process and query all domain name servers in the recursive chain.

With this as a background, imagine your cell phone. When you want to make a phone call with a friend you regularly contact, you can easily find their name in the recent call and call. However, if the information is not ready, you have to call 114 to get their number, and then dial out manually. Does it seem cumbersome?

In fact, it takes a lot of steps and a lot of time to convert a domain name into a IP Fortunately, DNS considered how to speed up DNS and implemented the cache. DNS cache enables DNS Server or the client to store the DNS records locally and reuse them later, reducing the query requirements DNS

The domain name system implements the survival time ( TTL ) DNS TTL specifies the number of seconds that a DNS record DNS server and client. DNS record exists in the cache, its survival time will also be saved. The server will continue to update TTL in the cache, counting down in seconds. When it becomes 0 , the record will be deleted or cleared from the cache. At this time, if the request for the record is received again after the cache expires, the DNS server must start the resolution process.

To understand caching, let's look at the example in the previous article, parsing www.google.com . When you enter www.google.com in the browser, the browser asks the operating system for the address of IP The operating system has stub resolver or DNS client (reference: what is DNS Server , resolver and stub resolver ), an operating system responds to all DNS query parser. The DNS resolver will send a DNS request (and turn on the recursive query flag) to a specific recursive resolver (domain name server) and store its DNS record in the cache TTL

When Stub Resolver receives a request from an application, it will first check its cache, and if there is the record in the cache, it will directly return the information in the cache to the application. If there is no cache, sending DNS request (recursive marker and open) recursive parser ( ISP the DNS server).

When Recursive Resolver receives a request, it will first check which information of www.google.com If there is a A cache, the record is sent to Stub Server . If there is no A record, but there is an authoritative name server's NS record, it will request these authoritative name servers (bypassing the root server and com gTLD server).

If there is no authoritative name server, it will request the com gTLD server.

graph TD;
google.com-->Browser;
Browser-->OS;
OS-->Stub-Resolver;
Stub-Resolver-->Cached;
Cached-->Browser;
Stub-Resolver-->Not-Cached;
Not-Cached-->ISP-DNS;
ISP-DNS-->Cached-A-Record;
Cached-A-Record-->Stub-Resolver;
ISP-DNS-->Not-Cached-A-Record;
Not-Cached-A-Record-->Cached-Auth-NS-Server;
Cached-Auth-NS-Server-->Query-Auth-NS-Server;
Query-Auth-NS-Server-->ISP-DNS;
Not-Cached-A-Record-->Not-Cached-Auth-NS-Server;
Not-Cached-Auth-NS-Server-->COM-GTLD-Server;
COM-GTLD-Server-->ISP-DNS;

Note: The chart is added by the translator according to his own understanding (corrections are welcome)

If there is no authoritative name server, the .com gTLD server will be requested (because their TTL is very high, they generally exist in the cache, and they are suitable for any .com domain name). Only when they do not exist in the cache, Recursive Resolver gTLDs from the root server, which is very rare (usually refers to the purge ).

In order to avoid propagating the expired DNS record, the DNS server will correct a requested TTL instead of the original TTL value of this record. For example, assume a www.google.com record TTL is 4 hours, and in the morning it 8 points are Recursive Resolver stored in the cache. If there is a new user, in this parser in the morning 9 request the same domain name point, resolver will send a 3 hours TTL record.

Now we have covered the DNS in OS and DNS servers, and then there is the last layer of cache: application. All applications can choose to cache DNS data, even if they cannot follow the DNS standard. The application relies on the operating system function getaddrinfo() to resolve the domain name (all operating systems use the same function name). This function returns the IP -but it does not return the DNS record, so the application does not have TTL available.

Therefore, different applications have different time for caching data. IE10+ will store up to 256 domain names in its cache, the fixed time is 30 minutes . 256 domain names seem to be a lot, but in fact they are not-a large number of web pages on the Internet will consume 50 domain names, thanks to third-party tagging and redirection. On the other hand, Chrome will cache DNS information one minute and store 1000 records. You can access Chrome: // NET-Internals # dns view and clean up Chrome of DNS cache.

NS cache trap

DNS cache traps that people often fall into is the authoritative name server record. As we mentioned before, the authoritative name server is specified NS NS records TTL . But it does not provide the IP address of the name server. IP information is in the additional A or AAAA record response.

Therefore, a Recursive Resolver depends on both the NS and A records to reach the name server. Ideally, two recording types TTL should be the same, but occasionally someone misconfigured DNS zones , they will DNS request incoming new A or AAAA record. The new record overwrites the old record, causing discrepancies.

When all the records are in the cache, Recursive Resolver IP address of one of the domain name servers. If Recursive Resolver cache only NS record, no A or AAAA record, it must resolve the domain name server, such as ns1.google.com , get its IP address. This is not good, because it increases the time to resolve the domain. And, if it has a A or AAAA domain name server but no NS , it will forcefully initiate a DNS query of the www.google.com

Set TTL: balance behavior

So, TTL be longer or shorter? If appropriate, use a longer TTL because it will resolvers longer and OSS - means better performance for end users, and it will reduce traffic to your name server, Because there will be fewer requests. In any case, it will also reduce your changes to DNS , make you more vulnerable to DNS hijacking attacks, and fail to set offline error pages when your data center is inaccessible.

In other words, TTL more people will spend time downloading pages or resources, and increase the pressure on your name server. And make you change the DNS configuration faster.

DNS parsing is a multi-stage process involving a large number of Internet servers. The built-in caching mechanism of the protocol accelerates the process DNS DNS server and / or client TTL follow the on DNS specification, but the application such as the browser does not follow the norm - so they can be saved at any time of the cache.