CN107707569A - DNS request processing method and DNS systems - Google Patents
DNS request processing method and DNS systems Download PDFInfo
- Publication number
- CN107707569A CN107707569A CN201711107626.2A CN201711107626A CN107707569A CN 107707569 A CN107707569 A CN 107707569A CN 201711107626 A CN201711107626 A CN 201711107626A CN 107707569 A CN107707569 A CN 107707569A
- Authority
- CN
- China
- Prior art keywords
- dns request
- dns
- user terminal
- address
- degree
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of DNS request processing method and DNS systems, and applied to DNS systems, methods described includes:Obtain the DNS request that user terminal is sent;The DNS request is parsed, obtains the degree of danger parameter of the DNS request;When the degree of danger parameter is less than the first predetermined threshold value, internet-ip address corresponding to the DNS request is fed back to the user terminal;When the degree of danger parameter is higher than first predetermined threshold value, using the DNS request as dangerous DNS request, a preset IP address is fed back to the user terminal.In this way, just dangerous network attack that may be present is intercepted when handling DNS request, it is possible to reduce the input of server resource or bandwidth resources during confrontation attack in force, and protection effect is preferable.
Description
Technical field
The present invention relates to technical field of network security, in particular to a kind of DNS request processing method and DNS systems.
Background technology
CC (Challenge Collapsar) attacks are DDoS (Distributed Denial of Service, distributions
Formula refusal service) attack one kind, belong to a kind of attacking wayses that hacker commonly uses.Hacker would generally pass through a large amount of proxy servers
Or puppet's machine, initiate substantial amounts of request simultaneously to destination server, cause destination server resource or bandwidth resources to exhaust, so as to
Hinder the normal operation of destination server.When existing confrontation is more than the method that the extensive CC of self-defense ability is attacked, Chang Cai
Tackled with the mode for stacking server or increase bandwidth, newly-increased resource is idle when not receiving attack, so as to lead
Operation cost increase is caused, wastes resource.
The content of the invention
In order to overcome above-mentioned deficiency of the prior art, it is an object of the invention to provide a kind of DNS request processing method,
Applied to DNS systems, methods described includes:
Obtain DNS request;
The DNS request is parsed, obtains the degree of danger parameter of the DNS request;
When the degree of danger parameter is less than the first predetermined threshold value, it is corresponding to feed back the DNS request to the user terminal
Internet-ip address;
When the degree of danger parameter is higher than first predetermined threshold value, using the DNS request as dangerous DNS request,
A preset IP address is fed back to the user terminal.
Alternatively, in the above-mentioned methods, the DNS request includes the IP address for sending the user terminal of the DNS request;Institute
State DNS systems and prestore white list and blacklist;Before the step of described pair of DNS request parses, methods described is also
Including:
Whether the IP address that inquiry sends the user terminal of the DNS request has note in the white list or blacklist
Record;
When the IP address of the user terminal has record in the white list, the DNS request is responded, it is whole to the user
Feed back web IP address corresponding to the DNS request in end;
When the IP address of the user terminal has record in the blacklist, feed back one to the user terminal and preset
IP address;
When the user terminal does not record in the white list and blacklist, then perform and the DNS request is entered
The step of row parsing.
Alternatively, in the above-mentioned methods, the DNS systems prestore degree of danger judgment rule, and the degree of danger judges
Rule includes dangerous values corresponding to different preparatory conditions;The described pair of DNS request parses, and obtains the danger of the DNS request
The step of extent index, including:
The DNS request is parsed, for each preparatory condition, judges whether the DNS request meets the preparatory condition,
When the DNS request meets the preparatory condition, degree of danger parameter corresponding to the DNS request is increased corresponding dangerous
Value.
Alternatively, in the above-mentioned methods, it is described for each preparatory condition, judge whether the DNS request meets this
Preparatory condition, when the DNS request meets the preparatory condition, phase is increased to degree of danger parameter corresponding to the DNS request
The step of dangerous values answered, including:
Judge whether include non-standard HTTP heads in the DNS request, if so, then by dangerous journey corresponding to the DNS request
Spending parameter increases by the first dangerous values;
Judging to send the IP address of the DNS request, whether the access frequency in preset time is more than the second default threshold
Value, if so, degree of danger parameter corresponding to the DNS request then is increased into the second dangerous values;
Judge whether the DNS request asks the URL of access preset, if so, then by degree of danger corresponding to the DNS request
Parameter increases by the second dangerous values;
Judge whether request Concurrency accesses identical file to the DNS request, if so, then will be dangerous corresponding to the DNS request
Extent index increases by the second dangerous values;
Judge whether the URL addresses that the DNS request accesses are to generate at random, if so, then by danger corresponding to the DNS request
Dangerous extent index increases by the first dangerous values;
Judge whether the user terminal for sending the DNS request uses Agent IP, if so, then by corresponding to the DNS request
Degree of danger parameter increases by the second dangerous values;
Wherein, first dangerous values are more than second dangerous values.
Alternatively, in the above-mentioned methods, the preset IP address fed back to the user terminal is loopback address, makes the user
The access request of terminal points to the user terminal in itself.
Alternatively, in the above-mentioned methods, the DNS systems communicate with public dns server, and methods described also includes:
Set NS to record for the domain name of targeted website, make public dns server by for the domain name of the targeted website
The DNS request of initiation is sent to the DNS systems.
Alternatively, in the above-mentioned methods, the DNS systems support edns-client-subnet Extended Protocols, pass through institute
State the IP that edns-client-subnet Extended Protocols obtain the user terminal for sending the DNS request from public dns server
Address.
Alternatively, in the above-mentioned methods, using the DNS request as dangerous DNS request, one is fed back to the user terminal
After the step of preset IP address, methods described also includes:
The IP address of the user terminal is recorded into the blacklist.
Alternatively, in the above-mentioned methods, using the DNS request as dangerous DNS request, one is fed back to the user terminal
After the step of preset IP address, methods described also includes:
The number that user terminal sends dangerous DNS request is recorded, the number that DNS request is sent when the user terminal exceedes
During three predetermined threshold values, the IP address of the user terminal is recorded into the blacklist.
Another object of the present invention is to provide a kind of DNS systems, including:
Acquisition module, for obtaining DNS request;
Parsing module, for being parsed to the DNS request, obtain the degree of danger parameter of the DNS request;
First execution module, it is anti-to the user terminal for when the degree of danger parameter is less than the first predetermined threshold value
Present internet-ip address corresponding to the DNS request;
Second execution module, for when the degree of danger parameter is higher than first predetermined threshold value, by the DNS request
As dangerous DNS request, a preset IP address is fed back to the user terminal.
In terms of existing technologies, the invention has the advantages that:
DNS request processing method and DNS systems provided by the invention, by the way that when carrying out DNS request parsing, judging can
Can be the DNS request of dangerous network attack, for be probably dangerous network attack DNS request without response, and return pre-
If IP address.In this way, just dangerous network attack that may be present is intercepted when handling DNS request, it is possible to reduce
The input of server resource or bandwidth resources when resisting attack in force, and protection effect is preferable.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by embodiment it is required use it is attached
Figure is briefly described, it will be appreciated that the following drawings illustrate only certain embodiments of the present invention, therefore be not construed as pair
The restriction of scope, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to this
A little accompanying drawings obtain other related accompanying drawings.
Fig. 1 is one of DNS systematic differences schematic diagram of a scenario provided in an embodiment of the present invention;
Fig. 2 is the two of DNS systematic differences schematic diagram of a scenario provided in an embodiment of the present invention;
Fig. 3 is the step schematic flow sheet of DNS request processing method provided in an embodiment of the present invention;
Fig. 4 is the schematic diagram of degree of danger judgment rule provided in an embodiment of the present invention;
Fig. 5 is the schematic diagram of DNS request processing unit provided in an embodiment of the present invention.
Icon:100-DNS systems;111- acquisition modules;112- parsing modules;The execution modules of 113- first;114- second
Execution module;200- user terminals;The public dns servers of 300-;The server of 400- targeted websites.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
Part of the embodiment of the present invention, rather than whole embodiments.The present invention implementation being generally described and illustrated herein in the accompanying drawings
The component of example can be configured to arrange and design with a variety of.
Therefore, below the detailed description of the embodiments of the invention to providing in the accompanying drawings be not intended to limit it is claimed
The scope of the present invention, but be merely representative of the present invention selected embodiment.It is common based on the embodiment in the present invention, this area
The every other embodiment that technical staff is obtained under the premise of creative work is not made, belong to the model that the present invention protects
Enclose.
It should be noted that:Similar label and letter represents similar terms in following accompanying drawing, therefore, once a certain Xiang Yi
It is defined, then it further need not be defined and explained in subsequent accompanying drawing in individual accompanying drawing.
In the description of the invention, it is necessary to which explanation, term " first ", " second ", " the 3rd " etc. are only used for differentiation and retouched
State, and it is not intended that instruction or hint relative importance.
In the description of the invention, it is also necessary to explanation, unless otherwise clearly defined and limited, term " setting ",
" installation ", " connected ", " connection " should be interpreted broadly, for example, it may be fixedly connected or be detachably connected, or one
Connect body;Can be mechanical connection or electrical connection;Can be joined directly together, can also be indirect by intermediary
It is connected, can is the connection of two element internals.For the ordinary skill in the art, on being understood with concrete condition
State the concrete meaning of term in the present invention.
Fig. 1 is refer to, Fig. 1 is a kind of application scenarios schematic diagram for DNS systems 100 that present pre-ferred embodiments provide.
The DNS systems 100 can communicate with user terminal 200, and the DNS request sent to the user terminal 200 judges,
When the DNS request may be the DNS request of dangerous network attack (such as CC attacks), the DNS request is not responding to, is made described
User terminal 200 can not have access to the target attacked;When the DNS request is not the DNS request of dangerous network attack,
The DNS request is responded, feeds back corresponding web IP address to the user terminal 200.
In a kind of possible embodiment of the present embodiment, the DNS systems 100 can be public DNS systems 100,
The CC attack protection of universality is provided.
In the alternatively possible embodiment of the present embodiment, the DNS systems 100 can also be for for target
The server 400 of website carries out the specific DNS systems 100 of CC attack protection.It refer to Fig. 2, in the present embodiment, this implementation
The DNS systems 100 that mode provides can be connected with public dns server 300., can for the domain name of the targeted website
The setting of NS records is carried out with the DNS systems 100 first provided the public dns server 300 and the present embodiment, makes institute
State public dns server 300 DNS request initiated for the target domain name is sent to described in present embodiment provides
DNS systems 100 are parsed.Special protection is carried out to the server 400 of the targeted website in this way, realizing.
Fig. 3 is refer to, Fig. 3 is a kind of flow of DNS request processing method applied to the DNS systems 100 shown in Fig. 1
Figure, methods described will be described in detail including each step below.
Step S110, obtain user terminal 200 and send DNS request.
In the present embodiment, the DNS systems 100 can directly receive the DNS request of the transmission of user terminal 200, and obtain
Obtain the IP address of the user terminal 200.The DNS systems 100 can also receive DNS by public dns server 300 please
Ask, wherein, the DNS systems 100 support edns-client-subnet Extended Protocols, pass through the edns-client-
Subnet Extended Protocols obtain the IP address for the user terminal 200 for sending the DNS request from public dns server 300.
Step S120, inquiry send the IP address of the user terminal 200 of the DNS request in the white list or blacklist
In whether have record.
In embodiment, the DNS systems 100 prestore white list and blacklist, and the DNS systems 100 are receiving
After the DNS request, first judge the IP address of the user terminal 200 of the DNS request is in the white list or blacklist
It is no to have record.
When the IP address of the user terminal 200 has record in the white list, it is possible to determine that be that the DNS request is
Normal DNS request, it is not necessary to carry out protective treatment, then the DNS systems 100 respond the DNS request, into step S130.
When the IP address of the user terminal 200 has record in the blacklist, it is possible to determine that be that the DNS request is
The DNS request of CC attacks to the DNS request, it is necessary to intercept, then the DNS systems 100 are not responding to the DNS request, enter
Step S140.
When the user terminal 200 does not record in the white list and blacklist, the DNS systems 100 need
Determined whether, into step S150.
Step S130, the DNS request is responded, feed back web IP address corresponding to the DNS request to the user terminal 200.
Step S140, feed back a preset IP address to the user terminal 200.
In the present embodiment, for may be CC attack DNS request, the DNS systems 100 without response, return
One preset address so that the target attacked can not be had access to by sending the user terminal 200 of the DNS request.Wherein, it is described pre-
If address can be address blank, or can send address (127.0.0.1).
In this way, the method that the present embodiment provides, can just carry out security protection when parsing DNS request, make what CC was attacked
The target attacked can not be reached by accessing, and the target attacked avoids the need for by way of stacking server or increase bandwidth pair
Anti- extensive CC attacks.
Step S150, the DNS request is parsed, obtain the degree of danger parameter of the DNS request.
In the present embodiment, if sending the IP address of the DNS request neither in the white list, and not described black
In list, then the DNS systems 100 are further parsed to the DNS request.
Alternatively, the DNS systems 100 prestore degree of danger judgment rule, and the degree of danger judgment rule is included not
With dangerous values corresponding to preparatory condition.The DNS systems 100 parse the DNS request, for each preparatory condition, sentence
Whether the DNS request of breaking meets the preparatory condition, corresponding to the DNS request when the DNS request meets the preparatory condition
Degree of danger parameter increase corresponding dangerous values.
For example, the DNS systems 100 can include the preparatory condition and dangerous values of following corresponding relation:
Judge whether include non-standard HTTP heads in the DNS request, if so, then by dangerous journey corresponding to the DNS request
Spending parameter increases by the first dangerous values.
Judging to send the IP address of the DNS request, whether the access frequency in preset time is more than the second default threshold
Value, if so, degree of danger parameter corresponding to the DNS request then is increased into the second dangerous values.Wherein, the preset time can be
10 seconds.
Judge whether the DNS request asks the URL of access preset, if so, then by degree of danger corresponding to the DNS request
Parameter increases by the second dangerous values.
Judge whether request Concurrency accesses identical file to the DNS request, if so, then will be dangerous corresponding to the DNS request
Extent index increases by the second dangerous values.
Judge whether the URL addresses that the DNS request accesses are to generate at random, if so, then by danger corresponding to the DNS request
Dangerous extent index increases by the first dangerous values.
Judge whether the user terminal 200 for sending the DNS request uses Agent IP, if so, then that the DNS request is corresponding
Degree of danger parameter increase the second dangerous values.
Wherein, first dangerous values are more than second dangerous values, for example, refer to Fig. 4, described first is that limitation can
Think 10, described second is that limitation can be 5.
Enter step S160 after degree of danger parameter corresponding to the DNS request is obtained.
Step S160, judges whether the degree of danger parameter is more than the first predetermined threshold value.
When the degree of danger parameter is less than the first predetermined threshold value, into step S130.
When the degree of danger parameter is higher than first predetermined threshold value, using the DNS request as dangerous DNS request,
Into step S140.
Alternatively, after using the DNS request as dangerous DNS request, the dns server can will send the DNS
The IP address of request is recorded into the blacklist.
Alternatively, after using the DNS request as dangerous DNS request, the DNS systems 100 can record the use
Family terminal 200 sends the number of dangerous DNS request, and the number that DNS request is sent when the user terminal 200 is default more than the 3rd
During threshold value, the IP address of the user terminal 200 is recorded into the blacklist.
Fig. 5 is refer to, the present embodiment also provides a kind of DNS systems 100, and the DNS systems 100 include acquisition module
111st, parsing module 112, the first execution module 113 and the second execution module 114.
The acquisition module 111, for obtaining DNS request.
In the present embodiment, the acquisition module 111 can be used for performing the step S110 shown in Fig. 3, on the acquisition mould
The specific descriptions of block 111 can join the description to the step S110.
The parsing module 112, for being parsed to the DNS request, obtain the degree of danger parameter of the DNS request.
In the present embodiment, the parsing module 112 can be used for performing the step S120 shown in Fig. 3, on the parsing mould
The specific descriptions of block 112 can join the description to the step S120.
First execution module 113, for when the degree of danger parameter is less than the first predetermined threshold value, to the user
Terminal 200 feeds back internet-ip address corresponding to the DNS request.
In the present embodiment, first execution module 113 can be used for performing the step S130 shown in Fig. 3, on described the
The specific descriptions of one execution module 113 can join the description to the step S130.
Second execution module 114, for when the degree of danger parameter is higher than first predetermined threshold value, by this
DNS request feeds back a preset IP address as dangerous DNS request to the user terminal 200.
In the present embodiment, second execution module 114 can be used for performing the step S140 shown in Fig. 3, on described the
The specific descriptions of two execution modules 114 can join the description to the step S140.
In summary, DNS request processing method and DNS systems 100 provided by the invention, by carrying out DNS request solution
During analysis, judge be probably dangerous network attack DNS request, for be probably dangerous network attack DNS request without
Response, and return to the preset IP address.In this way, just dangerous network attack that may be present is entered when handling DNS request
Go interception, it is possible to reduce the input of server resource or bandwidth resources during confrontation attack in force, and protection effect is preferable.
In embodiment provided herein, it should be understood that disclosed apparatus and method, can also be by other
Mode realize.Device embodiment described above is only schematical, for example, the flow chart and block diagram in accompanying drawing are shown
According to the device, the architectural framework in the cards of method and computer program product, function of multiple embodiments of the present invention
And operation.At this point, each square frame in flow chart or block diagram can represent one of a module, program segment or code
Point, a part for the module, program segment or code includes one or more and is used to realize the executable of defined logic function
Instruction.It should also be noted that at some as in the implementation replaced, the function of being marked in square frame can also be with different from attached
The order marked in figure occurs.For example, two continuous square frames can essentially perform substantially in parallel, they also may be used sometimes
To perform in the opposite order, this is depending on involved function.It is it is also noted that each in block diagram and/or flow chart
The combination of square frame and the square frame in block diagram and/or flow chart, can use function or action as defined in performing it is special based on
The system of hardware is realized, or can be realized with the combination of specialized hardware and computer instruction.
In addition, each functional module in each embodiment of the present invention can integrate to form an independent portion
Point or modules individualism, can also two or more modules be integrated to form an independent part.
If the function is realized in the form of software function module and is used as independent production marketing or in use, can be with
It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words
The part to be contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter
Calculation machine software product is stored in a storage medium, including some instructions are causing a computer equipment (can be
People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the present invention.
And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality
Body or operation make a distinction with another entity or operation, and not necessarily require or imply and deposited between these entities or operation
In any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant are intended to
Nonexcludability includes, so that process, method, article or equipment including a series of elements not only will including those
Element, but also the other element including being not expressly set out, or it is this process, method, article or equipment also to include
Intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that
Other identical element also be present in process, method, article or equipment including the key element.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained
Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be defined by scope of the claims.
Claims (10)
- A kind of 1. DNS request processing method, applied to DNS systems, it is characterised in that methods described includes:Obtain the DNS request that user terminal is sent;The DNS request is parsed, obtains the degree of danger parameter of the DNS request;When the degree of danger parameter is less than the first predetermined threshold value, fed back to the user terminal corresponding to the DNS request mutually Networking IP address;When the degree of danger parameter is higher than first predetermined threshold value, using the DNS request as dangerous DNS request, to this User terminal feeds back a preset IP address.
- 2. according to the method for claim 1, it is characterised in that the user that the DNS request includes sending the DNS request is whole The IP address at end;The DNS systems prestore white list and blacklist;The described pair of DNS request parses the step of it Before, methods described also includes:Whether the IP address that inquiry sends the user terminal of the DNS request has record in the white list or blacklist;When the IP address of the user terminal has record in the white list, the DNS request is responded, it is anti-to the user terminal Present web IP address corresponding to the DNS request;When the IP address of the user terminal has record in the blacklist, to the user terminal with feeding back the default IP Location;When the user terminal does not record in the white list and blacklist, then perform and the DNS request is solved The step of analysis.
- 3. method according to claim 1 or 2, it is characterised in that the DNS systems prestore degree of danger judgment rule, The degree of danger judgment rule includes dangerous values corresponding to different preparatory conditions;The described pair of DNS request parses, and obtains The step of degree of danger parameter of the DNS request, including:The DNS request is parsed, for each preparatory condition, judges whether the DNS request meets the preparatory condition, works as institute When stating DNS request and meeting the preparatory condition, corresponding dangerous values are increased to degree of danger parameter corresponding to the DNS request.
- 4. according to the method for claim 3, it is characterised in that it is described for each preparatory condition, judge that the DNS please Seeking Truth is no to meet the preparatory condition, when the DNS request meets the preparatory condition, to degree of danger corresponding to the DNS request Parameter increases the step of corresponding dangerous values, including:Judge whether include non-standard HTTP heads in the DNS request, if so, then joining degree of danger corresponding to the DNS request Number the first dangerous values of increase;Whether judge to send access frequency of the IP address of the DNS request in preset time more than the second predetermined threshold value, if It is that degree of danger parameter corresponding to the DNS request is then increased into by the second dangerous values;Judge whether the DNS request asks the URL of access preset, if so, then by degree of danger parameter corresponding to the DNS request Increase by the second dangerous values;Judge whether request Concurrency accesses identical file to the DNS request, if so, then by degree of danger corresponding to the DNS request Parameter increases by second dangerous values;Judge whether the URL addresses that the DNS request accesses are to generate at random, if so, then by dangerous journey corresponding to the DNS request Spending parameter increases by first dangerous values;Judge whether the user terminal for sending the DNS request uses Agent IP, if so, then will be dangerous corresponding to the DNS request Extent index increases by second dangerous values;Wherein, first dangerous values are more than second dangerous values.
- 5. method according to claim 1 or 2, it is characterised in that to the user terminal feed back preset IP address be Loopback address, the access request of the user terminal is set to point to the user terminal in itself.
- 6. method according to claim 1 or 2, it is characterised in that the DNS systems communicate with public dns server, institute Stating method also includes:Set NS to record for the domain name of targeted website, make public dns server by the domain name initiation for the targeted website DNS request be sent to the DNS systems.
- 7. according to the method for claim 6, it is characterised in that the DNS systems support edns-client-subnet to expand Agreement is opened up, the DNS systems are obtained from public dns server by the edns-client-subnet Extended Protocols and send institute State the IP address of the user terminal of DNS request.
- 8. according to the method for claim 2, it is characterised in that using the DNS request as dangerous DNS request, to the use After family terminal feeds back the step of preset IP address, methods described also includes:The IP address of the user terminal is recorded into the blacklist.
- 9. according to the method for claim 2, it is characterised in that using the DNS request as dangerous DNS request, to the use After family terminal feeds back the step of preset IP address, methods described also includes:The number that user terminal sends dangerous DNS request is recorded, when the user terminal sends the number of DNS request more than the 3rd During predetermined threshold value, the IP address of the user terminal is recorded into the blacklist.
- 10. a kind of DNS systems, it is characterised in that the DNS systems include:Acquisition module, the acquisition DNS request sent for user terminal;Parsing module, for being parsed to the DNS request, obtain the degree of danger parameter of the DNS request;First execution module, for when the degree of danger parameter is less than the first predetermined threshold value, feeding back institute to the user terminal State internet-ip address corresponding to DNS request;Second execution module, for when the degree of danger parameter is higher than first predetermined threshold value, using the DNS request as Dangerous DNS request, feed back a preset IP address to the user terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711107626.2A CN107707569A (en) | 2017-11-10 | 2017-11-10 | DNS request processing method and DNS systems |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711107626.2A CN107707569A (en) | 2017-11-10 | 2017-11-10 | DNS request processing method and DNS systems |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107707569A true CN107707569A (en) | 2018-02-16 |
Family
ID=61179862
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711107626.2A Pending CN107707569A (en) | 2017-11-10 | 2017-11-10 | DNS request processing method and DNS systems |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107707569A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108650244A (en) * | 2018-04-24 | 2018-10-12 | 网宿科技股份有限公司 | A kind of domain name analytic method, terminal and recurrence dns server |
CN112202776A (en) * | 2020-09-29 | 2021-01-08 | 中移(杭州)信息技术有限公司 | Source station protection method and network equipment |
CN113596186A (en) * | 2021-06-24 | 2021-11-02 | 北京网瑞达科技有限公司 | DNS access resolution method and system based on scene |
CN114244593A (en) * | 2021-12-08 | 2022-03-25 | 杭州安恒信息技术股份有限公司 | DNS security defense method and system, electronic equipment and medium |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101834866A (en) * | 2010-05-05 | 2010-09-15 | 北京来安科技有限公司 | CC (Communication Center) attack protective method and system thereof |
CN103152357A (en) * | 2013-03-22 | 2013-06-12 | 北京网御星云信息技术有限公司 | Defense method, device and system for DNS (Domain Name System) services |
CN103581363A (en) * | 2013-11-29 | 2014-02-12 | 杜跃进 | Method and device for controlling baleful domain name and illegal access |
CN103634315A (en) * | 2013-11-29 | 2014-03-12 | 杜跃进 | Front end control method and system of domain name server (DNS) |
CN103957195A (en) * | 2014-04-04 | 2014-07-30 | 上海聚流软件科技有限公司 | DNS system and defense method and device for DNS attack |
CN104468860A (en) * | 2014-12-04 | 2015-03-25 | 北京奇虎科技有限公司 | Method and device for recognizing risk of domain name resolution server |
CN104506538A (en) * | 2014-12-26 | 2015-04-08 | 北京奇虎科技有限公司 | Machine learning type domain name system security defense method and device |
CN106230861A (en) * | 2016-09-07 | 2016-12-14 | 上海斐讯数据通信技术有限公司 | A kind of router fire wall lower network access method and router |
CN107124434A (en) * | 2017-07-06 | 2017-09-01 | 中国互联网络信息中心 | A kind of discovery method and system of DNS malicious attacks flow |
CN108418780A (en) * | 2017-02-10 | 2018-08-17 | 阿里巴巴集团控股有限公司 | Filter method and device, system, the dns server of IP address |
-
2017
- 2017-11-10 CN CN201711107626.2A patent/CN107707569A/en active Pending
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101834866A (en) * | 2010-05-05 | 2010-09-15 | 北京来安科技有限公司 | CC (Communication Center) attack protective method and system thereof |
CN103152357A (en) * | 2013-03-22 | 2013-06-12 | 北京网御星云信息技术有限公司 | Defense method, device and system for DNS (Domain Name System) services |
CN103581363A (en) * | 2013-11-29 | 2014-02-12 | 杜跃进 | Method and device for controlling baleful domain name and illegal access |
CN103634315A (en) * | 2013-11-29 | 2014-03-12 | 杜跃进 | Front end control method and system of domain name server (DNS) |
CN103957195A (en) * | 2014-04-04 | 2014-07-30 | 上海聚流软件科技有限公司 | DNS system and defense method and device for DNS attack |
CN104468860A (en) * | 2014-12-04 | 2015-03-25 | 北京奇虎科技有限公司 | Method and device for recognizing risk of domain name resolution server |
CN104506538A (en) * | 2014-12-26 | 2015-04-08 | 北京奇虎科技有限公司 | Machine learning type domain name system security defense method and device |
CN106230861A (en) * | 2016-09-07 | 2016-12-14 | 上海斐讯数据通信技术有限公司 | A kind of router fire wall lower network access method and router |
CN108418780A (en) * | 2017-02-10 | 2018-08-17 | 阿里巴巴集团控股有限公司 | Filter method and device, system, the dns server of IP address |
CN107124434A (en) * | 2017-07-06 | 2017-09-01 | 中国互联网络信息中心 | A kind of discovery method and system of DNS malicious attacks flow |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108650244A (en) * | 2018-04-24 | 2018-10-12 | 网宿科技股份有限公司 | A kind of domain name analytic method, terminal and recurrence dns server |
CN112202776A (en) * | 2020-09-29 | 2021-01-08 | 中移(杭州)信息技术有限公司 | Source station protection method and network equipment |
CN113596186A (en) * | 2021-06-24 | 2021-11-02 | 北京网瑞达科技有限公司 | DNS access resolution method and system based on scene |
CN113596186B (en) * | 2021-06-24 | 2022-05-20 | 北京网瑞达科技有限公司 | DNS access resolution method and system based on scene |
CN114244593A (en) * | 2021-12-08 | 2022-03-25 | 杭州安恒信息技术股份有限公司 | DNS security defense method and system, electronic equipment and medium |
CN114244593B (en) * | 2021-12-08 | 2024-04-19 | 杭州安恒信息技术股份有限公司 | DNS security defense method and system, electronic equipment and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101662605B1 (en) | System and method for correlating network information with subscriber information in a mobile network environment | |
CN106330844B (en) | Cross-terminal login-free method and device | |
CN107707569A (en) | DNS request processing method and DNS systems | |
CN106936791B (en) | Method and device for intercepting malicious website access | |
US10419431B2 (en) | Preventing cross-site request forgery using environment fingerprints of a client device | |
CN106302308B (en) | Trust login method and device | |
CN103067385A (en) | Defensive method and firewall for session hijacking and attacking | |
CN105516080A (en) | Processing method, apparatus, and system for TCP connection | |
WO2014172956A1 (en) | Login method,apparatus, and system | |
CN103313429A (en) | Processing method for recognizing fabricated WIFI (Wireless Fidelity) hotspot | |
CN103379099A (en) | Hostile attack identification method and system | |
CN105939326A (en) | Message processing method and device | |
CN105162793A (en) | Method and apparatus for defending against network attacks | |
CN104796406A (en) | Method and device for identifying application | |
WO2020107446A1 (en) | Method and apparatus for obtaining attacker information, device, and storage medium | |
CN106713318B (en) | WEB site safety protection method and system | |
CN104348789A (en) | Web server and method for preventing cross-site scripting attack | |
EP3376740B1 (en) | Method and apparatus for acquiring ip address | |
CN105704120A (en) | Method for safe network access based on self-learning form | |
WO2016008212A1 (en) | Terminal as well as method for detecting security of terminal data interaction, and storage medium | |
KR20120084806A (en) | Method for detecting the hijacking of computer resources | |
CN105939320A (en) | Message processing method and device | |
US11062018B2 (en) | Platform for generation of passwords and/or email addresses | |
CN111225038B (en) | Server access method and device | |
CN102510386A (en) | Distributed attack prevention method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing Applicant after: Beijing Zhichuangyu Information Technology Co., Ltd. Address before: Room 803, Jinwei Building, 55 Lanindichang South Road, Haidian District, Beijing Applicant before: Beijing Knows Chuangyu Information Technology Co.,Ltd. |
|
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180216 |