使用 DNS 原則智慧 DNS 回應根據一天的時間Use DNS Policy for Intelligent DNS Responses Based on the Time of Day

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

您可以使用本主題以了解如何在應用程式的流量分配,使用 DNS 原則一天的時間為基礎的應用程式的不同分散執行個體。You can use this topic to learn how to distribute application traffic across different geographically distributed instances of an application by using DNS policies that are based on the time of day.

本案例可用於您想来直接傳輸到其他應用程式的伺服器,例如 [位於另一部時區中的網頁伺服器一個時區中的位置。This scenario is useful in situations where you want to direct traffic in one time zone to alternate application servers, such as Web servers, that are located in another time zone. 這可讓您在應用程式執行個體的山峰載入餘額流量主要伺服器資料傳輸多載句點這樣的時間。This allows you to load balance traffic across application instances during peak time periods when your primary servers are overloaded with traffic.

根據一天的時間智慧 DNS 回應的範例Example of Intelligent DNS Responses Based on the Time of Day

以下是如何使用 DNS 原則,以根據一天的時間餘額應用程式流量的範例。Following is an example of how you can use DNS policy to balance application traffic based on the time of day.

此範例中使用一虛構家公司,以 Contoso 禮品服務,透過他們的網站,contosogiftservices.com 全球提供 online 贈送方案。This example uses one fictional company, Contoso Gift Services, which provides online gifting solutions across the globe through their Web site, contosogiftservices.com.

在兩個耗電量、西雅圖(北美)中,並在都柏林(歐洲)的另一個裝載 contosogiftservices.com 網站。The contosogiftservices.com Web site is hosted in two datacenters, one in Seattle (North America) and another in Dublin (Europe). 傳送地理位置注意回應,使用 DNS 原則設定的 DNS 伺服器。The DNS servers are configured for sending geo-location aware responses using DNS policy. 在商務用最近突波,contosogiftservices.com 已經有更多的訪客每日,針對部分服務的可用性問題報告。With a recent surge in business, contosogiftservices.com has a higher number of visitors every day, and some of the customers have reported service availability issues.

Contoso 禮品服務執行網站分析,並探索之間 6 PM 和 9 PM 本地時間每個夜晚突波中已流量的網頁伺服器。Contoso Gift Services performs a site analysis, and discovers that every evening between 6 PM and 9 PM local time, there is a surge in the traffic to the Web servers. Web 伺服器無法縮放處理流量增加在這些山峰的時數,導致阻斷服務來針對。The Web servers cannot scale to handle the increased traffic at these peak hours, resulting in denial of service to customers. 相同的山峰小時流量多載是中歐與美國資料中心。The same peak hour traffic overload happens in both the European and American datacenters. 在其他一天的時間,伺服器處理流量磁碟區的遠低於他們最大的功能。At other times of day, the servers handle traffic volumes that are well below their maximum capability.

若要確保 contosogiftservices.com 針對從網站取得回應式的經驗,以 Contoso 禮品服務想要重新導向至都柏林; 9 PM 下午 6 點之間的西雅圖應用程式伺服器的一些都柏林流量並想要重新導向某些西雅圖流量 6 PM 和 9 PM 西雅圖之間的都柏林應用程式伺服器。To ensure that contosogiftservices.com customers get a responsive experience from the Web site, Contoso Gift Services wants to redirect some Dublin traffic to the Seattle application servers between 6 PM and 9 PM in Dublin; and they want to redirect some Seattle traffic to the Dublin application servers between 6 PM and 9 PM in Seattle.

下圖描述此案例。The following illustration depicts this scenario.

範例天 DNS 原則的時間

如何智慧 DNS 回應根據一天運作的時間How Intelligent DNS Responses Based on Time of Day Works

設定使用時間的一天 DNS 原則,6 下午之間 9 PM 在每個地理位置的 DNS 伺服器時會執行下列的 DNS 伺服器。When the DNS server is configured with time of day DNS policy, between 6 PM and 9 PM at each geographical location, the DNS server does the following.

  • 解答前四個查詢收到 datacenter 區域中的網頁伺服器的 IP 位址。Answers the first four queries it receives with the IP address of the Web server in the local datacenter.
  • 解答五查詢收到遠端 datacenter 中的網頁伺服器的 IP 位址。Answers the fifth query it receives with the IP address of the Web server in the remote datacenter.

這項原則為主行為卸載 20 每一分本機的網頁伺服器流量負載遠端網頁伺服器簡化負擔應用程式本機伺服器,並改善針對網站的效能。This policy-based behavior offloads twenty per cent of the local Web server's traffic load to the remote Web server, easing the strain on the local application server and improving site performance for customers.

峰的 DNS 伺服器執行一般地理-位置型流量管理。During off-peak hours, the DNS servers perform normal geo-locations based traffic management. 此外 DNS 用傳送查詢從北美地區或歐洲以外的任何位置的 DNS 伺服器負載平衡流量,在西雅圖和 Dublin 資料中心。In addition, DNS clients that send queries from locations other than North America or Europe, the DNS server load balances the traffic across the Seattle and Dublin datacenters.

多個 DNS 原則是設定在 DNS,他們排序的組規則,,便會處理 DNS 最高優先順序的最低的優先順序。When multiple DNS policies are configured in DNS, they are an ordered set of rules, and they are processed by DNS from highest priority to lowest priority. DNS 使用的第一個原則符合環境,包括一天的時間。DNS uses the first policy that matches the circumstances, including time of day. 基於這個原因,更特定原則應該會有較高優先順序。For this reason, more specific policies should have higher priority. 如果您建立的原則天的時間,將它們設定為高優先順序原則的清單中,DNS 處理並是否符合您的 DNS client 查詢和原則中定義條件參數第一次使用這些原則。If you create time of day policies and give them high priority in the list of policies, DNS processes and uses these policies first if they match the parameters of the DNS client query and the criteria defined in the policy. 如果不符合,DNS 下移原則清單處理預設的原則,直到您找到符合。If they don't match, DNS moves down the list of policies to process the default policies until it finds a match.

如需有關原則類型條件,請查看DNS 原則概觀For more information about policy types and criteria, see DNS Policies Overview.

如何設定智慧 DNS 回應根據一天的時間 DNS 原則How to Configure DNS Policy for Intelligent DNS Responses Based on Time of Day

若要設定時間的一天應用程式負載平衡查詢回應 DNS 原則,您必須執行下列步驟。To configure DNS policy for time of day application load balancing based query responses, you must perform the following steps.

注意

您必須是針對您想要設定的區域授權的 DNS 伺服器上執行這些步驟。You must perform these steps on the DNS server that is authoritative for the zone you want to configure. 資格在DnsAdmins,或等,才能執行下列程序。Membership in DnsAdmins, or equivalent, is required to perform the following procedures.

下列章節提供詳細的設定指示操作。The following sections provide detailed configuration instructions.

重要

以下的各節包含包含許多參數值範例範例 Windows PowerShell 命令。The following sections include example Windows PowerShell commands that contain example values for many parameters. 請確認值是適用於您的部署,執行下列命令之前,先取代範例值這些命令列中。Ensure that you replace example values in these commands with values that are appropriate for your deployment before you run these commands.

建立 DNS Client 子網路Create the DNS Client Subnets

找出子網路的 IP 位址,您想要重新導向流量地區空間是第一個步驟。The first step is to identify the subnets or IP address space of the regions for which you want to redirect traffic. 例如,如果您想要將流量美國和歐洲重新導向,您需要找出子網路的 IP 位址空間這些地區。For example, if you want to redirect traffic for the U.S. and Europe, you need to identify the subnets or IP address spaces of these regions.

您可以從地理 IP 「 地圖 」 來取得此資訊。You can obtain this information from Geo-IP maps. 依據這些地理 IP 散發,您必須建立」DNS Client 子」。Based on these Geo-IP distributions, you must create the "DNS Client Subnets." DNS Client 子網路是 IPv4 或 IPv6 子網路,查詢會傳送至 DNS 伺服器的邏輯群組。A DNS Client Subnet is a logical grouping of IPv4 or IPv6 subnets from which queries are sent to a DNS server.

若要建立 DNS Client 子網路,您可以使用下列的 Windows PowerShell 命令。You can use the following Windows PowerShell commands to create DNS Client Subnets.

Add-DnsServerClientSubnet -Name "AmericaSubnet" -IPv4Subnet "192.0.0.0/24, 182.0.0.0/24"  

Add-DnsServerClientSubnet -Name "EuropeSubnet" -IPv4Subnet "141.1.0.0/24, 151.1.0.0/24"  

如需詳細資訊,請查看新增-DnsServerClientSubnetFor more information, see Add-DnsServerClientSubnet.

建立區域範圍Create the Zone Scopes

Client 子網路設定之後,您必須磁碟分割的流量您想要重新導向至兩種不同的區域範圍,領域 DNS Client 子網路,您所設定的區域。After the client subnets are configured, you must partition the zone whose traffic you want to redirect into two different zone scopes, one scope for each of the DNS Client Subnets that you have configured.

例如,如果您想要重新導向之 DNS 名稱 www.contosogiftservices.com 流量,您必須建立兩種不同的區域範圍 contosogiftservices.com 區域,另一個用於美國和歐洲的其中一個。For example, if you want to redirect traffic for the DNS name www.contosogiftservices.com, you must create two different zone scopes in the contosogiftservices.com zone, one for the U.S. and one for Europe.

時區領域是區域的唯一執行個體。A zone scope is a unique instance of the zone. DNS 區域可以有多個區域領域,與每個包含 DNS 記錄它自己設定的區域範圍。A DNS zone can have multiple zone scopes, with each zone scope containing its own set of DNS records. 相同記錄可能會出現在多個領域,以不同的 IP 位址或相同的 IP 位址。The same record can be present in multiple scopes, with different IP addresses or the same IP addresses.

注意

根據預設,區域領域存在於 DNS 區域。By default, a zone scope exists on the DNS zones. 這個區域領域作為區域,具有相同的名稱,並在這個領域中工作舊版 DNS 作業。This zone scope has the same name as the zone, and legacy DNS operations work on this scope.

您可以使用下列的 Windows PowerShell 命令來建立區域範圍。You can use the following Windows PowerShell commands to create zone scopes.

Add-DnsServerZoneScope -ZoneName "contosogiftservices.com" -Name "SeattleZoneScope"  

Add-DnsServerZoneScope -ZoneName "contosogiftservices.com" -Name "DublinZoneScope"  

如需詳細資訊,請查看新增-DnsServerZoneScopeFor more information, see Add-DnsServerZoneScope.

若要的區域領域加入資料Add Records to the Zone Scopes

現在,您必須將記錄代表網頁伺服器主機成兩個區域範圍。Now you must add the records representing the web server host into the two zone scopes.

例如,在SeattleZoneScope,記錄www.contosogiftservices.com的 IP 位址 192.0.0.1,在西雅圖資料中心中新增了。For example, in SeattleZoneScope, the record www.contosogiftservices.com is added with IP address 192.0.0.1, which is located in a Seattle datacenter. 同樣地,在DublinZoneScope,記錄www.contosogiftservices.com的 IP 位址 141.1.0.3 都柏林 datacenter 中新增了Similarly, in DublinZoneScope, the record www.contosogiftservices.com is added with IP address 141.1.0.3 in the Dublin datacenter

您可以使用下列 Windows PowerShell 命令若要的區域領域加入資料。You can use the following Windows PowerShell commands to add records to the zone scopes.

Add-DnsServerResourceRecord -ZoneName "contosogiftservices.com" -A -Name "www" -IPv4Address "192.0.0.1" -ZoneScope "SeattleZoneScope  

Add-DnsServerResourceRecord -ZoneName "contosogiftservices.com" -A -Name "www" -IPv4Address "141.1.0.3" -ZoneScope "DublinZoneScope"  

當您新增記錄預設範圍中不包含 ZoneScope 參數。The ZoneScope parameter is not included when you add a record in the default scope. 這是標準 DNS 時區新增記錄相同。This is the same as adding records to a standard DNS zone.

如需詳細資訊,請查看新增-DnsServerResourceRecordFor more information, see Add-DnsServerResourceRecord.

建立 DNS 原則Create the DNS Policies

子網路建立後的磁碟分割(區域領域),而且您已新增記錄、查詢回應 DNS client 子網路的來源查詢時,會傳回正確的範圍的區域的您必須建立連接子網路和的磁碟分割的原則。After you have created the subnets, the partitions (zone scopes), and you have added records, you must create policies that connect the subnets and partitions, so that when a query comes from a source in one of the DNS client subnets, the query response is returned from the correct scope of the zone. 不原則所需的對應區域預設範圍。No policies are required for mapping the default zone scope.

這些 DNS 原則設定之後,DNS 伺服器運作方式如下:After you configure these DNS policies, the DNS server behavior is as follows:

  1. 歐洲 DNS 用都柏林 datacenter 他們 DNS 查詢因應日光中收到的網頁伺服器的 IP 位址。European DNS clients receive the IP address of the Web server in the Dublin datacenter in their DNS query response.
  2. 美國 DNS 用西雅圖 datacenter 他們 DNS 查詢因應日光中收到的網頁伺服器的 IP 位址。American DNS clients receive the IP address of the Web server in the Seattle datacenter in their DNS query response.
  3. 6 PM,Dublin 9 PM 之間從歐洲的查詢 20%,請在西雅圖 datacenter 他們 DNS 查詢因應日光收到網頁伺服器的 IP 位址。Between 6 PM and 9 PM in Dublin, 20% of the queries from European clients receive the IP address of the Web server in the Seattle datacenter in their DNS query response.
  4. 下午 6,在西雅圖 9 PM 之間 20%,從美國查詢會收到網頁伺服器的 IP 位址都柏林 datacenter 他們 DNS 查詢因應日光中。Between 6 PM and 9 PM in Seattle, 20% of the queries from the American clients receive the IP address of the Web server in the Dublin datacenter in their DNS query response.
  5. 半部來自全球的其餘部分查詢接收西雅圖 datacenter 的 IP 位址和其他半接收都柏林 datacenter 的 IP 位址。Half of the queries from the rest of the world receive the IP address of the Seattle datacenter and the other half receive the IP address of the Dublin datacenter.

您可以使用下列的 Windows PowerShell 命令來建立 DNS 原則連結 DNS Client 子網路,以及區域範圍。You can use the following Windows PowerShell commands to create a DNS policy that links the DNS Client Subnets and the zone scopes.

注意

在此範例中,DNS 伺服器處於 GMT 的時區,因此澳地區的山峰小時必須以相同的 GMT 時間表示時段。In this example, the DNS server is in the GMT time zone, so the peak hour time periods must be expressed in the equivalent GMT time.

Add-DnsServerQueryResolutionPolicy -Name "America6To9Policy" -Action ALLOW -ClientSubnet "eq,AmericaSubnet" -ZoneScope "SeattleZoneScope,4;DublinZoneScope,1" -TimeOfDay "EQ,01:00-04:00" -ZoneName "contosogiftservices.com" -ProcessingOrder 1  

Add-DnsServerQueryResolutionPolicy -Name "Europe6To9Policy" -Action ALLOW -ClientSubnet "eq,EuropeSubnet" -ZoneScope "SeattleZoneScope,1;DublinZoneScope,4" -TimeOfDay "EQ,17:00-20:00" -ZoneName "contosogiftservices.com" -ProcessingOrder 2  

Add-DnsServerQueryResolutionPolicy -Name "AmericaPolicy" -Action ALLOW -ClientSubnet "eq,AmericaSubnet" -ZoneScope "SeattleZoneScope,1" -ZoneName "contosogiftservices.com" -ProcessingOrder 3  

Add-DnsServerQueryResolutionPolicy -Name "EuropePolicy" -Action ALLOW -ClientSubnet "eq,EuropeSubnet" -ZoneScope "DublinZoneScope,1" -ZoneName "contosogiftservices.com" -ProcessingOrder 4  

Add-DnsServerQueryResolutionPolicy -Name "RestOfWorldPolicy" -Action ALLOW --ZoneScope "DublinZoneScope,1;SeattleZoneScope,1" -ZoneName "contosogiftservices.com" -ProcessingOrder 5  

如需詳細資訊,請查看新增-DnsServerQueryResolutionPolicyFor more information, see Add-DnsServerQueryResolutionPolicy.

現在 DNS 伺服器會以重新導向流量地理位置與的時間型所需的 DNS 原則設定。Now the DNS server is configured with the required DNS policies to redirect traffic based on geo-location and time of day.

當 DNS 伺服器接收名稱解析查詢時、DNS 伺服器評估 DNS 要求針對 DNS 原則設定中的欄位。When the DNS server receives name resolution queries, the DNS server evaluates the fields in the DNS request against the configured DNS policies. 如果名稱解析要求來源 IP 位址比對任何原則,相關的區域範圍用來回應查詢,和使用者導向它們地理位置最接近的資源。If the source IP address in the name resolution request matches any of the policies, the associated zone scope is used to respond to the query, and the user is directed to the resource that is geographically closest to them.

您可以建立數千 DNS 原則根據您的資料傳輸管理的需求,且所有的新原則已經套用動態-不需要重新 DNS 伺服器-連入查詢。You can create thousands of DNS policies according to your traffic management requirements, and all new policies are applied dynamically - without restarting the DNS server - on incoming queries.