{"id":1866,"date":"2025-11-15T15:49:57","date_gmt":"2025-11-15T12:49:57","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/coklu-saglayici-dns-nasil-kurulur-octodns-ile-zero%e2%80%91downtime-gecis-ve-dayaniklilik-rehberi\/"},"modified":"2025-11-15T15:49:57","modified_gmt":"2025-11-15T12:49:57","slug":"coklu-saglayici-dns-nasil-kurulur-octodns-ile-zero%e2%80%91downtime-gecis-ve-dayaniklilik-rehberi","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/coklu-saglayici-dns-nasil-kurulur-octodns-ile-zero%e2%80%91downtime-gecis-ve-dayaniklilik-rehberi\/","title":{"rendered":"\u00c7oklu Sa\u011flay\u0131c\u0131 DNS Nas\u0131l Kurulur? octoDNS ile Zero\u2011Downtime Ge\u00e7i\u015f ve Dayan\u0131kl\u0131l\u0131k Rehberi"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#Giris_Kucuk_Bir_Kesinti_Buyuk_Bir_Ders\"><span class=\"toc_number toc_depth_1\">1<\/span> Giri\u015f: K\u00fc\u00e7\u00fck Bir Kesinti, B\u00fcy\u00fck Bir Ders<\/a><\/li><li><a href=\"#Neden_Coklu_Saglayici_DNS_Kirilganliktan_Esneklige\"><span class=\"toc_number toc_depth_1\">2<\/span> Neden \u00c7oklu Sa\u011flay\u0131c\u0131 DNS? K\u0131r\u0131lganl\u0131ktan Esnekli\u011fe<\/a><\/li><li><a href=\"#octoDNS_Nedir_Nasil_Dusunmeliyiz\"><span class=\"toc_number toc_depth_1\">3<\/span> octoDNS Nedir, Nas\u0131l D\u00fc\u015f\u00fcnmeliyiz?<\/a><\/li><li><a href=\"#Hazirlik_Envanteri_Cikar_Riskleri_Not_Al_TTLi_Konusalim\"><span class=\"toc_number toc_depth_1\">4<\/span> Haz\u0131rl\u0131k: Envanteri \u00c7\u0131kar, Riskleri Not Al, TTL\u2019i Konu\u015fal\u0131m<\/a><\/li><li><a href=\"#octoDNS_ile_Ilk_Kurulum_Kucuk_Bir_Depo_Temiz_Dosyalar\"><span class=\"toc_number toc_depth_1\">5<\/span> octoDNS ile \u0130lk Kurulum: K\u00fc\u00e7\u00fck Bir Depo, Temiz Dosyalar<\/a><\/li><li><a href=\"#ZeroDowntime_Gecis_Cift_Yayin_Temiz_NS_Degisimi_ve_Sakin_TTL\"><span class=\"toc_number toc_depth_1\">6<\/span> Zero\u2011Downtime Ge\u00e7i\u015f: \u00c7ift Yay\u0131n, Temiz NS De\u011fi\u015fimi ve Sakin TTL<\/a><\/li><li><a href=\"#Dayanikliligi_Artirmak_Saglik_Kontrolleri_Yanit_Politikalari_ve_Basit_Oyunlar\"><span class=\"toc_number toc_depth_1\">7<\/span> Dayan\u0131kl\u0131l\u0131\u011f\u0131 Art\u0131rmak: Sa\u011fl\u0131k Kontrolleri, Yan\u0131t Politikalar\u0131 ve Basit Oyunlar<\/a><\/li><li><a href=\"#Sik_Tokezlenen_Taslar_Kokte_CNAME_SPF_Limitleri_TXT_Duzenleri\"><span class=\"toc_number toc_depth_1\">8<\/span> S\u0131k T\u00f6kezlenen Ta\u015flar: K\u00f6kte CNAME, SPF Limitleri, TXT D\u00fczenleri<\/a><\/li><li><a href=\"#Operasyon_Akisi_Git_Inceleme_CI_ve_Kucuk_Ritueller\"><span class=\"toc_number toc_depth_1\">9<\/span> Operasyon Ak\u0131\u015f\u0131: Git, \u0130nceleme, CI ve K\u00fc\u00e7\u00fck Rit\u00fceller<\/a><\/li><li><a href=\"#Ornek_Senaryo_Canlida_Cift_Yayin_ve_Temiz_Kesim\"><span class=\"toc_number toc_depth_1\">10<\/span> \u00d6rnek Senaryo: Canl\u0131da \u00c7ift Yay\u0131n ve Temiz Kesim<\/a><\/li><li><a href=\"#Kapanis_Kucuk_Adimlar_Buyuk_Huzur\"><span class=\"toc_number toc_depth_1\">11<\/span> Kapan\u0131\u015f: K\u00fc\u00e7\u00fck Ad\u0131mlar, B\u00fcy\u00fck Huzur<\/a><\/li><\/ul><\/div>\n<h2 id=\"section-1\"><span id=\"Giris_Kucuk_Bir_Kesinti_Buyuk_Bir_Ders\">Giri\u015f: K\u00fc\u00e7\u00fck Bir Kesinti, B\u00fcy\u00fck Bir Ders<\/span><\/h2>\n<p>Hi\u00e7 \u00f6\u011fle aras\u0131nda \u201cbir kahve al\u0131p d\u00f6neyim\u201d diye kalk\u0131p, masaya geldi\u011finizde sitenin a\u00e7\u0131lmad\u0131\u011f\u0131n\u0131 g\u00f6rd\u00fcn\u00fcz m\u00fc? Ben g\u00f6rd\u00fcm. O g\u00fcn akl\u0131m\u0131n bir k\u00f6\u015fesinde hep duran \u201cDNS\u2019i tek sepete koyma\u201d fikri koca bir projekt\u00f6rle y\u00fcz\u00fcme tutuldu. Bir sa\u011flay\u0131c\u0131da ya\u015fanan k\u0131sa bir aksama, g\u00f6r\u00fcnenin aksine e-posta tesliminden webhook\u2019lara, CDN u\u00e7lar\u0131ndan \u00f6deme sayfas\u0131na kadar bir s\u00fcr\u00fc \u015feyi pe\u015f pe\u015fe etkiliyor. K\u00fc\u00e7\u00fcc\u00fck bir TTL de\u011feri bile bazen kaderi belirleyebiliyor. \u0130\u015fte o g\u00fcnden sonra \u00e7oklu sa\u011flay\u0131c\u0131 DNS\u2019i bir l\u00fcks de\u011fil, bir al\u0131\u015fkanl\u0131k haline getirdim.<\/p>\n<p>Bu yaz\u0131da, tek bir DNS sa\u011flay\u0131c\u0131s\u0131na ba\u011fl\u0131 kalmadan, iki ya da daha fazla sa\u011flay\u0131c\u0131y\u0131 birlikte \u00e7al\u0131\u015ft\u0131rman\u0131n pratik yolunu konu\u015faca\u011f\u0131z. Bunu yaparken elimizde \u00e7ok kullan\u0131\u015fl\u0131 bir anahtar var: <strong>octoDNS<\/strong>. Git tabanl\u0131 bir i\u015f ak\u0131\u015f\u0131yla DNS kay\u0131tlar\u0131n\u0131z\u0131 insan gibi y\u00f6netiyor, farkl\u0131 sa\u011flay\u0131c\u0131lar\u0131 tek bir kaynak dosyadan besliyor ve s\u0131f\u0131r kesintiyle ge\u00e7i\u015f plan\u0131 kurmay\u0131 kolayla\u015ft\u0131r\u0131yor. Ad\u0131m ad\u0131m ilerleyelim; kavramlar\u0131 sadele\u015ftirelim, k\u00fc\u00e7\u00fck \u00f6rneklerle somutla\u015ft\u0131ral\u0131m ve en \u00f6nemlisi, devre d\u0131\u015f\u0131 kald\u0131\u011f\u0131nda can yakacak noktalar\u0131 ba\u015ftan yumu\u015fatal\u0131m. Hadi ba\u015flayal\u0131m.<\/p>\n<h2 id=\"section-2\"><span id=\"Neden_Coklu_Saglayici_DNS_Kirilganliktan_Esneklige\">Neden \u00c7oklu Sa\u011flay\u0131c\u0131 DNS? K\u0131r\u0131lganl\u0131ktan Esnekli\u011fe<\/span><\/h2>\n<p>DNS\u2019i her zaman bir \u015fehir haritas\u0131 gibi d\u00fc\u015f\u00fcnd\u00fcm. Adresleri en iyi bilen tek bir rehberiniz varsa, rehber kayboldu\u011funda b\u00fct\u00fcn yollar bir anda kar\u0131\u015f\u0131r. Oysa iki rehberiniz olsayd\u0131, biri aya\u011f\u0131 tak\u0131l\u0131p d\u00fc\u015f\u00fcnce di\u011feri \u201cdevam\u201d diyebilirdi. \u00c7oklu sa\u011flay\u0131c\u0131 DNS tam olarak bu: farkl\u0131 altyap\u0131larda ayn\u0131 b\u00f6lgeyi (zone) yay\u0131nlay\u0131p, tek bir kelebe\u011fin kanat \u00e7\u0131rp\u0131\u015f\u0131yla her \u015feyin yere kapaklanmas\u0131n\u0131 \u00f6nlemek.<\/p>\n<p>Burada en b\u00fcy\u00fck kazan\u00e7 dayan\u0131kl\u0131l\u0131k. Bir sa\u011flay\u0131c\u0131 bak\u0131mdayken ya da k\u0131sa bir a\u011f sorununda di\u011feri devreye girer. Y\u00f6netim taraf\u0131nda ise tek bir yerde kay\u0131t tutup bunu birden fazla tarafa otomatik yans\u0131tmak var. \u0130\u015f y\u00fck\u00fcn\u00fc azalt\u0131yor, s\u00fcrpriz hatalar\u0131 s\u0131n\u0131rl\u0131yor ve de\u011fi\u015fiklikleri izlenebilir k\u0131l\u0131yor. Dezavantajlar\u0131 yok mu? Elbette var. Farkl\u0131 sa\u011flay\u0131c\u0131lar\u0131n destekledi\u011fi \u00f6zellikler birebir ayn\u0131 de\u011fil; bu y\u00fczden \u201cortak payday\u0131\u201d tutturmak \u00f6nemli. Ama biraz disiplin, biraz sab\u0131r ve do\u011fru ara\u00e7larla bu farkl\u0131l\u0131klar\u0131 g\u00fczelce y\u00f6netebiliyorsunuz.<\/p>\n<p>Mesela \u015f\u00f6yle d\u00fc\u015f\u00fcn\u00fcn: K\u00f6k alan ad\u0131n\u0131zda bir CNAME olamayaca\u011f\u0131n\u0131 biliyorsunuz ama baz\u0131 sa\u011flay\u0131c\u0131lar bunu ALIAS\/ANAME gibi \u00f6zelliklerle dolayl\u0131 \u00e7\u00f6z\u00fcyor. \u00c7oklu sa\u011flay\u0131c\u0131da, herkesin anlad\u0131\u011f\u0131 yere inmek gerekiyor. Yani k\u00f6kte A\/AAAA kullanmak, TTL\u2019leri makul tutmak ve \u201c\u00f6zel\u201d bir \u015fey kullanacaksan\u0131z onun e\u015fde\u011ferini di\u011fer tarafta nas\u0131l anlataca\u011f\u0131n\u0131z\u0131 ba\u015ftan planlamak. Bu yaz\u0131n\u0131n ilerleyen k\u0131s\u0131mlar\u0131nda, bu t\u00fcr k\u00fc\u00e7\u00fck ama kritik n\u00fcanslar\u0131 tek tek toplayaca\u011f\u0131z.<\/p>\n<h2 id=\"section-3\"><span id=\"octoDNS_Nedir_Nasil_Dusunmeliyiz\">octoDNS Nedir, Nas\u0131l D\u00fc\u015f\u00fcnmeliyiz?<\/span><\/h2>\n<p>octoDNS\u2019i bir \u00e7evirmen gibi hayal edin. Elinizde tek bir \u201cger\u00e7ek kaynak\u201d var, yani kay\u0131tlar\u0131n\u0131z\u0131 tan\u0131mlad\u0131\u011f\u0131n\u0131z dosyalar. octoDNS bu tan\u0131mlar\u0131 al\u0131yor, farkl\u0131 DNS sa\u011flay\u0131c\u0131lar\u0131n\u0131n dillerine \u00e7eviriyor ve senkronize ediyor. En sevdi\u011fim taraf\u0131, <strong>Git tabanl\u0131 bir ak\u0131\u015fa<\/strong> cuk oturmas\u0131. Pull request a\u00e7\u0131yorsunuz, diff g\u00f6r\u00fcyorsunuz, onay s\u00fcrecinden ge\u00e7iyor ve komutla ya da CI ile canl\u0131ya gidiyor. B\u00f6ylece \u201ckim, ne zaman, neyi de\u011fi\u015ftirdi\u201d sorusu her zaman cevap buluyor.<\/p>\n<p>octoDNS ile iki ana kavrama al\u0131\u015f\u0131yoruz: <strong>provider<\/strong> ve <strong>zone<\/strong>. Provider, konu\u015faca\u011f\u0131n\u0131z hizmet; zone ise alan ad\u0131n\u0131z\u0131n b\u00f6lgesi. Bir dosyada provider\u2019lar\u0131 tan\u0131ml\u0131yorsunuz, bir dosyada da zone i\u00e7eri\u011fini. Komut sat\u0131r\u0131yla \u201cne fark var\u201d diye bak\u0131p, \u201cuygula\u201d diyorsunuz. En tatl\u0131 yan\u0131, \u00f6nce bir \u201cplan\u201d \u00e7\u0131kt\u0131s\u0131 al\u0131p, hi\u00e7bir \u015fey yay\u0131nlamadan yap\u0131lacaklar\u0131 g\u00f6rebilmeniz.<\/p>\n<p>Daha fazla detay isterseniz <a href=\"https:\/\/github.com\/octodns\/octodns\" rel=\"nofollow noopener\" target=\"_blank\">octoDNS projesinin GitHub sayfas\u0131<\/a> ve \u00f6zellikle <a href=\"https:\/\/octodns.readthedocs.io\/en\/latest\/\" rel=\"nofollow noopener\" target=\"_blank\">octoDNS belgeleri<\/a> gayet net rehberler sunuyor. DNS kay\u0131t t\u00fcrlerini h\u0131zl\u0131ca hat\u0131rlamak i\u00e7in de <a href=\"https:\/\/www.cloudflare.com\/learning\/dns\/dns-records\/\" rel=\"nofollow noopener\" target=\"_blank\">DNS kay\u0131t t\u00fcrlerine dair k\u0131sa \u00f6zet<\/a> ho\u015f bir tazeleme sa\u011fl\u0131yor. Ama bu yaz\u0131da m\u00fcmk\u00fcn oldu\u011funca teknik jargonu d\u00fc\u015f\u00fck tutaca\u011f\u0131m, \u00e7\u00fcnk\u00fc as\u0131l hedefimiz g\u00fcvenli ve s\u0131f\u0131r kesintiye yak\u0131n bir ge\u00e7i\u015f plan\u0131 kurmak.<\/p>\n<h2 id=\"section-4\"><span id=\"Hazirlik_Envanteri_Cikar_Riskleri_Not_Al_TTLi_Konusalim\">Haz\u0131rl\u0131k: Envanteri \u00c7\u0131kar, Riskleri Not Al, TTL\u2019i Konu\u015fal\u0131m<\/span><\/h2>\n<p>Kurulumdan \u00f6nce, k\u00fc\u00e7\u00fck bir ke\u015fif gezisi \u015fart. \u00d6nce alan ad\u0131n\u0131zda neler var tek tek yaz\u0131n: k\u00f6k A\/AAAA, www CNAME, e-posta i\u00e7in MX ve ona ba\u011fl\u0131 SPF, DKIM, DMARC; API alt alanlar\u0131; CDN ve WAF arkas\u0131ndaki u\u00e7lar; belki bir load balancer; belki bir static site. Hepsini bir yerde g\u00f6rmek hem eksikleri hem de birbirine dokunan par\u00e7alar\u0131 ortaya \u00e7\u0131kar\u0131r. Bu a\u015famada \u201ckime ba\u011f\u0131ml\u0131y\u0131m\u201d sorusunu d\u00fcr\u00fcst\u00e7e yan\u0131tlamak \u00f6nemli. E-posta do\u011frulamalar\u0131, SSL do\u011frulamalar\u0131, \u00fc\u00e7\u00fcnc\u00fc parti servislerin do\u011frulama TXT\u2019leri\u2026 Bunlar unutulunca \u00fcretimde k\u00fc\u00e7\u00fck k\u0131v\u0131lc\u0131mlar \u00e7\u0131kar.<\/p>\n<p>\u0130kinci kritik konu <strong>TTL<\/strong>. Ge\u00e7i\u015ften \u00f6nce TTL\u2019leri ge\u00e7ici olarak d\u00fc\u015f\u00fcrmek iyi bir al\u0131\u015fkanl\u0131k. B\u00f6ylece isim sunucular, yeni kay\u0131tlar\u0131 daha h\u0131zl\u0131 g\u00f6r\u00fcr. Sakin zamanlarda 1 saat civar\u0131yla ya\u015famak g\u00fczelken, ge\u00e7i\u015f g\u00fcnlerinde bunu daha a\u015fa\u011f\u0131 \u00e7ekmek i\u015fleri h\u0131zland\u0131r\u0131r. Ama TTL\u2019i \u00e7ok d\u00fc\u015f\u00fcrmek de gereksiz sorgu y\u00fck\u00fc demek; dengenizi bulun. Ge\u00e7i\u015f bitince TTL\u2019leri tekrar makul seviyeye geri y\u00fckseltmek g\u00fczel bir kapan\u0131\u015f olur.<\/p>\n<p>Son olarak \u201c\u00f6zel\u201d kay\u0131tlar\u0131 i\u015faretleyin. K\u00f6kte ALIAS kullan\u0131yorsan\u0131z, di\u011fer tarafta bunu nas\u0131l anlatacaks\u0131n\u0131z? SPF\u2019inizde \u00e7ok fazla include var m\u0131? TXT kay\u0131tlar\u0131n\u0131zda TTL uyumu \u00f6nemli mi? Bu sorular\u0131n her birinin cevab\u0131, birazdan yazaca\u011f\u0131m\u0131z YAML dosyalar\u0131na nas\u0131l yakla\u015faca\u011f\u0131m\u0131z\u0131 belirleyecek.<\/p>\n<h2 id=\"section-5\"><span id=\"octoDNS_ile_Ilk_Kurulum_Kucuk_Bir_Depo_Temiz_Dosyalar\">octoDNS ile \u0130lk Kurulum: K\u00fc\u00e7\u00fck Bir Depo, Temiz Dosyalar<\/span><\/h2>\n<p>Elimde genelde minik bir Git deposu olur. \u0130\u00e7inde <strong>config.yaml<\/strong> ve <strong>zones\/<\/strong> klas\u00f6r\u00fc. Provider tan\u0131mlar\u0131n\u0131 config\u2019e, kay\u0131tlar\u0131 ise zone dosyalar\u0131na koyar\u0131m. \u0130simlendirme \u00e7ok fark etmiyor, net olsun yeter. A\u015fa\u011f\u0131daki \u00f6rnek, iki sa\u011flay\u0131c\u0131ya ayn\u0131 zone\u2019u yay\u0131nlamak i\u00e7in fikir veriyor:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\"># config.yaml\nproviders:\n  my-cloudflare:\n    class: octodns.provider.cloudflare.CloudflareProvider\n    token: env\/CLOUDFLARE_API_TOKEN\n  my-route53:\n    class: octodns.provider.route53.Route53Provider\n    access_key_id: env\/AWS_ACCESS_KEY_ID\n    secret_access_key: env\/AWS_SECRET_ACCESS_KEY\n\nzones:\n  example.com.:\n    sources:\n      - config\/zones\/example.com.yaml\n    targets:\n      - my-cloudflare\n      - my-route53\n<\/code><\/pre>\n<p>Zone dosyas\u0131 ise \u015f\u00f6yle yal\u0131n olabilir. K\u00f6kte A\/AAAA, web i\u00e7in www CNAME, e-posta i\u00e7in MX ve SPF. Gerektik\u00e7e DMARC, DKIM ve do\u011frulama TXT\u2019leri eklenir:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\"># zones\/example.com.yaml\n---\n# Varsay\u0131lan TTL: dakika cinsinden de\u011fil, saniye cinsinden yazmay\u0131 unutmay\u0131n.\n$ttl: 3600\n\n@:\n  A:\n    - value: 203.0.113.10\n  AAAA:\n    - value: 2001:db8::10\n\nwww:\n  CNAME:\n    - value: example.com.\n\nmail:\n  A:\n    - value: 203.0.113.20\n\n@:\n  MX:\n    - preference: 10\n      exchange: mail.example.com.\n\n@:\n  TXT:\n    - value: &quot;v=spf1 include:_spf.example.net ~all&quot;\n<\/code><\/pre>\n<p>\u0130lk \u00e7al\u0131\u015ft\u0131rmada \u00f6nce \u201cne yapacak\u201d diye bakmay\u0131 seviyorum. octoDNS\u2019in plan \u00e7\u0131kt\u0131s\u0131 g\u00fcven verir. Bir \u015fey ters gelirse, tam o ekranda fark edilir:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\"># Sanal (dry-run) plan: ne de\u011fi\u015fecek?\noctodns-validate --config-file=config.yaml\noctodns-sync --config-file=config.yaml --dry-run --debug\n\n# Uygulama zaman\u0131\noctodns-sync --config-file=config.yaml\n<\/code><\/pre>\n<p>Kimlik bilgilerini dosyaya g\u00f6mmek yerine ortam de\u011fi\u015fkenleriyle beslemek rahat. Uzun vadede bir gizli y\u00f6netimi \u00e7\u00f6z\u00fcm\u00fc kullanmak i\u015fleri iyice tatl\u0131la\u015ft\u0131r\u0131r. K\u00fc\u00e7\u00fck ekiplerde bile, \u201cgizli nerede, kim eri\u015fir, nas\u0131l rotasyon olur\u201d sorular\u0131n\u0131 erkenden oturtmak, bir gece yar\u0131s\u0131 gereksizce uykunuzun b\u00f6l\u00fcnmesini engeller.<\/p>\n<h2 id=\"section-6\"><span id=\"ZeroDowntime_Gecis_Cift_Yayin_Temiz_NS_Degisimi_ve_Sakin_TTL\">Zero\u2011Downtime Ge\u00e7i\u015f: \u00c7ift Yay\u0131n, Temiz NS De\u011fi\u015fimi ve Sakin TTL<\/span><\/h2>\n<p>\u015eimdi gelelim as\u0131l kalp at\u0131\u015f\u0131n\u0131 h\u0131zland\u0131ran ana sahneye: s\u0131f\u0131ra yak\u0131n kesintiyle ge\u00e7i\u015f. Burada sihirli iki ad\u0131m var: <strong>\u00e7ift yay\u0131n<\/strong> ve <strong>NS de\u011fi\u015fimi<\/strong>. \u00d6nce mevcut sa\u011flay\u0131c\u0131n\u0131zda yay\u0131n devam ederken, yeni sa\u011flay\u0131c\u0131y\u0131 da octoDNS ile ayn\u0131 kay\u0131tlarla besliyorsunuz. Yani iki tarafta da ayn\u0131 zone var. Bu a\u015famada TTL\u2019leri ge\u00e7ici olarak d\u00fc\u015f\u00fcrmek i\u015finizi kolayla\u015ft\u0131r\u0131r; planlad\u0131\u011f\u0131n\u0131z pencerenin ba\u015f\u0131nda d\u00fc\u015f\u00fcr\u00fcp, i\u015f bitince tekrar y\u00fckseltmeyi unutmay\u0131n.<\/p>\n<p>\u0130\u015fin omurgas\u0131 sa\u011flam olunca NS de\u011fi\u015fimi sakince ilerler. <a href=\"https:\/\/www.dchost.com\/tr\/alan-adi\/kaydet\">alan ad\u0131 kay\u0131t<\/a> operat\u00f6r\u00fcn\u00fczden NS kay\u0131tlar\u0131n\u0131 yeni sa\u011flay\u0131c\u0131ya do\u011fru g\u00fcncellersiniz. Ancak burada k\u00fc\u00e7\u00fck bir parantez a\u00e7mak laz\u0131m: <strong>DNSSEC<\/strong> kullan\u0131yorsan\u0131z, <strong>DS<\/strong> kayd\u0131n\u0131 da konu\u015fuyoruz demek. NS de\u011fi\u015fiminde DS uyumunu do\u011fru s\u0131rayla yapmak \u00e7ok \u00f6nemli. DS\u2019yi yanl\u0131\u015f zamanda g\u00fcncellemek \u00e7\u00f6z\u00fclmeyen bir bulmaca gibi davran\u0131r. Bu ad\u0131m\u0131 daha \u00f6nce ad\u0131m ad\u0131m anlatt\u0131\u011f\u0131m <a href=\"https:\/\/www.dchost.com\/blog\/dnssec-key-rollover-ksk-zsk-ve-ds-kayit-guncelleme-sifir-kesintiyle-anahtar-dondurme-nasil-yapilir\/\">DS kayd\u0131n\u0131 g\u00fcvenle g\u00fcncellemek \u00fczerine yazd\u0131\u011f\u0131m ad\u0131m ad\u0131m rehber<\/a> bu noktada i\u015finizi kolayla\u015ft\u0131r\u0131r.<\/p>\n<p>Bu s\u00fcre\u00e7te bence en sevilesi \u015fey, octoDNS\u2019in \u201ctek kaynaktan iki hedefi\u201d beslemesi. Bir yerde d\u00fczeltme yap\u0131yorsunuz, her iki sa\u011flay\u0131c\u0131ya ayn\u0131 anda gidiyor. Peki bitti mi? Asl\u0131nda \u201cg\u00f6zlem\u201d k\u0131sm\u0131 var. NS de\u011fi\u015fiminden sonra bir s\u00fcre sorgular\u0131 iki tarafta da izlemek, beklenmedik bir kay\u0131t, yanl\u0131\u015f bir TTL ya da eksik bir TXT var m\u0131 diye bakmak iyi bir refleks. Sakin sakin bak\u0131nca, k\u00fc\u00e7\u00fck p\u00fcr\u00fczler bile nazik\u00e7e kendini g\u00f6steriyor.<\/p>\n<h2 id=\"section-7\"><span id=\"Dayanikliligi_Artirmak_Saglik_Kontrolleri_Yanit_Politikalari_ve_Basit_Oyunlar\">Dayan\u0131kl\u0131l\u0131\u011f\u0131 Art\u0131rmak: Sa\u011fl\u0131k Kontrolleri, Yan\u0131t Politikalar\u0131 ve Basit Oyunlar<\/span><\/h2>\n<p>\u00c7oklu sa\u011flay\u0131c\u0131n\u0131n g\u00fcc\u00fc, tek bir yerin hasta oldu\u011funda di\u011feriyle top \u00e7evirebilmesi. Baz\u0131 sa\u011flay\u0131c\u0131lar sa\u011fl\u0131k kontrol\u00fc ve y\u00f6nlendirme politikalar\u0131 sunuyor. octoDNS, kay\u0131tlar\u0131n\u0131z\u0131 tan\u0131mlay\u0131p yay\u0131nlamada harika; canl\u0131 sa\u011fl\u0131k kararlar\u0131n\u0131 ise genelde sa\u011flay\u0131c\u0131lar\u0131n \u00f6zellikleri veriyor. Bu y\u00fczden kay\u0131tlar\u0131n\u0131z\u0131 tan\u0131mlarken \u201cstatik ger\u00e7ek\u201d ile \u201cdinamik davran\u0131\u015f\u201d aras\u0131ndaki ayr\u0131m\u0131 ak\u0131lda tutun. Statikler octoDNS\u2019in tatl\u0131 d\u00fcnyas\u0131nda, dinamikler de sa\u011flay\u0131c\u0131lar\u0131n sahas\u0131nda.<\/p>\n<p>Basit bir oyun plan\u0131 \u015f\u00f6yle olur: kritik u\u00e7lar i\u00e7in iki ayr\u0131 IP ya da hedef adres tutmak ve cevaplar\u0131 b\u00f6lmek. B\u00f6ylece bir u\u00e7tan duman \u00e7\u0131karsa di\u011feri sahneye \u00e7\u0131kar. TTL\u2019leriniz burada yine \u00f6nemli. A\u015f\u0131r\u0131 d\u00fc\u015f\u00fck TTL sorgu y\u00fck\u00fcn\u00fc art\u0131r\u0131r, a\u015f\u0131r\u0131 y\u00fcksek TTL ise de\u011fi\u015fikliklerin hissedilmesini yava\u015flat\u0131r. Orta karar, gece uyuman\u0131z\u0131 sa\u011flar. Bir de \u201c\u00e7ift yay\u0131nl\u0131\u201d g\u00fcnlerde, kay\u0131tlar\u0131n birebir ayn\u0131 kald\u0131\u011f\u0131ndan emin olmak i\u00e7in d\u00fczenli diff almak var; octoDNS bunun i\u00e7in zaten plan \u00e7\u0131kt\u0131lar\u0131nda net bir tablo veriyor.<\/p>\n<p>Arada ufak testler yapmay\u0131 al\u0131\u015fkanl\u0131k haline getirin. \u00d6nemsiz bir alt alan\u0131 sahte hedefe y\u00f6nlendirip, yay\u0131l\u0131m\u0131n nas\u0131l davrand\u0131\u011f\u0131n\u0131 izlemek mesela. Baz\u0131 g\u00fcnler her \u015fey yolunda gider, baz\u0131 g\u00fcnler k\u00fc\u00e7\u00fck s\u00fcrprizler \u00e7\u0131kar. S\u00fcrprizleri prova ortam\u0131nda g\u00f6rmek, \u00fcretimde kahveyi so\u011futmam\u0131za engel olur.<\/p>\n<h2 id=\"section-8\"><span id=\"Sik_Tokezlenen_Taslar_Kokte_CNAME_SPF_Limitleri_TXT_Duzenleri\">S\u0131k T\u00f6kezlenen Ta\u015flar: K\u00f6kte CNAME, SPF Limitleri, TXT D\u00fczenleri<\/span><\/h2>\n<p>\u015eimdi biraz can s\u0131k\u0131c\u0131, ama ba\u015ftan bilince tatl\u0131ya ba\u011flanan detaylar. \u0130lki, k\u00f6k alanda CNAME olamamas\u0131. Baz\u0131 hizmetler bu k\u0131s\u0131t\u0131 ALIAS\/ANAME isimleriyle \u00e7eviriyor. \u00c7oklu sa\u011flay\u0131c\u0131da bunu ortak paydaya \u00e7ekmek gerekiyor. K\u00f6kte A\/AAAA kullan\u0131p, hedef IP\u2019leri y\u00f6netilebilir bir yerde tutmak \u00e7o\u011fu zaman daha huzurlu. CDN ya da bar\u0131nd\u0131rma hedefi de\u011fi\u015fecekse, bir ara katman \u00fczerinden y\u00f6netmek mant\u0131kl\u0131.<\/p>\n<p>\u0130kinci konu SPF. Bir yerden sonra \u201cinclude\u201d zincirleri uzuyor ve DNS sorgu s\u0131n\u0131rlar\u0131na tak\u0131lma riski beliriyor. SPF metninizi yal\u0131n tutmak, gerekiyorsa g\u00f6ndericileri toparlamak i\u015finizi kolayla\u015ft\u0131r\u0131r. TXT kay\u0131tlar\u0131n\u0131z \u00e7o\u011fal\u0131nca, d\u00fczene \u00e7ok \u00f6nem verin. Bir do\u011frulama kayd\u0131n\u0131 silmek kolay; ama o kayd\u0131n hangi entegrasyonda kullan\u0131ld\u0131\u011f\u0131n\u0131 hat\u0131rlamak her zaman o kadar kolay olmuyor. Bu y\u00fczden zone dosyas\u0131na ufak notlar d\u00fc\u015fmek, k\u0131sa a\u00e7\u0131klamalar koymak ileride alt\u0131n de\u011ferine d\u00f6n\u00fc\u015f\u00fcyor.<\/p>\n<p>Bir de CAA kay\u0131tlar\u0131 var. Sertifika otoritesini s\u0131n\u0131rlarken abartmamak ve g\u00fcncelleme s\u00fcre\u00e7lerini takip etmek \u00f6nemli. Sa\u011flay\u0131c\u0131lar\u0131n metin alan\u0131 limitleri ve bi\u00e7im farkl\u0131l\u0131klar\u0131 sizi \u015fa\u015f\u0131rtabilir; octoDNS burada \u00e7o\u011fu zaman ak\u0131ll\u0131 bir \u00e7evirmen gibi davran\u0131r ama ilk plan \u00e7\u0131kt\u0131lar\u0131nda dikkatli g\u00f6zle bakmak \u015fart. Bir \u015fey uyu\u015fmuyor mu, \u00f6nce sadele\u015ftirin. Sadelik \u00e7o\u011fu sorunu daha do\u011fmadan \u00e7\u00f6zer.<\/p>\n<h2 id=\"section-9\"><span id=\"Operasyon_Akisi_Git_Inceleme_CI_ve_Kucuk_Ritueller\">Operasyon Ak\u0131\u015f\u0131: Git, \u0130nceleme, CI ve K\u00fc\u00e7\u00fck Rit\u00fceller<\/span><\/h2>\n<p>G\u00fczel bir \u00e7oklu sa\u011flay\u0131c\u0131 DNS kurulumunun s\u0131rr\u0131, teknik kurulum kadar operasyonel ritimde sakl\u0131. Benim sevdi\u011fim ak\u0131\u015f \u015f\u00f6yle: her de\u011fi\u015fiklik bir branch, bir pull request. Kod bak\u0131\u015f\u0131 gibi DNS bak\u0131\u015f\u0131. Diff\u2019te yanl\u0131\u015f bir nokta var m\u0131, TTL akl\u0131m\u0131za yat\u0131yor mu, do\u011frulama TXT\u2019si ger\u00e7ekten gerekli mi? Onaydan sonra CI, octoDNS\u2019in plan\u0131n\u0131 \u00e7al\u0131\u015ft\u0131r\u0131r; plan mant\u0131kl\u0131ysa uygular. \u00dcretime giderken \u201c\u2013dry-run\u201d \u00e7\u0131kt\u0131s\u0131n\u0131 log\u2019a d\u00fc\u015f\u00fcrmek, ileride bir \u015feyi geriye sararken \u00e7ok i\u015fe yarar.<\/p>\n<p>Gizlileri ortam de\u011fi\u015fkeniyle vermek, rotasyonu ekip takvimine yazmak ve d\u00f6nemsel eri\u015fim denetimi yapmak moral i\u00e7in birebirdir. Bir de ufak bir staging zone a\u00e7mak ho\u015f oluyor. \u00d6rne\u011fin <em>staging.example.com<\/em> gibi bir b\u00f6lgeyi, canl\u0131 alan\u0131n minyat\u00fcr\u00fc gibi tutup, \u00f6nce orada dener, sonra prod\u2019a ge\u00e7irirsiniz. K\u0131sa, h\u0131zl\u0131, g\u00fcvenli.<\/p>\n<p>Son olarak, k\u00fc\u00e7\u00fck \u201cyang\u0131n tatbikatlar\u0131\u201d yap\u0131n. Bir IP\u2019yi bilerek yanl\u0131\u015f g\u00f6sterip ka\u00e7 dakika i\u00e7inde fark etti\u011finizi g\u00f6rmeyin demiyorum; ama en az\u0131ndan runbook\u2019ta ad\u0131mlar\u0131 okuyup bir ekiple s\u00f6zl\u00fc prova yapmak bile \u00e7ok \u015fey kazand\u0131r\u0131r. Kim, hangi komutlar\u0131 \u00e7al\u0131\u015ft\u0131r\u0131r, hangi panellerden bakar, nerede dur der? Yaz\u0131l\u0131 oldu\u011fu s\u00fcrece, gecenin bir yar\u0131s\u0131 haf\u0131zan\u0131za y\u00fcklenmek zorunda kalmaz.<\/p>\n<h2 id=\"section-10\"><span id=\"Ornek_Senaryo_Canlida_Cift_Yayin_ve_Temiz_Kesim\">\u00d6rnek Senaryo: Canl\u0131da \u00c7ift Yay\u0131n ve Temiz Kesim<\/span><\/h2>\n<p>Hayali bir senaryo \u00fczerinden ge\u00e7elim. Diyelim ki tek sa\u011flay\u0131c\u0131da ya\u015fayan <strong>example.com<\/strong>\u2019u iki sa\u011flay\u0131c\u0131ya b\u00f6lmek istiyorsunuz. \u0130lk g\u00fcn bir depo a\u00e7\u0131p mevcut kay\u0131tlar\u0131 YAML\u2019a ta\u015f\u0131yorsunuz. octoDNS ile plan\/dry-run al\u0131p, konsolda \u201cah, www\u2019ye CNAME noktay\u0131 unutmu\u015fum\u201d gibi k\u00fc\u00e7\u00fck d\u00fczeltmeleri yakalay\u0131p toparl\u0131yorsunuz. Her \u015fey haz\u0131r olunca ikinci sa\u011flay\u0131c\u0131ya da ayn\u0131 kay\u0131tlar\u0131 yay\u0131nl\u0131yorsunuz. Art\u0131k \u00e7ift yay\u0131n var.<\/p>\n<p>Ge\u00e7i\u015ften 24 saat \u00f6nce TTL\u2019leri yar\u0131ya indiriyorsunuz. Ertesi g\u00fcn kay\u0131t operat\u00f6r\u00fcn\u00fczden NS\u2019leri yeni sa\u011flay\u0131c\u0131 setine \u00e7ekiyorsunuz. DNSSEC varsa, DS ad\u0131mlar\u0131n\u0131 do\u011fru s\u0131rayla not etmi\u015fsiniz; DS\u2019yi yeni anahtara i\u015faret edecek \u015fekilde g\u00fcncelliyor ve imzalar\u0131n sa\u011fl\u0131kl\u0131 g\u00f6r\u00fcnd\u00fc\u011f\u00fcn\u00fc kontrol ediyorsunuz. O g\u00fcn\u00fcn geri kalan\u0131nda hem sorgu sayac\u0131, hem hata g\u00fcnl\u00fckleri, hem de kullan\u0131c\u0131 geri bildirimlerine bak\u0131yorsunuz. Bir \u015fey s\u0131k\u0131nt\u0131 \u00e7\u0131karmazsa, TTL\u2019leri bir \u00fcst seviyeye geri al\u0131p \u201cge\u00e7i\u015f tamam\u201d diyorsunuz.<\/p>\n<p>Bu ak\u0131\u015fta en sevdi\u011fim c\u00fcmle, \u201ckimse fark etmedi\u201d c\u00fcmlesi. \u00c7\u00fcnk\u00fc iyi bir ge\u00e7i\u015fin alameti, haber bile olmamas\u0131d\u0131r. Birka\u00e7 g\u00fcn sonra bir daha plan\/diff al\u0131p \u201ciki sa\u011flay\u0131c\u0131da da ayn\u0131 m\u0131y\u0131z\u201d kontrol\u00fc, kapan\u0131\u015f\u0131n tatl\u0131 noktas\u0131d\u0131r.<\/p>\n<h2 id=\"section-11\"><span id=\"Kapanis_Kucuk_Adimlar_Buyuk_Huzur\">Kapan\u0131\u015f: K\u00fc\u00e7\u00fck Ad\u0131mlar, B\u00fcy\u00fck Huzur<\/span><\/h2>\n<p>Toparlayal\u0131m. \u00c7oklu sa\u011flay\u0131c\u0131 DNS, bir gecede de\u011fil ama birka\u00e7 temiz ad\u0131mda hayat\u0131n\u0131za yerle\u015febiliyor. \u0130lk g\u00fcn envanter, ikinci g\u00fcn octoDNS ile tek kaynak dosya, \u00fc\u00e7\u00fcnc\u00fc g\u00fcn \u00e7ift yay\u0131n, d\u00f6rd\u00fcnc\u00fc g\u00fcn sakin bir NS de\u011fi\u015fimi\u2026 Bu ad\u0131mlar\u0131n her biri, k\u00fc\u00e7\u00fck ama etkili bir rit\u00fcel gibi. En b\u00fcy\u00fck kazan\u00e7 da \u015fu: \u201cBir \u015fey olursa ne yapar\u0131z?\u201d sorusuna art\u0131k koro halinde cevap verebiliyor olmak.<\/p>\n<p>Ufak ipu\u00e7lar\u0131n\u0131 unutmay\u0131n. Ge\u00e7i\u015ften \u00f6nce TTL\u2019i d\u00fc\u015f\u00fcr\u00fcp sonra geri y\u00fckseltmek, zone dosyalar\u0131na k\u0131sa notlar eklemek, plan \u00e7\u0131kt\u0131s\u0131n\u0131 bir kenara kaydetmek ve DNSSEC\u2019te DS ad\u0131mlar\u0131n\u0131 aceleye getirmemek. Tak\u0131ld\u0131\u011f\u0131n\u0131z yerde nefes al\u0131p, daha sade bir \u00e7\u00f6z\u00fcmle yola devam etmek. Umar\u0131m bu rehber, sizin i\u00e7in de \u201cbir daha o panik olmaz\u201d dedirten bir yol haritas\u0131na d\u00f6n\u00fc\u015f\u00fcr. Sorular\u0131n\u0131z olursa not al\u0131n, bir sonraki yaz\u0131da derleyip yan\u0131tlayal\u0131m. \u015eimdilik benden bu kadar; kahve molas\u0131nda g\u00f6r\u00fc\u015f\u00fcr\u00fcz.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u0130&ccedil;indekiler1 Giri\u015f: K\u00fc\u00e7\u00fck Bir Kesinti, B\u00fcy\u00fck Bir Ders2 Neden \u00c7oklu Sa\u011flay\u0131c\u0131 DNS? K\u0131r\u0131lganl\u0131ktan Esnekli\u011fe3 octoDNS Nedir, Nas\u0131l D\u00fc\u015f\u00fcnmeliyiz?4 Haz\u0131rl\u0131k: Envanteri \u00c7\u0131kar, Riskleri Not Al, TTL\u2019i Konu\u015fal\u0131m5 octoDNS ile \u0130lk Kurulum: K\u00fc\u00e7\u00fck Bir Depo, Temiz Dosyalar6 Zero\u2011Downtime Ge\u00e7i\u015f: \u00c7ift Yay\u0131n, Temiz NS De\u011fi\u015fimi ve Sakin TTL7 Dayan\u0131kl\u0131l\u0131\u011f\u0131 Art\u0131rmak: Sa\u011fl\u0131k Kontrolleri, Yan\u0131t Politikalar\u0131 ve Basit Oyunlar8 S\u0131k [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1867,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-1866","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/1866","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=1866"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/1866\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/1867"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=1866"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=1866"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=1866"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}