Networking
為什麼 TTL 有時會在 DNS 查詢之間重新增加?
我
dig xkcd.com
,我得到了這樣的東西:; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> xkcd.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52538 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;xkcd.com. IN A ;; ANSWER SECTION: xkcd.com. 769 IN A 107.6.106.82 ;; AUTHORITY SECTION: xkcd.com. 87784 IN NS dns3.p03.nsone.net. xkcd.com. 87784 IN NS dns1.p03.nsone.net. xkcd.com. 87784 IN NS dns2.p03.nsone.net. xkcd.com. 87784 IN NS dns4.p03.nsone.net. ;; ADDITIONAL SECTION: dns1.p03.nsone.net. 70809 IN A 198.51.44.3 dns2.p03.nsone.net. 70809 IN A 198.51.45.3 dns3.p03.nsone.net. 71406 IN A 198.51.44.67 dns4.p03.nsone.net. 70809 IN A 198.51.45.67 ;; Query time: 222 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Wed Jan 21 22:16:42 HKT 2015 ;; MSG SIZE rcvd: 206
是的
769
記憶體TTL
值xkcd.com
。但是,當我重複dig xkcd.com
幾次(彼此相隔幾秒鐘)時,我TTL
每次都會得到一個看似隨機的值。這是順序:TRY | ANSWER | AUTHORITY | ADDITIONAL | WHEN ==================================================================== 1 | 586 | 59577 | 44474 | Wed Jan 21 22:18:31 HKT 2015 2 | 587 | 14242 | 56745 | Wed Jan 21 22:18:32 HKT 2015 3 | 658 | 87673 | 70698 | Wed Jan 21 22:18:34 HKT 2015 4 | 1022 | 76200 | 51189 | Wed Jan 21 22:18:40 HKT 2015 5 | 1200 | 160954 | 44662 | Wed Jan 21 22:18:41 HKT 2015 6 | 574 | 59565 | 44462 | Wed Jan 21 22:18:43 HKT 2015 7 | 646 | 87661 | 70686 | Wed Jan 21 22:18:46 HKT 2015 8 | 1200 | 121364 | 55967 | Wed Jan 21 22:18:47 HKT 2015 9 | 1200 | 83292 | 54698 | Wed Jan 21 22:18:48 HKT 2015 10 | 1024 | 40540 | 43816 | Wed Jan 21 22:18:49 HKT 2015
為什麼我會得到這個看似隨機(在一個範圍內)的值
TTL
?我希望它會逐漸減少,因為它是記憶體的。
Dig 報告**TTL 到期前的剩餘時間,**而不是實際的 TTL 值。如果數量不同,則很可能您正在查詢不同的 DNS 伺服器(例如,循環),這些伺服器的記錄記憶體時間不同,因此具有不同的到期時間。
如果您對同一個 DNS 伺服器執行相同的查詢,您將看到 TTL 減少(大致)與您在查詢之間等待的秒數相同。見下文:
ragnarok:~ cwatson$ dig a cwatson.org @192.168.50.11; sleep 2s; dig a cwatson.org @192.168.50.11 ; <<>> DiG 9.8.3-P1 <<>> a cwatson.org @192.168.50.11 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39178 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;cwatson.org. IN A ;; ANSWER SECTION: cwatson.org. 5847 IN A 46.249.223.150 ;; Query time: 43 msec ;; SERVER: 192.168.50.11#53(192.168.50.11) ;; WHEN: Wed Jan 21 14:51:08 2015 ;; MSG SIZE rcvd: 45 ; <<>> DiG 9.8.3-P1 <<>> a cwatson.org @192.168.50.11 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24943 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;cwatson.org. IN A ;; ANSWER SECTION: cwatson.org. 5845 IN A 46.249.223.150 ;; Query time: 45 msec ;; SERVER: 192.168.50.11#53(192.168.50.11) ;; WHEN: Wed Jan 21 14:51:10 2015 ;; MSG SIZE rcvd: 45
因此,對於您的完整範例,您有 769 秒的時間直到 A 記錄過期,這將強制從您的上游 DNS 伺服器重新查找。
有關更多詳細資訊,請參見此處的答案。