CN102025713B - Access control method, system and DNS (Domain Name Server) server - Google Patents
Access control method, system and DNS (Domain Name Server) server Download PDFInfo
- Publication number
- CN102025713B CN102025713B CN201010110664.5A CN201010110664A CN102025713B CN 102025713 B CN102025713 B CN 102025713B CN 201010110664 A CN201010110664 A CN 201010110664A CN 102025713 B CN102025713 B CN 102025713B
- Authority
- CN
- China
- Prior art keywords
- user
- access
- website
- domain name
- website domain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses an access control method, an access control system and a DNS (Domain Name Server) server, used for effectively controlling bad information from flowing into the Internet in time to purify network environment. The access control method provided by the embodiment of the invention comprises the following steps of: inquiring acquired website domain name information which is prohibited from accessing for users by the DNS server when a domain name analysis request carrying a website domain name initiated by an access user is received; confirming that the website domain name is the one which is prohibited from accessing for access users according to the inquiring result and refusing a domain name analysis service aiming at the website domain name so as to prohibit the access users from accessing the website.
Description
Technical field
The present invention relates to IP (Internet Protocol, Internet protocol) network field, particularly relate to a kind of access control method, system and DNS (Domain Name System, domain name system) server.
Background technology
At present, the Internet also exists a large amount of objectionable websites that the flames such as reaction, supertition, pornographic are provided, make users often be subject to the infringement of various flame, severe contamination network environment.
Provide a kind of filtering scheme of objectionable website in prior art, based on intellectual analysis, detect the flame in website by the network traffics that capture in a large number in the Internet; For the flame detected, carry out shielding according to corresponding strategies, the content filtering operations such as replacement; Meanwhile, warning message and statistical information is provided to network management personnel.
The filtering scheme of the objectionable website provided in prior art, after the network traffics run in the Internet are captured, performing intellectual analysis and information filtering again, is a kind of passive solution, fundamentally cannot control flame and flow into the Internet; Meanwhile, need to dispose in the Internet that network traffics in large scale capture, the system of intellectual analysis and information filtering, require higher to the software and hardware of system, need huge network investment, and along with the increase of network traffics, system needs continuous dilatation.
Summary of the invention
The embodiment of the present invention provides a kind of access control method, system and dns server, controls flame inflow the Internet, purify Internet environment in order in time, effectively.
The access control method that the embodiment of the present invention provides, comprising:
When what domain name system DNS server received that access user initiates carries the domain name mapping request of website domain name, inquire about the website domain-name information of user's disable access got; And
When confirming that described website domain name is the website domain name of this access user disable access according to Query Result, refuse the domain name resolution service for described website domain name.
The access control system that the embodiment of the present invention provides, comprising:
Website programming server, for providing the website domain-name information of user's disable access;
Domain name system DNS server, for receive access user initiate carry the domain name mapping request of website domain name time, inquire about the website domain-name information of the user's disable access got from website programming server; And when confirming that described website domain name is the website domain name of this access user disable access according to Query Result, refuse the domain name resolution service for described website domain name.
A kind of domain name system DNS server that the embodiment of the present invention provides, comprising:
Acquiring unit, for obtaining the website domain-name information of user's disable access;
Query unit, for receive that access user initiates carry the domain name mapping request of website domain name time, inquire about the website domain-name information of user's disable access got;
Control unit, during for confirming that according to Query Result described website domain name is the website domain name of this access user disable access, refuses the domain name resolution service for described website domain name.
The access control method that the embodiment of the present invention provides, system and dns server, when access user initiates the domain name mapping for certain website, the not direct execution domains name analysis flow process of dns server, but before domain name resolution service is provided, inquire about the website domain-name information of the user's disable access got, if website domain name is the website domain name of this access user disable access, then dns server will not reoffer domain name resolution service, thus forbid that access user accesses this website.By refusing the domain name resolution service for objectionable website domain name in domain name resolution process, forbid the access of access user to objectionable website from root, thus in time, effectively control flame inflow the Internet, promote the fail safe of network environment.
Other features and advantages of the present invention will be set forth in the following description, and, partly become apparent from specification, or understand by implementing the present invention.Object of the present invention and other advantages realize by structure specifically noted in write specification, claims and accompanying drawing and obtain.
Accompanying drawing explanation
The access control method flow chart that Fig. 1 provides for the embodiment of the present invention;
The first access control flow chart based on domain name mapping that Fig. 2 provides for the embodiment of the present invention;
The second that Fig. 3 provides for the embodiment of the present invention is based on the access control flow chart of domain name mapping;
The access control system schematic diagram that Fig. 4 provides for the embodiment of the present invention;
The structured flowchart of the dns server that Fig. 5 provides for the embodiment of the present invention.
Embodiment
The embodiment of the present invention provides a kind of access control method, system and DNS (Domain Name System, domain name system) server, by refusing the domain name resolution service for objectionable website domain name in domain name resolution process, the access of access user to objectionable website is forbidden from root, thus in time, effectively control flame inflow the Internet, promote the fail safe of network environment.
Below in conjunction with Figure of description, the preferred embodiments of the present invention are described, be to be understood that, preferred embodiment described herein is only for instruction and explanation of the present invention, be not intended to limit the present invention, and when not conflicting, the embodiment in the present invention and the feature in embodiment can combine mutually.
First DNS is briefly described.In IP (Internet Protocol, Internet protocol) network, the major function of DNS is changed with the discernible IP address of network the domain name (Domain Name) being easy to people's memory.Conversion between domain name and IP address is called domain name mapping, and the network host of execution domains name analysis can be called dns server.In prior art, DNS provides three kinds of domain name mapping modes: local search, caching query and iterative query.If the access user of certain ISP (Internet Service Provider, ISP) inputs certain website domain name, then access user initiated domain name analysis request in a browser, wherein carry this website domain name; The dns server of this ISP, be commonly referred to as local dns server and receive this domain name mapping request, first local search is performed, the IP address that this website domain name is corresponding is inquired about in home domain name database, the home domain name of this dns server of ownership parsing and the corresponding relation of IP address is stored in home domain name database, if this website domain name is home domain name, then the IP address inquired directly is returned to access user by local dns server; If this website domain name is not home domain name, local dns server then performs caching query, query parse record (generally preserving non-local domain name parsed by iterative query mode in nearest a period of time and the IP address of correspondence thereof with the form of separating new record in buffer memory) in the buffer memory of this dns server, if there is the solution new record that this website domain name is relevant in the buffer, then the IP address inquired directly is returned to access user by local dns server; If the solution new record that this website domain name is not relevant in the buffer, local dns server finally performs iterative query, obtains IP address corresponding to this website domain name by iterative query.
The access control method that the embodiment of the present invention provides, as shown in Figure 1, comprises the steps:
When what S101, dns server received that access user initiates carries the domain name mapping request of website domain name, inquire about the website domain-name information of user's disable access got;
When S102, dns server are the website domain name of this access user disable access according to the website domain name that Query Result confirms in domain name mapping request, refuse the domain name resolution service for this website domain name, thus forbid that access user accesses this website.
In the embodiment of the present invention, the network equipment of the website domain-name information providing user's disable access can be called website programming server.In the concrete enforcement of S101, dns server obtains the website domain-name information of user's disable access from website programming server, the website domain-name information of user's disable access that website programming server provides generally upgrades at any time, the accuracy that flame flows into the Internet is controlled in order to promote further, the website domain-name information of user's disable access regularly can be synchronized to dns server by website programming server, synchronizing cycle can set flexibly according to actual conditions, such as one hour, one day etc.; Or the website domain-name information of user's disable access is synchronized to dns server by website programming server after the website domain-name information of user's disable access upgrades; Or the website domain-name information of user's disable access is synchronized to dns server by the disable access domain-name information synchronization request that website programming server is initiated according to dns server.
In the concrete enforcement of S102, one of following form refusal specifically can be adopted for the domain name resolution service of this website domain name, such as:
Dns server directly abandons this domain name mapping request;
Dns server returns refusal response to this access user;
Dns server returns to this access user the web IP address that the user specified allows access, wherein, the user specified allows the web IP address of accessing, can be the portal website IP address of this ISP, the portal website IP address of objectionable website regulator, can be even the IP address of a certain legitimate site.
Wherein, the preferred versions that the website domain-name information of user's disable access adopts can, for forbidding each website domain name that all users access, also can be each website domain name of the identification information of each user and the needs shielding of binding thereof.
The second preferred versions can be generated by the personalized customization of website programming server based on user, website programming server is needed to comprise objectionable website dns database, website domain name in website programming server can be classified according to content, such as, be divided into the types such as reaction, supertition, pornographic; In each type, classification can be carried out according to the undesirable level according to site information further, such as, be divided into one-level, secondary, the bad ranks such as three grades.Based on this, in objectionable website dns database, each website domain name is configured with content type and bad rank, website programming server comprises content type and poor graded website programming range query objectionable website dns database according to each customization, determines that each user needs each website domain name shielded; And each website domain name identification information of each user and its needs shielded is bound.In concrete enforcement, user can sign in website programming server, according to self-demand custom web site filter area by modes such as WEB or website programming clients.
For above-mentioned two kinds of preferred versions, introduce the access control flow process based on domain name mapping in detail.
If the website domain-name information of user's disable access is each website domain name of forbidding that all users access, accordingly based on the access control flow process of domain name mapping, as shown in Figure 2, comprising:
S201, suppose that access user inputs certain website domain name in a browser, then access user initiates the domain name mapping request of carrying website domain name;
S202, dns server receive the domain name mapping request of carrying website domain name that access user is initiated;
Website domain name in S203, dns server nslookup analysis request whether be included in forbid that all users access each website domain name within, if Query Result is yes, then perform S204, if Query Result is no, then perform S205;
In concrete enforcement, website programming server regularly or after forbidding each website domain name renewal that all users access or according to the disable access domain-name information synchronization request that dns server is initiated can will forbid that each website domain name that all users access is synchronized to dns server;
Website domain name in S204, dns server confirmation domain name mapping request is the website domain name of this access user disable access, refuses the domain name resolution service for this website domain name, thus forbids that access user accesses this website;
S205, dns server normal execution domains name analysis flow process, concrete perform flow process and prior art basically identical.
If the website domain-name information of user's disable access is each website domain name of the identification information of each user and the needs shielding of binding thereof, accordingly based on the access control flow process of domain name mapping, as shown in Figure 3, comprising:
S301, suppose that access user inputs certain website domain name in a browser, then access user initiates the domain name mapping request of carrying website domain name;
The identification information of user is generally the IP address of user or other identity information of user;
S302, dns server receive the domain name mapping request of carrying website domain name that access user is initiated;
The identification information of this access user that S303, dns server extract from domain name mapping request, and each website domain name determining the needs shielding that the identification information of this access user is bound;
In concrete enforcement, each website domain name of the needs shielding of the identification information of each user and binding thereof is synchronized to dns server by the disable access domain-name information synchronization request that can initiate regularly or after each website domain name of the needs shielding of the identification information of arbitrary user and binding thereof upgrades (such as increase or delete) or according to dns server of website programming server; Certainly, each website domain name of the needs shielding of identification information and binding thereof that the user upgraded occurs in current slot also only can be synchronized to dns server by website programming server;
Within each website domain name of the needs shielding that the identification information whether the website domain name in S304, dns server nslookup analysis request is included in this access user is bound, if Query Result is yes, if it is no for then performing S305 Query Result, then perform S306;
Website domain name in S305, dns server confirmation domain name mapping request is the website domain name of this access user disable access, refuses the domain name resolution service for this website domain name, thus forbids that access user accesses this website;
S306, dns server normal execution domains name analysis flow process, concrete perform flow process and prior art basically identical.
In concrete enforcement, some access user may adopt TCP (Transmission Control Protocol, transmission control protocol)/UDP (User Datagram Protocol, User Datagram Protoco (UDP)) mode, directly based on IP Address requests access websites or other non-HTTP (Hyper Text Transport Protocol, Hypertext Transfer Protocol) class application connect, and without the need to being carried out domain name mapping by dns server, for this situation, the validity that flame flows into the Internet is controlled in order to promote further, as improving and supplementing the above-mentioned access control scheme based on domain name mapping, the access control method that the embodiment of the present invention provides, also comprise accordingly based on the access control flow process that access connects, comprise the steps:
When step a, access control equipment receive access user IP address-based access request, inquire about the IP address information of the user's disable access got;
Described access control equipment can be the fluidic device of this access user access side, or the router that this access user accesses;
When step b, access control equipment are the IP address of this access user disable access according to the IP address that Query Result confirms in access request, the access refused for this IP address connects; In concrete enforcement, access control equipment is refused to connect for the access of this IP address by abandoning all packets relevant to this IP address, then application layer business cannot realize.
In the embodiment of the present invention, website programming server can also provide the IP address information of user's disable access.In the concrete enforcement of step a, access control equipment obtains the IP address information of user's disable access equally from website programming server.Similar with the website domain-name information of user's disable access, the IP address information of user's disable access that website programming server provides generally upgrades at any time, the accuracy that flame flows into the Internet is controlled in order to promote further, the IP address information of user's disable access regularly can be synchronized to access control equipment by website programming server, or after the IP address information of user's disable access upgrades, the IP address information of user's disable access is synchronized to access control equipment, or according to the disable access IP address information synchronization request that access control equipment is initiated, the IP address information of user's disable access is synchronized to access control equipment by website programming server.
Similar with the website domain-name information of user's disable access, the preferred versions that the IP address information of user's disable access adopts can, for forbidding the IP address that all users access, also can be each IP address of the identification information of each user and the needs shielding of binding thereof.
The second preferred versions can be generated by the personalized customization of website programming server based on user, website programming server is needed to comprise bad IP address database, can classify according to content in IP address in website programming server, such as, be divided into the types such as reaction, supertition, pornographic; In each type, classification can be carried out according to the undesirable level according to site information further, such as, be divided into one-level, secondary, the bad ranks such as three grades.Based on this, the meaningful type of each IP address configuration and bad rank in bad IP address database, website programming server comprises content type and poor graded website programming scope according to each customization, determines that each user needs each IP address shielded; And each IP address identification information of each user and its needs shielded is bound.In concrete enforcement, user can sign in website programming server, according to self-demand custom web site filter area by modes such as WEB or website programming clients.
For above-mentioned two kinds of preferred versions, the access control flow process based on access connection please refer to the access control flow process based on domain name mapping, and concrete enforcement repeats no more.
Based on same technical conceive, embodiments provide a kind of access control system, as shown in Figure 4, comprising:
Website programming server 401, for providing the website domain-name information of user's disable access;
Dns server 402, for receive access user initiate carry the domain name mapping request of website domain name time, inquire about the website domain-name information of the user's disable access got from website programming server; And when being the website domain name of this access user disable access according to the website domain name that Query Result confirms in domain name mapping request, refuse the domain name resolution service for the website domain name in domain name mapping request.
Wherein, website programming server 401, specifically for regularly or after the website domain-name information of user's disable access upgrades or according to the disable access domain-name information synchronization request that dns server is initiated being synchronized to dns server 402 by the website domain-name information of user's disable access.
The website domain-name information of user's disable access that website programming server 401 provides can be each website domain name of the identification information of each user and the needs shielding of binding thereof, in this case, the one possibility structure of website programming server 401, specifically comprises:
Objectionable website dns database, wherein each website domain name is configured with content type and bad rank;
Determining unit, for comprising content type and poor graded website programming range query objectionable website dns database according to each customization, determines that each user needs each website domain name shielded;
Binding unit, binds for each website domain name identification information of each user and its needs shielded.
In concrete enforcement, control to promote further the validity that flame flows into the Internet, access control system can also comprise access control equipment 403, wherein:
Website programming server 401, also for providing the IP address information of user's disable access;
Access control equipment 403, during for receiving access user IP address-based access request, inquires about the IP address information of the user's disable access got; And when being the IP address of this access user disable access according to the IP address that Query Result confirms in access request, the access refused for described IP address connects.
Wherein, website programming server 401, also specifically for regularly or after the IP address information of user's disable access upgrades or according to the disable access IP address information synchronization request that access control equipment is initiated the IP address information of user's disable access being synchronized to access control equipment 403.
The embodiment of the present invention provides a kind of possible structure of dns server simultaneously, as shown in Figure 5, comprising:
Acquiring unit 501, for obtaining the website domain-name information of user's disable access;
Query unit 502, for receive that access user initiates carry the domain name mapping request of website domain name time, inquire about the website domain-name information of user's disable access got;
Control unit 503, when the website domain name for confirming to carry in domain name mapping request according to Query Result is the website domain name of this access user disable access, refuses the domain name resolution service for the website domain name of carrying in domain name mapping request.
Wherein, control unit 503, during specifically for being the website domain name of this access user disable access according to the website domain name in Query Result confirmation domain name mapping request, directly abandon this domain name mapping request, or return refusal response to this access user, or return to this access user the web IP address that the user specified allows access.
In concrete enforcement, the website domain-name information of user's disable access can for forbidding each website domain name that all users access, each website domain name that also can shield for the identification information of each user and the needs customized in advance thereof:
If adopt the first preferred versions, query unit 502, within each website domain name of the needs shielding that the identification information whether the website domain name specifically for carrying in nslookup analysis request is included in this access user is bound; Control unit 503, if be yes specifically for Query Result, then the website domain name in confirmation domain name mapping request is the website domain name of this access user disable access.
If adopt the second preferred versions, query unit 502, specifically for the identification information according to this access user extracted from domain name mapping request, within each website domain name of the needs shielding that the identification information whether the website domain name in nslookup analysis request is included in this access user is bound; Control unit 503, if be yes specifically for Query Result, then the website domain name in confirmation domain name mapping request is the website domain name of this access user disable access.
The access control method that the embodiment of the present invention provides, system and dns server, when access user initiates the domain name mapping for certain website, the not direct execution domains name analysis flow process of dns server, but before domain name resolution service is provided, inquire about the website domain-name information of the user's disable access got, if website domain name is the website domain name of this access user disable access, then dns server will not reoffer domain name resolution service, thus forbid that access user accesses this website.By refusing the domain name resolution service for objectionable website domain name in domain name resolution process, forbid the access of access user to objectionable website from root, thus in time, effectively control flame inflow the Internet, promote the fail safe of network environment.
In the embodiment of the present invention, when access user initiates IP address-based access request, first access control equipment inquires about the IP address information of the user's disable access got, if the IP address in access request is the IP address of this access user disable access, then access control equipment refusal connects for the access of this IP address, thus forbids that access user accesses this resource.By the access control flow process connected based on access, can promote further and control the validity that flame flows into the Internet.
In the embodiment of the present invention, the objectionable website dns database that website programming server provides and bad IP address database can classified types and ranks, user can personalize all kinds and various rank website that need shielding by Website login filtering server, thus promotes the flexibility controlling flame inflow the Internet.
It will be understood by those skilled in the art that embodiments of the invention can be provided as method, device or computer program.Therefore, the present invention can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) of computer usable program code.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (12)
1. an access control method, is characterized in that, comprising:
Domain name system DNS server receive access user initiate carry the domain name mapping request of website domain name time, inquire about the website domain-name information of the user's disable access got, wherein, the website domain-name information of user's disable access is regular by website programming server, or after the website domain-name information of user's disable access upgrades, or be synchronized to dns server according to the disable access domain-name information synchronization request that dns server is initiated, and, the website domain-name information of described user's disable access is that the identification information of each user and the needs of binding thereof shield, the each website domain name generated based on the personalized customization of user by website programming server, and
When confirming that described website domain name is the website domain name of this access user disable access according to Query Result, refuse the domain name resolution service for described website domain name;
Wherein, described website programming server comprises objectionable website dns database, and in described objectionable website dns database, each website domain name is configured with content type and bad rank; And,
When the website domain-name information of described user's disable access be the identification information of each user and the needs shielding of binding thereof, each website domain name of being generated based on the personalized customization of user by website programming server time, website programming server generates the method for the website domain-name information of user's disable access, specifically comprises:
Website programming server comprises content type and poor graded website programming range query objectionable website dns database according to each customization, determines that each user needs each website domain name shielded; And
The each website domain name identification information of each user and its needs shielded is bound.
2. the method for claim 1, it is characterized in that, refuse the domain name resolution service for described website domain name, specifically comprise: directly abandon domain name analysis request, or return refusal response to this access user, or return to this access user the web IP address that the user specified allows access.
3. the method for claim 1, is characterized in that, the website domain-name information of described user's disable access is each website domain name of the identification information of each user and the needs shielding of binding thereof; And
If dns server is according to the identification information of this access user extracted from domain name analysis request, within each website domain name inquiring the needs shielding that identification information that described website domain name is included in this access user is bound, then confirm that described website domain name is the website domain name of this access user disable access.
4. the method for claim 1, is characterized in that, also comprises:
When access control equipment receives the access request of access user internet protocol-based IP address, inquire about the IP address information of the user's disable access got; And
When confirming that the IP address of request access is the IP address of this access user disable access according to Query Result, the access refused for described IP address connects.
5. method as claimed in claim 4, is characterized in that, also comprise:
The IP address information of user's disable access regularly or after the IP address information of user's disable access upgrades or according to the disable access IP address information synchronization request that access control equipment is initiated is synchronized to access control equipment by described website programming server.
6. method as claimed in claim 4, is characterized in that, described access control equipment is the fluidic device of this access user access side, or the router that this access user accesses.
7. an access control system, is characterized in that, comprising:
Website programming server, for regularly or after the website domain-name information of user's disable access upgrades or according to the disable access domain-name information synchronization request that dns server is initiated being synchronized to dns server by the website domain-name information of user's disable access;
Domain name system DNS server, for receive access user initiate carry the domain name mapping request of website domain name time, inquire about the website domain-name information of user's disable access got from website programming server, each website domain name that the website domain-name information of described user's disable access is the identification information of each user and the needs shielding of binding thereof, that generated based on the personalized customization of user by website programming server; And when confirming that described website domain name is the website domain name of this access user disable access according to Query Result, refuse the domain name resolution service for described website domain name;
Wherein, when the website domain-name information of described user's disable access be the identification information of each user and the needs shielding of binding thereof, each website domain name of being generated based on the personalized customization of user by website programming server time, described website programming server, specifically comprises:
Objectionable website dns database, wherein each website domain name is configured with content type and bad rank;
Determining unit, for comprising content type and poor graded website programming range query objectionable website dns database according to each customization, determines that each user needs each website domain name shielded;
Binding unit, binds for each website domain name identification information of each user and its needs shielded.
8. system as claimed in claim 7, is characterized in that, also comprise access control equipment, wherein:
Described website programming server, also for providing the internet protocol address information of user's disable access;
Described access control equipment, during for receiving access user IP address-based access request, inquires about the IP address information of the user's disable access got; And when confirming that the IP address of request access is the IP address of this access user disable access according to Query Result, the access refused for described IP address connects.
9. system as claimed in claim 8, is characterized in that,
Described website programming server, also specifically for regularly or after the IP address information of user's disable access upgrades or according to the disable access IP address information synchronization request that access control equipment is initiated the IP address information of user's disable access being synchronized to access control equipment.
10. a domain name system DNS server, is characterized in that, comprising:
Acquiring unit, for obtaining the website domain-name information of user's disable access;
Query unit, for receive access user initiate carry the domain name mapping request of website domain name time, inquire about the website domain-name information of the user's disable access got, wherein, website domain-name information is regular by website programming server, or after the website domain-name information of user's disable access upgrades, or be synchronized to dns server according to the disable access domain-name information synchronization request that dns server is initiated, and, the website domain-name information of described user's disable access is that the identification information of each user and the needs of binding thereof shield, the each website domain name generated based on the personalized customization of user by website programming server, wherein, when the website domain-name information of described user's disable access is that the identification information of each user and the needs of binding thereof shield, during each website domain name generated based on the personalized customization of user by website programming server, the website domain-name information of described user's disable access comprises content type and poor graded website programming range query objectionable website dns database by website programming server according to each customization, to determine each website domain name that each user needs to shield and each website domain name identification information of each user and its needs shielded is carried out binding and obtained afterwards,
Control unit, during for confirming that according to Query Result described website domain name is the website domain name of this access user disable access, refuses the domain name resolution service for described website domain name.
11. dns servers as claimed in claim 10, is characterized in that,
Described control unit, during specifically for confirming that according to Query Result described website domain name is the website domain name of this access user disable access, directly abandon domain name analysis request, or return refusal response to this access user, or return to this access user the web IP address that the user specified allows access.
12. dns servers as claimed in claim 10, is characterized in that, the website domain-name information of user's disable access is the identification information of each user and each website domain name of needs shielding of customizing in advance thereof; And
Described query unit, specifically for according to the identification information of this access user extracted from domain name analysis request, within each website domain name of inquiring about the needs shielding that identification information that whether described website domain name be included in this access user is bound;
Described control unit, if be yes specifically for Query Result, then confirms that described website domain name is the website domain name of this access user disable access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010110664.5A CN102025713B (en) | 2010-02-09 | 2010-02-09 | Access control method, system and DNS (Domain Name Server) server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010110664.5A CN102025713B (en) | 2010-02-09 | 2010-02-09 | Access control method, system and DNS (Domain Name Server) server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102025713A CN102025713A (en) | 2011-04-20 |
| CN102025713B true CN102025713B (en) | 2015-04-22 |
Family
ID=43866570
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010110664.5A Active CN102025713B (en) | 2010-02-09 | 2010-02-09 | Access control method, system and DNS (Domain Name Server) server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102025713B (en) |
Families Citing this family (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102891794B (en) * | 2011-07-22 | 2015-07-29 | 华为技术有限公司 | A kind of method that data packet transmission controls and gateway |
| CN102291268B (en) * | 2011-09-23 | 2014-11-26 | 杜跃进 | Safety domain name server and hostile domain name monitoring system and method based on same |
| CN103546434A (en) * | 2012-07-13 | 2014-01-29 | 中国电信股份有限公司 | Network access control method, device and system |
| CN102932375B (en) * | 2012-11-22 | 2015-10-07 | 北京奇虎科技有限公司 | The means of defence of access to netwoks behavior and device |
| CN102916983B (en) * | 2012-11-22 | 2015-08-05 | 北京奇虎科技有限公司 | The guard system of access to netwoks behavior |
| CN103037029B (en) * | 2012-12-10 | 2014-10-01 | 中国科学院计算机网络信息中心 | Binding registration based domain name WHOIS query method and binding registration based domain name WHOIS service system |
| CN102984177B (en) * | 2012-12-24 | 2016-01-27 | 珠海市君天电子科技有限公司 | Method and device for identifying remote control trojan |
| CN103064979A (en) * | 2013-01-15 | 2013-04-24 | 中兴通讯股份有限公司 | Router and method for implementing same to process web page data |
| CN103327025B (en) * | 2013-06-28 | 2016-08-24 | 北京奇虎科技有限公司 | Method for network access control and device |
| CN103647774A (en) * | 2013-12-13 | 2014-03-19 | 扬州永信计算机有限公司 | Web content information filtering method based on cloud computing |
| CN104202307B (en) * | 2014-08-15 | 2018-06-08 | 小米科技有限责任公司 | Data forwarding method and device |
| CN104301180B (en) * | 2014-10-16 | 2018-05-15 | 新华三技术有限公司 | A kind of service message processing method and equipment |
| CN105162898B (en) * | 2015-09-18 | 2019-03-19 | 互联网域名系统北京市工程研究中心有限公司 | DNS and DHCP, IPAM realize the method and device of intelligently parsing |
| CN106506729B (en) * | 2017-01-11 | 2019-11-19 | 中国互联网络信息中心 | A kind of DNS policy resolution method and device based on DNS view |
| CN110446214A (en) * | 2018-05-03 | 2019-11-12 | 中兴通讯股份有限公司 | Manage method, device and equipment, the storage medium of network access process |
| CN109600385B (en) * | 2018-12-28 | 2021-06-15 | 绿盟科技集团股份有限公司 | Access control method and device |
| WO2020199029A1 (en) * | 2019-03-29 | 2020-10-08 | 华为技术有限公司 | Data processing method and apparatus therefor |
| CN110430188B (en) * | 2019-08-02 | 2022-04-19 | 武汉思普崚技术有限公司 | Rapid URL filtering method and device |
| CN112653772B (en) * | 2019-10-11 | 2023-04-07 | 成都鼎桥通信技术有限公司 | Domain name management method, device and storage medium |
| CN111953702B (en) * | 2020-08-19 | 2022-11-22 | 深信服科技股份有限公司 | Network access control method and related device |
| CN114726566A (en) * | 2021-01-05 | 2022-07-08 | 中国移动通信有限公司研究院 | Website filtering method, device and node |
| CN114401129B (en) * | 2022-01-04 | 2024-02-13 | 烽火通信科技股份有限公司 | Internet surfing behavior control method, DNS server, home gateway and storage medium |
| CN115051867B (en) * | 2022-06-22 | 2024-04-09 | 深信服科技股份有限公司 | Illegal external connection behavior detection method and device, electronic equipment and medium |
| CN116723172A (en) * | 2023-08-07 | 2023-09-08 | 北京安迪盟科技有限责任公司 | Domain name access control method and device, computer storage medium and electronic equipment |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1453954A (en) * | 2002-04-22 | 2003-11-05 | 华为技术有限公司 | System and method for managing access authority of network users |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1705270A (en) * | 2004-05-26 | 2005-12-07 | 华为技术有限公司 | System and method for controlling network access |
-
2010
- 2010-02-09 CN CN201010110664.5A patent/CN102025713B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1453954A (en) * | 2002-04-22 | 2003-11-05 | 华为技术有限公司 | System and method for managing access authority of network users |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102025713A (en) | 2011-04-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102025713B (en) | Access control method, system and DNS (Domain Name Server) server | |
| US8443452B2 (en) | URL filtering based on user browser history | |
| US9307036B2 (en) | Web access using cross-domain cookies | |
| CN102333122B (en) | Downloaded resource provision method, device and system | |
| JP5463268B2 (en) | Anti-virus protection system and method | |
| US20080184357A1 (en) | Firewall based on domain names | |
| US20130346539A1 (en) | Client side cache management | |
| US20090055929A1 (en) | Local Domain Name Service System and Method for Providing Service Using Domain Name Service System | |
| US20130166595A1 (en) | System and method for controlling access to files | |
| CN109802919B (en) | Web page access intercepting method and device | |
| CN110430188B (en) | Rapid URL filtering method and device | |
| CN101488965B (en) | Domain name filtering system and method | |
| EP2318955A1 (en) | System and method for dynamic and real-time categorization of webpages | |
| CN102724189A (en) | Method and device for controlling user URL (uniform resource locator) access | |
| CN102752300A (en) | Dynamic antitheft link system and dynamic antitheft link method | |
| CN105338126A (en) | Method and server of remote information query | |
| CN106790593B (en) | Page processing method and device | |
| US10931688B2 (en) | Malicious website discovery using web analytics identifiers | |
| CN104301311A (en) | Method and device for filtering network data content through DNS | |
| EP2224661A1 (en) | A method, system and apparatus of affair control | |
| US20040122916A1 (en) | Establishment of network connections | |
| JP2011221616A (en) | Url filtering system, system control method, and system control program | |
| CN106411819A (en) | Method and apparatus for recognizing proxy Internet protocol address | |
| KR101622876B1 (en) | Apparatus and method for blocking access to unallowable site | |
| CN112600847B (en) | Business processing method, system, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |