Lingducloud all-round hard core dismantling: how strong is Alibaba Cloud's DNS resolution
In the eyes of many new operation and maintenance or back-end development, DNS (domain name resolution) is like air, which is not noticed at all. After buying the domain name, just find a free analysis and tie it up, and everything will be fine if you can visit it.
But if what you do is
Highly concurrent websites, multinational e-commerce, projects that rely heavily on App API interaction, or are experiencing sudden high-traffic DDoS attacks
and you will find:
If DNS is pulled, no matter how perfect your back-end server architecture is, users will not even be able to enter the door.
As one of the signature components of top cloud vendors in China and even in the world,
Alibaba Cloud DNS(Alibaba Cloud DNS)
Why can it be sold for money? What is the strength of its enterprise edition and flagship edition? Today, without memorizing the official parameters, we will use the vernacular to carry out an all-round "chassis dismantling".
1. Speed and Stability: The Dimensionality Reduction Strike of Global Anytime Anycast
Many people have no idea about the speed of DNS. Let's put it this way, the user must enter your web address in the browser and go through DNS query before the TCP connection is actually established. If the parsing is slow by 100ms, it seems to the user that your web page is stuck by 100ms.
Alibaba Cloud DNS is fast because of two technologies:
Global multi-node
and
Anycast (Anycast) Technology
.
To put it simply, Alibaba Cloud has deployed dozens of core DNS clusters around the world (such as Beijing, Shanghai, Hong Kong, Singapore, the US-West, and Europe), and they announce exactly the same IP address.
Actual effect: When a user located on the west coast of the United States visits your website, his DNS request will not cross the Pacific Ocean to Beijing to query, but will be directly sent to Aliyun's DNS node located in the west of the United States by the "nearby routing" mechanism of the network.
Summary of real-life experience: The official data shows that the global analysis delay is in milliseconds, while the actual speed measurement is basically within 10ms in China and 20-50ms in overseas mainstream regions. Even better, its promised availability (SLA) is 100 percent. This means that its underlying architecture is extremely abnormal and redundant. If you want to see Alibaba Cloud DNS paralyzed globally, the probability is comparable to winning the lottery.
2. intelligent analysis and accurate traffic scheduling: let users take the "nearest highway"
If your servers are deployed in Aliyun Beijing, Aliyun Shenzhen, and even some are in Tengxun Cloud or self-built computer rooms, how do you let users in different regions access the nearest servers?
Alibaba Cloud resolves DNS
Intelligent Line Analysis
This is what I do. It can split the flow as finely as surgery:
The refinement of the operator dimension: it can accurately identify mobile, Unicom, telecommunications, education network, radio and television. Mobile users will never let him go to Unicom
Server, from the source to solve the cross-network delay.
The abnormal division of geographical location: the free version of DNS can only be divided into regions or provinces, while the advanced version of Aliyun can be refined to the city level and even specific overseas countries and regions. For example, you can set "all users from Tokyo, Japan and using Softbank (Softbank) network, all resolved to ECS A in Tokyo computer room".
Weight Configuration (Weight): When promoting or releasing gray scale, you can configure multiple server IP for the same domain name, distribute traffic according to the ratio of 8:2, and smooth transition.
3. security defense: specializes in all kinds of "disconnection, poisoning, DDoS"
When you mix on the Internet, you are most afraid of being targeted by peers or black products. However, DNS is often the weak link that hackers like to attack (for example, the large-traffic DNS Query Flood attack instantly washes your DNS server with massive garbage requests).
Ariyun can be said to have given enough sense of security here:
Anti-D capability with ultra-large bandwidth: Alibaba Cloud Cloud Resolution Advanced Edition comes with extremely powerful anti-attack capability. The flagship version even claims to be able to resist malicious parsing requests over 100 million times per second (Gpps level). Hackers want to move your DNS network? The security team and traffic cleaning center behind Alibaba Cloud will block junk traffic directly on the backbone network.
DNSSEC (Domain Name System Security Extension): Many people have encountered the situation of "domain name hijacking and web advertising. Alibaba Cloud supports enabling DNSSEC with one click, and uses digital signature technology to prevent DNS resolution from being tampered (poisoned) by hackers during transmission, ensuring that users can access the real server.
4. core killer: the world's first "GTM (Global Traffic Management)" and health checks
This is a function that ordinary free DNS absolutely cannot do, and it is also the core reason why large and medium-sized enterprises are willing to pay.
Imagine: at 3 a.m., your main server suddenly went down due to a hardware failure. At this time, you are still sleeping. Do you have to wait for the customer's phone to burst before you get up to modify DNS records?
Alibaba Cloud's
GTM(Global Traffic Manager)
The perfect solution to this problem:
Active health check: Alibaba Cloud probes "poke" your server every tens of seconds from multiple nodes around the world (supports HTTP/HTTPS, Ping, and TCP port detection).
Second-level automatic disaster recovery switching (Failover): Once the main server is found dead, GTM will automatically switch domain name resolution to the standby server or CDN downgrade page within 1-3 minutes (depending on the TTL time you set). The entire process is fully automated, and your users may just feel that the page is stuck a bit, and the business will not be interrupted at all.
How to choose the 5. version? Refuse to spend more money
Alibaba Cloud DNS has several versions. Don't
Blindly buy the most expensive, on demand:
Version
Core applicable scenarios
Recommendation
Free version
Personal blog, display enterprise official website, test project with minimal traffic
That's enough. There are fewer nodes in the world, but the victory is in Bai Piao.
Enterprise Standard Edition
Independent stations in the rising period, local App interface, core enterprise official website
Highly recommended. It has high anti-D attack capability and supports lower TTL value (the resolution takes effect faster and can be set to 10 seconds).
Enterprise Flagship
Multinational business, financial-grade projects, high-concurrency games, business that is just needed for anti-robbery.
The budget is sufficient to close your eyes. Support municipal/overseas national very fine intelligent line scheduling, SLA 100%.
Summary
Domain name resolution is like the compass of the entire Internet world.
The real value of Alibaba Cloud DNS is not those fancy interfaces, but its global ultra-low latency, second-level disaster-tolerant GTM scheduling, and "bulletproof shield" that can help you block hacker attacks ".
If your business is preparing to expand, or is suffering from slow overseas access and frequent server downtime, spending hundreds of dollars to upgrade DNS to Aliyun Enterprise Edition is definitely the most cost-effective investment in operation and maintenance.
