CN109067936B - Domain name resolution method and device - Google Patents
Domain name resolution method and device Download PDFInfo
- Publication number
- CN109067936B CN109067936B CN201811034002.7A CN201811034002A CN109067936B CN 109067936 B CN109067936 B CN 109067936B CN 201811034002 A CN201811034002 A CN 201811034002A CN 109067936 B CN109067936 B CN 109067936B
- Authority
- CN
- China
- Prior art keywords
- domain name
- dns server
- public
- analyzed
- authoritative
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a domain name resolution method and a device, wherein the method comprises the steps that a public DNS server acquires domain name resolution request information sent by terminal equipment, sends a general domain name resolution request to an authoritative DNS server when judging that the domain name resolution request is attacked, then acquires general domain name response information sent by the authoritative DNS server, performs resolution response when the general domain name information responding to the domain name exists in a query cache, and stores general domain name information of the domain name to be resolved. The IP address corresponding to the domain name can be acquired in the local cache when the attack is received, the number of times of inquiring the authoritative DNS server is reduced, and the processing burden of the authoritative DNS server is lightened.
Description
Technical Field
The embodiment of the invention relates to the technical field of Domain Name System (DNS) resolution, in particular to a Domain Name resolution method and device.
Background
The DNS system is a distributed database on the Internet as a mutual mapping between domain names and Internet Protocol (IP) addresses, and enables users to access the Internet more conveniently. The importance of DNS as an addressing means for the vast majority of applications in the internet is self-evident.
In the current whole DNS system, a user terminal firstly designates a domain name to send a DNS query request to a public DNS server, the public DNS judges whether the domain name has a cache which is not overdue locally, if so, the public DNS directly responds to the user terminal for an IP address corresponding to the domain name, if not, the public DNS server needs to send a query to an authoritative DNS server corresponding to the domain name, after the IP address responded by the authoritative DNS server is obtained, the user terminal responds to the user terminal, and meanwhile, the IP address of the corresponding domain name is cached in the expiration time designated by the authoritative DNS server. The purpose of caching is to deal with the problem that a large number of user terminals initiate DNS queries for the same domain name in a short time.
With the development of high-performance transceiving and caching technologies, many DNS servers can better cope with a scenario of a large concurrent request, but defense against Distributed Denial of Service (DDoS) attacks is still a weak link. The DDoS attack can send DNS query requests to the public DNS server in a mode of generating random secondary domain names, because the domain names at each time are different, the cache mechanism of the public DNS cannot play a protection role, each query request is sent to the authoritative DNS server to be queried, and under the condition, the public DNS server and the authoritative DNS server simultaneously bear processing burden brought by the attack and occupy a large amount of system resources.
Disclosure of Invention
The embodiment of the invention provides a domain name resolution method and device, which are used for reducing the processing load of a DNS (domain name system) server when the DNS server is attacked by DDoS (distributed denial of service).
The method for domain name resolution provided by the embodiment of the invention comprises the following steps:
a public DNS server acquires a domain name resolution request message sent by terminal equipment, wherein the domain name resolution request message comprises a domain name to be resolved;
when the public DNS server judges that the public DNS server is attacked, a domain name resolution request is sent to an authoritative DNS server;
the public DNS server acquires a domain name response message sent by the authoritative DNS server;
and when the public DNS server inquires the domain name information responding to the domain name in the cache, analyzing the response and storing the domain name information of the domain name to be analyzed.
When the public DNS server is determined to be attacked, the public DNS server requests the authoritative DNS server for the domain name information corresponding to the domain name to be analyzed, and then stores the domain name information corresponding to the domain name to be analyzed, so that the IP address corresponding to the domain name can be acquired in a local cache when the public DNS server is attacked, the number of times of inquiring the authoritative DNS server is reduced, and the processing burden of the authoritative DNS server is relieved.
Optionally, when the public DNS server determines that the DNS server is attacked, sending a domain name resolution request to the authoritative DNS server includes:
and when the public server judges that the domain name suffix of the domain name to be analyzed is attacked by the distributed denial of service (DDoS), the public server sends a generic domain name analysis request to the authoritative DNS server.
Optionally, before the public DNS server sends the request for resolving the general domain name to the authoritative DNS server, the method further includes:
and when the public DNS server determines whether the domain name information of the domain name to be analyzed is stored, if so, sending the analysis content of the domain name to be analyzed to the terminal equipment according to the stored domain name information of the domain name to be analyzed.
When determining that the local domain name information of the domain name to be analyzed exists, the public DNS server can directly respond to the terminal equipment without inquiring the authoritative DNS server, so that the processing burden of the authoritative DNS server is reduced.
Optionally, the method further includes: when the public DNS server does not inquire the general domain name information of the response domain name in the cache, the public DNS server sends the analysis content of the domain name to be analyzed to the terminal equipment and stores the analysis content of the domain name to be analyzed, wherein the analysis content of the domain name to be analyzed is sent by the authoritative DNS server after determining that the general domain name information of the domain name to be analyzed is not found.
When the response message received by the public DNS server does not include the domain name information of the domain name to be resolved, the public DNS server indicates that the authoritative DNS server is not configured with the domain name information of the domain name to be resolved.
Optionally, the domain name resolution request is an extended DNS (Extension Mechanisms for DNS, EDNS) request message;
and the domain name general response message sent by the authoritative DNS server is an EDNS response message.
Correspondingly, the embodiment of the invention also provides a domain name resolution method, which comprises the following steps:
an authoritative DNS server acquires a domain name resolution request message sent by a public DNS server, wherein the domain name resolution request comprises a domain name to be resolved; the universal domain name resolution request is sent by the public DNS server when the public DNS server is judged to be attacked;
the authoritative DNS server searches the domain name information of the domain name to be resolved according to the domain name to be resolved;
and when determining that the domain name information of the domain name to be analyzed is found, the authoritative DNS server sends a domain name response message carrying the domain name information of the domain name to be analyzed to the public DNS server.
Optionally, the method further includes:
and when determining that the domain name information of the domain name to be analyzed is not found, the authoritative DNS server sends a response message carrying the analysis content of the domain name to be analyzed to the public DNS server.
Optionally, the universal domain name resolution request is sent by the public DNS server when the public DNS server is attacked by distributed denial of service DDoS and the domain name suffix of the domain name to be resolved is the domain name suffix of the DDoS attack.
Correspondingly, an embodiment of the present invention further provides a device for domain name resolution, including:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a domain name resolution request message sent by terminal equipment, and the domain name resolution request message comprises a domain name to be resolved;
the sending unit is used for sending a domain name resolution request to the authoritative DNS server when judging that the attack is received;
the obtaining unit is further configured to obtain a domain name response message sent by the authoritative DNS server;
and the processing unit is used for analyzing and responding when the domain name information responding to the domain name exists in the query cache, and storing the domain name information of the domain name to be analyzed.
Optionally, the processing unit is specifically configured to:
and when the domain name suffix subjected to the DDoS attack and the domain name suffix of the domain name to be analyzed is judged to be the domain name suffix subjected to the DDoS attack, sending a general domain name analysis request to the authoritative DNS server.
Optionally, the processing unit is further configured to:
before sending a domain name resolution request to the authoritative DNS server, determining whether to store domain name information of the domain name to be resolved, if so, controlling the sending unit to send resolution content of the domain name to be resolved to the terminal equipment according to the stored domain name information of the domain name to be resolved.
Optionally, the processing unit is further configured to:
when the domain name information responding to the domain name is not inquired in the cache, controlling the sending unit to send the analysis content of the domain name to be analyzed to the terminal equipment, and storing the analysis content of the domain name to be analyzed, wherein the analysis content of the domain name to be analyzed is sent by the authoritative DNS server after determining that the domain name information of the domain name to be analyzed is not found.
Optionally, the generic domain name resolution request is an EDNS request message;
and the domain name general response message sent by the authoritative DNS server is an EDNS response message.
Correspondingly, an embodiment of the present invention further provides a device for domain name resolution, including:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a domain name resolution request message sent by a public DNS server, and the domain name resolution request comprises a domain name to be resolved; the universal domain name resolution request is sent by the public DNS server when the public DNS server is judged to be attacked;
the processing unit is used for searching the domain name information of the domain name to be analyzed according to the domain name to be analyzed;
and the sending unit is used for sending a domain name response message carrying the domain name information of the domain name to be analyzed to the public DNS server when the processing unit determines that the domain name information of the domain name to be analyzed is found.
Optionally, the sending unit is further configured to:
and when the processing unit determines that the domain name information of the domain name to be analyzed is not found, sending a domain name response message carrying the analysis content of the domain name to be analyzed to the public DNS server.
Optionally, the universal domain name resolution request is sent by the public DNS server when the public DNS server is attacked by distributed denial of service DDoS and the domain name suffix of the domain name to be resolved is the domain name suffix of the DDoS attack.
Correspondingly, an embodiment of the present invention further provides a computing device, including:
a memory for storing program instructions;
and the processor is used for calling the program instruction stored in the memory and executing the domain name resolution method according to the obtained program.
Accordingly, an embodiment of the present invention further provides a computer-readable non-volatile storage medium, which includes computer-readable instructions, and when the computer-readable instructions are read and executed by a computer, the computer is caused to execute the above domain name resolution method.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a system architecture according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a domain name resolution method according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of a domain name resolution method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an apparatus for domain name resolution according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a domain name resolution apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 exemplarily shows a structure of a system architecture to which the method for domain name resolution provided by the embodiment of the present invention is applied, and the system architecture may include a terminal device 100, a public DNS server 200, and an authoritative DNS server 300. Wherein the terminal device 100 can communicate with the public DNS server 200 through a network, and the public DNS server 200 can communicate with the authoritative DNS server 300.
In the embodiment of the present invention, the terminal device 100 may be a device supporting domain name access, such as a Mobile phone, a bracelet, a tablet Computer, a notebook Computer, an Ultra-Mobile Personal Computer (UMPC), a Personal Digital Assistant (PDA) device, a vehicle-mounted device, a wearable device, and the like, and is not limited to a communication terminal.
The public DNS server 200 is configured to receive a domain name resolution request sent by the terminal device 100, and feed back a corresponding IP address after domain name resolution to the terminal device 100. The public DNS server 200 may query the authoritative DNS server 300 after determining that the IP address corresponding to the domain name requested by the terminal device 100 is not stored locally.
The public DNS server 20 may include an attack recognition module, a domain name information transmission module, a domain name information caching module, and a domain name information feedback module. The attack recognition module can be used for recognizing whether the domain name is attacked or not, and further judging whether the domain name is attacked or not aiming at the suffix of the same domain name if the attack is attacked. The domain name identification module is used for identifying whether domain name information is stored. The domain name information transmission module is used for communicating with the authoritative DNS server 300. The domain name information caching module is configured to cache domain name information or an IP address received from the authoritative DNS server 300. The domain name information feedback module is configured to feed back the corresponding IP address to the terminal device 100.
The authoritative DNS server 300 is configured to, after receiving the query request from the public DNS server 200, feed back the IP address after the corresponding domain name resolution to the public DNS server 200.
The authoritative DNS server 300 may include a domain name information transmission module, a domain name information query module, and a domain name information grouping module. The domain name information transfer module is used for communicating with the public DNS server 200. And the domain name information inquiry module is used for inquiring corresponding content according to the inquiry request transmitted by the public DNS server. And the domain name information packaging module is used for writing the inquired domain name information into the EDNS pseudo resource record part and forming a response message together with the DNS record.
Based on the above description, fig. 2 exemplarily shows a flow of domain name resolution, which may be performed by a domain name resolution apparatus, and the flow of domain name resolution will be described below by way of interaction of a terminal device, a public DNS server, and an authoritative DNS server.
As shown in fig. 2, the specific steps of the process include:
step 201, the terminal device sends a domain name resolution request message.
The domain name resolution request message may include a domain name to be resolved. The domain name resolution request message is sent when the terminal device needs to access the IP address corresponding to the domain name.
Step 202, when the public DNS server judges that the attack is received, the public DNS server sends a domain name resolution request to the authoritative DNS server.
After receiving a domain name resolution request message sent by a terminal device, a public DNS server may first determine whether the domain name resolution request message is attacked by DDoS, and if the domain name resolution request message is attacked by DDoS, it is also determined whether the domain name resolution request message is attacked by DDoS for the same domain name suffix, and when the domain name suffix for the same domain name suffix is determined, the public DNS server sends a general domain name resolution request to an authoritative DNS server, where the general domain name resolution request includes a domain name to be resolved sent by the terminal device. The public DNS server may determine whether a DDoS attack is currently received by the public DNS server according to the number of times of receiving a domain name resolution request message in a unit time, and the method is only an example, and the embodiment of the present invention is not limited to this.
The DDoS attack refers to that a plurality of terminal devices are combined together as an attack platform to attack one or more targets in a mode of randomly generating secondary domain names by means of a client/server technology, so that the power of denial of service attack is improved in a multiplied mode. When a DDoS attack is received, a public DNS server needs to send query requests to an authoritative DNS server all the time, so that the public DNS server and the authoritative DNS server need to bear huge processing burden.
In order to relieve the processing load, before the public DNS server sends the domain name resolution request to the authoritative DNS server, it may be determined whether the domain name information of the domain name to be resolved is locally stored, and when it is determined that the domain name information of the domain name to be resolved is not locally stored, the domain name resolution request is sent to the authoritative DNS server. Otherwise, the public DNS server may send the resolution content of the domain name to be resolved to the terminal device according to the locally stored domain name information of the domain name to be resolved.
For example, the domain name to be accessed by the terminal device is music.xxx.com, that is, the domain name to be resolved is music.xxx.com, and after receiving the resolution request message, the public DNS server finds that the domain name suffix xxx.com of the domain name to be resolved is the same as the domain name suffix of the DDoS attack, the public DNS server first determines whether the domain name information of the music.xxx.com is stored locally, in which case, the domain name information may include domain names belonging to the same domain name suffix and their commonly corresponding IP addresses, and the domain name may be represented as ·. When the public DNS server determines that the domain name information of the music.XXX.com is locally stored, the public DNS server can directly send resolution content corresponding to the music.XXX.com to the terminal equipment without sending a domain name resolution request to the authoritative DNS server. In the embodiment of the present invention, the resolution content corresponding to the domain name may be an IP address, for example, 111.111.111.111. When the public DNS server determines that the domain name information of the music.xxx.com is not stored locally, the public DNS server will send a domain name resolution request to the authoritative DNS server. The domain name to be resolved is music.XXX.com included in the request for generic domain name resolution.
It should be noted that the above-mentioned generic domain name resolution request may be an EDNS request message, where the generic domain name resolution request information is stored in a pseudo resource record of the EDNS request message.
The same domain name suffix may be suffixes in the form of xxx.com, xxx.xxx.xxx.com, xxx.xxx.xxx.xxx.xxx.com, etc., in the embodiments of the present invention, and is not limited to a few stages, but is merely an exemplary function.
Step 203, the authoritative DNS server searches the domain name information of the domain name to be resolved according to the domain name to be resolved.
After receiving the domain name resolution request sent by the public DNS server, the authoritative DNS server may search the domain name information of the domain name to be resolved according to the domain name to be resolved included in the domain name resolution request. When general domain names are configured, the authoritative DNS stores domain name information of the domain names, so that the resolution request of the domain names belonging to the same domain name suffix can be responded quickly.
Step 204, when determining that the domain name information of the domain name to be resolved is found, the authoritative DNS server sends a domain name response message carrying the domain name information of the domain name to be resolved to the public DNS server.
When searching the domain name information of the domain name to be resolved, the authoritative DNS server can send a domain name response message to the public DNS server, wherein the response message carries the domain name information of the domain name to be resolved. For example, the authoritative DNS server feeds back to the public DNS server the generic name information of music.xxx.com, also referred to as xxx.com and the IP address it points to.
If the authoritative DNS server does not find the domain name information of the domain name to be analyzed, the authoritative DNS server needs to directly feed back a domain name response message carrying the analysis content of the domain name to be analyzed to the public DNS server. Equivalently, the authoritative DNS server sends the IP address corresponding to the single domain name to the public DNS server, that is, only the authoritative DNS server needs to feed back the IP address at this time.
Step 205, when the public DNS server queries the domain name information corresponding to the domain name in the cache, the public DNS server performs resolution response and stores the domain name information of the domain name to be resolved.
After receiving the domain name response message sent by the authoritative DNS server, the public server caches the domain name response message, when querying the domain name message responding to the domain name in the cache, the public server analyzes the domain name response message, and then stores the domain name information of the domain name to be analyzed. After the domain name information of the domain name to be resolved is obtained, the resolving content of the domain name to be resolved can be sent to the terminal equipment according to the domain name information of the domain name to be resolved. For example, the generic domain name information is ×.xxx.com and the IP address pointed to by it, and the resolution content of the domain name to be resolved is the IP address pointed to by ×.xxx.com, also referred to as music.xxx.com.
If the public DNS server does not inquire that the cache has the domain name information responding to the domain name, the public DNS server indicates that the authoritative DNS server does not configure the domain name information corresponding to the domain name to be resolved, and the authoritative DNS server directly feeds back the resolution content of the domain name to be resolved, namely the IP address corresponding to the domain name to be resolved. At this time, the public DNS server stores the resolution content of the domain name to be resolved, and sends the stored resolution content to the terminal device.
It should be noted that, when the public DNS server stores the domain name information of the domain name to be resolved or the resolution content of the domain name to be resolved, the storage time may be set according to experience. The storage is to respond to domain name resolution requests initiated by a large number of terminal devices aiming at the domain name with the same domain name suffix or the same domain name in a short time, so that the times of initiating query to the authoritative DNS server by the public DNS server can be reduced, and the processing burden of the authoritative DNS server is reduced.
The process of domain name resolution provided in the embodiment of the invention can be compatible with the existing DNS system, when a public DNS server initiates an EDNS request with domain name information query to an authoritative DNS server, if the authoritative DNS server supports the request, the public DNS server responds to the content of domain name resolution and corresponding domain name information thereof; otherwise, the authoritative DNS server responds a message with a wrong format or failed resolution to the public DNS server, at the moment, the public DNS initiates a DNS request without the query of the general domain name information to the authoritative DNS, and the authoritative DNS server responds the content of domain name resolution to the public DNS server in a conventional mode.
In order to better explain the embodiment of the present invention, the following describes a process of domain name resolution in a specific implementation scenario.
As shown in fig. 3, the process specifically includes:
When accessing a certain website, the terminal device needs to send a domain name resolution request to the public DNS server, where the request includes a domain name requested to be resolved.
The public DNS server responds with a conventional domain name query.
In step 304, the public DNS server determines whether or not an attack is directed to the suffix of the same domain name, and if so, proceeds to step 305, otherwise, proceeds to step 306.
In step 305, the public DNS server determines whether the domain name suffix of the domain name requested to be resolved is the same as the attacked domain name suffix, if so, the process proceeds to step 307, otherwise, the process proceeds to step 306.
Other anti-attack countermeasures are used, step 306.
Public DNS servers use other anti-attack modes to handle.
And the public DNS server inquires whether the domain name information of the domain name requested to be resolved is locally stored.
And step 308, the public DNS server reads the IP address corresponding to the domain name in the cache and responds to the terminal equipment.
When the domain name information of the domain name which is locally stored and requested to be analyzed is inquired, the IP address corresponding to the domain name in the cache is read, and then the IP address is sent to the terminal equipment.
In step 309, the public DNS server initiates a DNS query request with a domain name request to the authoritative DNS server.
When the public DNS server queries the domain name information of the domain name which is not locally stored and requested to be analyzed, the public DNS server needs to query the authoritative DNS server, at this time, the part of the domain name information requested to be analyzed can be written into a pseudo resource record of the EDNS, and a DNS query request with a domain name request is sent to the authoritative DNS.
In step 310, the authoritative DNS server determines whether to acquire the domain name information, if so, the step 311 is performed, otherwise, the step 313 is performed.
And the authoritative DNS server judges whether the authoritative DNS server can acquire the general domain name information of the domain name requested to be analyzed, and if the authoritative DNS server can acquire the general domain name information, the authoritative DNS server can respond to the public DNS server.
In step 311, the authoritative DNS server responds the acquired domain name information to the public DNS server.
And the authoritative DNS server writes the acquired information of the domain name into a pseudo resource record of the EDNS, and the information and the IP address corresponding to the domain name form a response message which is responded to the public DNS server.
In step 312, the public DNS server records the domain name information in the cache, and responds an IP address corresponding to the domain name to the terminal device.
After receiving the response message sent by the authoritative DNS server, the public DNS server caches the information of the domain name and then responds the IP address corresponding to the domain name to the terminal equipment.
If the authoritative DNS server does not acquire the general domain name information of the domain name requested to be analyzed, the authoritative DNS server directly responds to the public DNS server for the IP address of the domain name requested to be analyzed.
In step 314, the public DNS server records the IP address corresponding to the single domain name in the cache, and responds the IP address corresponding to the single domain name to the terminal device.
After receiving the IP address of the domain name requested to be resolved by the authoritative DNS server, the public DNS server caches the IP address and responds the IP address to the terminal equipment.
The above embodiments show that, when a public DNS server is determined to be attacked by DDoS, by requesting the authoritative DNS server for the domain name information of the domain name to be resolved and then storing the domain name information of the domain name to be resolved, it is possible to obtain an IP address corresponding to the domain name in a local cache when the public DNS server is attacked by DDoS, thereby reducing the number of times of querying the authoritative DNS server and reducing the processing load of the authoritative DNS server.
Based on the same technical concept, fig. 4 exemplarily shows a structure of a device 40 for domain name resolution according to an embodiment of the present invention, where the device 40 may perform a process of domain name resolution, and the device may be located in or be a public DNS server.
As shown in fig. 4, the apparatus 40 specifically includes:
an obtaining unit 401, configured to obtain a domain name resolution request message sent by a terminal device, where the domain name resolution request message includes a domain name to be resolved;
a sending unit 402, configured to send a domain name resolution request to an authoritative DNS server when it is determined that the attack is received;
the obtaining unit 401 is further configured to obtain a domain name response message sent by the authoritative DNS server;
the processing unit 403 is configured to perform an analysis response when the domain name information of the response domain name exists in the query cache, and store the domain name information of the domain name to be analyzed.
Optionally, the processing unit 403 is specifically configured to:
and when the domain name suffix subjected to the DDoS attack and the domain name suffix of the domain name to be analyzed is judged to be the domain name suffix subjected to the DDoS attack, sending a general domain name analysis request to the authoritative DNS server.
Optionally, the processing unit 403 is further configured to:
before sending a domain name resolution request to the authoritative DNS server, when determining whether to store domain name information of the domain name to be resolved, if so, controlling the sending unit 402 to send resolution content of the domain name to be resolved to the terminal device according to the stored domain name information of the domain name to be resolved.
Optionally, the processing unit 403 is further configured to:
when the domain name information of the response domain name is not inquired in the cache, the sending unit 402 is controlled to send the analysis content of the domain name to be analyzed to the terminal device, and the analysis content of the domain name to be analyzed is stored, wherein the analysis content of the domain name to be analyzed is sent by the authoritative DNS server after determining that the domain name information of the domain name to be analyzed is not found.
Optionally, the domain name resolution request is an extended DNS mechanism EDNS request message;
and the domain name general response message sent by the authoritative DNS server is an EDNS response message.
Based on the same technical concept, fig. 5 exemplarily shows a structure of an apparatus 50 for domain name resolution according to an embodiment of the present invention, where the apparatus 50 may be located in an authoritative DNS server or the authoritative DNS server.
As shown in fig. 5, the apparatus 50 specifically includes:
an obtaining unit 501, configured to obtain a domain name resolution request message sent by a public DNS server, where the domain name resolution request includes a domain name to be resolved; the universal domain name resolution request is sent by the public DNS server when the public DNS server is judged to be attacked;
a processing unit 502, configured to search, according to the domain name to be resolved, the domain name information of the domain name to be resolved;
a sending unit 503, configured to send a domain name response message carrying domain name information of the domain name to be resolved to the public DNS server when the processing unit 502 determines that the domain name information of the domain name to be resolved is found.
Optionally, the sending unit 503 is further configured to:
when the processing unit 502 determines that the domain name information of the domain name to be resolved is not found, it sends a domain name response message carrying the resolution content of the domain name to be resolved to the public DNS server.
Optionally, the universal domain name resolution request is sent by the public DNS server when the public DNS server is attacked by distributed denial of service DDoS and the domain name suffix of the domain name to be resolved is the domain name suffix of the DDoS attack.
Based on the same technical concept, an embodiment of the present invention further provides a computing device, including:
a memory for storing program instructions;
and the processor is used for calling the program instruction stored in the memory and executing the domain name resolution method according to the obtained program.
Based on the same technical concept, the embodiment of the present invention also provides a computer-readable non-volatile storage medium, which includes computer-readable instructions, and when the computer reads and executes the computer-readable instructions, the computer is caused to execute the above domain name resolution method.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (8)
1. A method of domain name resolution, comprising:
a public Domain Name System (DNS) server acquires a domain name resolution request message sent by terminal equipment, wherein the domain name resolution request message comprises a domain name to be resolved;
when the public DNS server judges that the public DNS server is attacked, a domain name resolution request is sent to an authoritative DNS server;
the public DNS server acquires a domain name response message sent by the authoritative DNS server;
when the public DNS server inquires the domain name information responding to the domain name in the cache, analyzing the response, and storing the domain name information of the domain name to be analyzed;
when the public DNS server judges that the public DNS server is attacked, a domain name resolution request is sent to an authoritative DNS server, and the method comprises the following steps:
and when the public DNS server judges that the distributed denial of service (DDoS) attack aiming at the same domain name suffix is received and the domain name suffix of the domain name to be analyzed is the domain name suffix of the DDoS attack, the public DNS server sends the universal domain name analysis request to the authoritative DNS server, wherein the universal domain name analysis request comprises the domain name to be analyzed.
2. The method of claim 1, wherein the public DNS server, prior to sending the request for domain name resolution to the authoritative DNS server, further comprises:
and when the public DNS server determines whether the domain name information of the domain name to be analyzed is stored, if so, sending the analysis content of the domain name to be analyzed to the terminal equipment according to the stored domain name information of the domain name to be analyzed.
3. The method of claim 1, further comprising: when the public DNS server does not inquire the general domain name information of the response domain name in the cache, the public DNS server sends the analysis content of the domain name to be analyzed to the terminal equipment and stores the analysis content of the domain name to be analyzed, wherein the analysis content of the domain name to be analyzed is sent by the authoritative DNS server after determining that the general domain name information of the domain name to be analyzed is not found.
4. A method according to any one of claims 1 to 3, wherein the generic domain name resolution request is an extended DNS mechanism, EDNS, request message;
and the domain name general response message sent by the authoritative DNS server is an EDNS response message.
5. A method of domain name resolution, comprising:
an authoritative domain name system DNS server acquires a universal domain name resolution request sent by a public DNS server, wherein the universal domain name resolution request comprises a domain name to be resolved; the universal domain name resolution request is sent by the public DNS server when judging that the public DNS server is attacked by distributed denial of service (DDoS) aiming at the same domain name suffix and the domain name suffix of the domain name to be resolved is the domain name suffix of the DDoS attack;
the authoritative DNS server searches the domain name information of the domain name to be resolved according to the domain name to be resolved;
and when determining that the domain name information of the domain name to be analyzed is found, the authoritative DNS server sends a domain name response message carrying the domain name information of the domain name to be analyzed to the public DNS server.
6. The method of claim 5, further comprising:
and when determining that the domain name information of the domain name to be analyzed is not found, the authoritative DNS server sends a response message carrying the analysis content of the domain name to be analyzed to the public DNS server.
7. A computing device, comprising:
a memory for storing program instructions;
a processor for calling program instructions stored in said memory to execute the method of any one of claims 1 to 6 in accordance with the obtained program.
8. A computer-readable non-transitory storage medium including computer-readable instructions which, when read and executed by a computer, cause the computer to perform the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811034002.7A CN109067936B (en) | 2018-09-05 | 2018-09-05 | Domain name resolution method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811034002.7A CN109067936B (en) | 2018-09-05 | 2018-09-05 | Domain name resolution method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109067936A CN109067936A (en) | 2018-12-21 |
| CN109067936B true CN109067936B (en) | 2021-08-06 |
Family
ID=64759714
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811034002.7A Expired - Fee Related CN109067936B (en) | 2018-09-05 | 2018-09-05 | Domain name resolution method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109067936B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111092966B (en) * | 2019-12-30 | 2022-04-26 | 中国联合网络通信集团有限公司 | Domain name system, domain name access method and device |
| CN111953802A (en) * | 2020-07-06 | 2020-11-17 | 网宿科技股份有限公司 | Domain name resolution method, system, equipment and storage medium |
| CN112929463A (en) * | 2021-01-26 | 2021-06-08 | 网宿科技股份有限公司 | Traffic proxy method, server and system based on DNS (Domain name System) |
| CN113452808B (en) * | 2021-06-29 | 2023-06-23 | 百果园技术(新加坡)有限公司 | Domain name resolution method, device, equipment and storage medium |
| CN113810518A (en) * | 2021-09-15 | 2021-12-17 | 北京知道未来信息技术有限公司 | Effective sub-domain name recognition method and device and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102724129A (en) * | 2012-06-28 | 2012-10-10 | 奇智软件(北京)有限公司 | Device and method for queue scheduling and access controlling of extensive domain names |
| CN102882892A (en) * | 2012-10-26 | 2013-01-16 | 杭州迪普科技有限公司 | Method and device for protecting DNS (Domain Name Server) |
| CN103501358A (en) * | 2013-09-18 | 2014-01-08 | 北京蓝汛通信技术有限责任公司 | Domain name hosting management method and device |
| WO2017196558A1 (en) * | 2016-05-11 | 2017-11-16 | Cisco Technology, Inc. | Short term certificate management during distributed denial of service attacks |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7421489B2 (en) * | 2000-12-29 | 2008-09-02 | Nortel Network Limited | Network protocols for distributing functions within a network |
-
2018
- 2018-09-05 CN CN201811034002.7A patent/CN109067936B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102724129A (en) * | 2012-06-28 | 2012-10-10 | 奇智软件(北京)有限公司 | Device and method for queue scheduling and access controlling of extensive domain names |
| CN102882892A (en) * | 2012-10-26 | 2013-01-16 | 杭州迪普科技有限公司 | Method and device for protecting DNS (Domain Name Server) |
| CN103501358A (en) * | 2013-09-18 | 2014-01-08 | 北京蓝汛通信技术有限责任公司 | Domain name hosting management method and device |
| WO2017196558A1 (en) * | 2016-05-11 | 2017-11-16 | Cisco Technology, Inc. | Short term certificate management during distributed denial of service attacks |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109067936A (en) | 2018-12-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109067936B (en) | Domain name resolution method and device | |
| US11909639B2 (en) | Request routing based on class | |
| JP5697675B2 (en) | System and method for increasing data communication speed and efficiency | |
| US9479476B2 (en) | Processing of DNS queries | |
| CN103281409B (en) | Based on mobile Internet domain name analytic method and the dns server of Transmission Control Protocol | |
| EP2985705A2 (en) | Webpage access method and apparatus, and router | |
| EP3170091B1 (en) | Method and server of remote information query | |
| CN107786621B (en) | User information management method, access processing method, device and system | |
| CN110430188B (en) | Rapid URL filtering method and device | |
| WO2020228038A1 (en) | Domain name processing method, apparatus, electronic device, and storage medium | |
| CN113452808B (en) | Domain name resolution method, device, equipment and storage medium | |
| US20170171147A1 (en) | Method and electronic device for implementing domain name system | |
| US20170289243A1 (en) | Domain name resolution method and electronic device | |
| CN110764688B (en) | Method and device for processing data | |
| CN112532732B (en) | Session processing method and device based on HTTPS | |
| CN107070988A (en) | Message processing method and device | |
| CN111813826A (en) | WHOIS query method, system and storage medium | |
| CN113315852B (en) | Domain name resolution method, device and system | |
| CN108494870B (en) | CDN-based dynamic data loading method and device | |
| CN113127420B (en) | Metadata request processing method, device, equipment and medium | |
| CN106411978B (en) | Resource caching method and device | |
| CN108055299B (en) | Portal page pushing method, network access server and Portal authentication system | |
| CN110933193B (en) | Domain name resolution method and device, electronic equipment and computer readable storage medium | |
| JP6484166B2 (en) | Name resolution device, name resolution method, and name resolution program | |
| CN110324436B (en) | Proxy method and device for transport layer proxy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210806 |