← Voltar aos diagramas

DNS & CDN Deep Dive

Resolução DNS hierárquica, DNSSEC, CDN edge caching e invalidação

DNS Resolution🌐Browser CacheTTL based💻OS Cache/etc/hosts📡RouterHome/Corp DNSmissmiss🔄Recursive Resolver8.8.8.8 / 1.1.1.1missITERATIVE🌍Root NS13 anycast clusters1. where is .com?📁TLD NS.com .io .dev2. NS for example.com?📋Authoritativens1.example.com3. A record?FINALDNS Record TypesA: IPv4 | AAAA: IPv6 | CNAME: alias | MX: mailTXT: SPF/DKIM/verify | SRV: service | NS: nameserverCAA: cert authority | SOA: zone info | TTL: 300-86400sDNSSEC — Chain of TrustRoot KSK → Root ZSK → .com DS → .com ZSK → example.com DS → RRSIGPrevine: DNS spoofing, cache poisoning, MITM. Custo: +2 queries, +pacoteCRYPTO CHAINCDN (Content Delivery Network)🏢Edge PoPSão Paulo🏢Edge PoPVirginia🏢Edge PoPFrankfurt300+ PoPs🛡️Shield / Mid-tierRegional Cache🖥️Origin ServerBackendcache misscache missL2 CACHECache Invalidation StrategiesTTLTime-basedPurge APIOn-demandSWRStale-While-RevCache TagsGranular PurgeVersioned URLsImmutableETag / If-NoneConditionalUser → DNS (cache chain) → Anycast CDN PoP → Cache HIT (~5ms) ou MISS → Shield → Origin → Response cached → TTLLatências típicasEdge hit: ~5-20msShield hit: ~30-50msOrigin: ~100-500msDNS lookup: ~20-120ms

Cache chain: browser (chrome://net-internals) → OS (/etc/hosts) → router → ISP resolver

0/9