CN112738296B - Domain name resolution method and domain name resolution system - Google Patents
Domain name resolution method and domain name resolution system Download PDFInfo
- Publication number
- CN112738296B CN112738296B CN202110228883.1A CN202110228883A CN112738296B CN 112738296 B CN112738296 B CN 112738296B CN 202110228883 A CN202110228883 A CN 202110228883A CN 112738296 B CN112738296 B CN 112738296B
- Authority
- CN
- China
- Prior art keywords
- domain name
- name resolution
- request
- response information
- dns node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a domain name resolution method and a domain name resolution system. The cloud DNS node can be in a normal working state all the time due to good performance of the cloud DNS node (such as capability of resisting various attacks, large bandwidth, strong capability and the like), so that the cloud DNS node can always transmit a domain name resolution request sent by a local DNS server to an authoritative DNS node all the time, and the authoritative DNS node can always provide domain name resolution service normally, and therefore the phenomenon that the authoritative DNS node cannot normally provide the domain name resolution service due to the fact that a plurality of NS servers cannot normally work can be effectively avoided, and domain name resolution experience of a user can be effectively improved.
Description
Technical Field
The present application relates to the field of internet technologies, and in particular, to a domain name resolution method and a domain name resolution system.
Background
With the rapid development of internet technology, the security of a Domain Name System (DNS) becomes more and more important.
Currently, an authoritative DNS node may publish a plurality of NS (Name System, domain Name server record) servers to the outside in each authorized domain, and the authoritative DNS node may normally provide domain Name resolution services only if one NS server exists among the plurality of NS servers and can normally operate.
However, if all the NS servers fail to operate normally due to an abnormal failure, the authoritative DNS node cannot provide the domain name resolution service normally.
Disclosure of Invention
In order to solve the technical problems in the prior art, the present application provides a domain name resolution method and a domain name resolution system, which can effectively avoid that an authoritative DNS node cannot normally provide domain name resolution service due to the failure of a plurality of NS servers to normally operate, and thus can ensure that the authoritative DNS node can always normally respond to a domain name resolution request.
In order to achieve the above purpose, the technical solutions provided in the embodiments of the present application are as follows:
the embodiment of the application provides a domain name resolution method, which is applied to a domain name resolution system, wherein the domain name resolution system comprises a local DNS server, a cloud DNS node and an authoritative DNS node corresponding to a request terminal, and the method comprises the following steps:
the request terminal sends a first domain name resolution request to the cloud DNS node through a local DNS server corresponding to the request terminal;
the cloud DNS node generates a second domain name resolution request according to the first domain name resolution request and the first IP address, so that the second domain name resolution request carries the first IP address; the first IP address refers to the IP address of a local DNS server corresponding to the request terminal;
the cloud DNS node sends the second domain name resolution request to the authoritative DNS node;
the authoritative DNS node generates first domain name resolution response information according to the second domain name resolution request and the first IP address carried by the second domain name resolution request;
the authoritative DNS node sends the first domain name resolution response information to the cloud DNS node;
the cloud DNS node generates second domain name resolution response information according to the first domain name resolution response information;
and the cloud DNS node sends the second domain name resolution response information to a local DNS server corresponding to the request terminal, so that the local DNS server corresponding to the request terminal carries out domain name resolution feedback to the request terminal according to the second domain name resolution response information.
In one possible embodiment, the authoritative DNS node includes a generic server and a global traffic management GTM device;
the generation process of the first domain name resolution response information comprises the following steps:
the universal server generates a third domain name resolution request according to the second domain name resolution request, and extracts the first IP address from the second domain name resolution request as a source address of the third domain name resolution request;
the general server sends the third domain name resolution request to the GTM equipment according to the source address of the third domain name resolution request;
the GTM equipment performs domain name resolution according to the third domain name resolution request to generate third domain name resolution response information;
the GTM equipment sends the third domain name resolution response information to the general server;
and the universal server generates the first domain name resolution response information according to the third domain name resolution response information.
In one possible embodiment, the authoritative DNS node includes a load balancing unit, N general servers, and M GTM devices; n is a positive integer, M is a positive integer;
the generation process of the first domain name resolution response information comprises the following steps:
after the load balancing unit receives the second domain name resolution request, the load balancing unit selects a target universal server from the N universal servers and forwards the second domain name resolution request to the target universal server;
the target universal server generates a fourth domain name resolution request according to the second domain name resolution request, and extracts the first IP address from the second domain name resolution request as a source address of the fourth domain name resolution request;
the target universal server sends the fourth domain name resolution request to the load balancing unit according to the source address of the fourth domain name resolution request;
the load balancing unit selects a target GTM device from the M GTM devices, and forwards the fourth domain name resolution request to the target GTM device;
the target GTM equipment performs domain name resolution according to the fourth domain name resolution request to generate fourth domain name resolution response information;
the target GTM device sends the fourth domain name resolution response information to the load balancing unit, so that the load balancing unit forwards the fourth domain name resolution response information to the target general server;
and the target general server generates the first domain name resolution response information according to the fourth domain name resolution response information.
In a possible implementation manner, if the second domain name resolution request carries security check information, the first domain name resolution response information is generated according to the second domain name resolution request, the first IP address carried by the second domain name resolution request, and the security check information carried by the second domain name resolution request, so that the first domain name resolution response information carries the security check information;
after the authoritative DNS node sends the first domain name resolution response information to the cloud DNS node, the method further includes:
the cloud DNS node judges whether the security check information carried by the first domain name resolution response information is matched with the security check information carried by the second domain name resolution request;
the cloud DNS node generates second domain name resolution response information according to the first domain name resolution response information, including:
after the cloud DNS node determines that the security check information carried by the first domain name resolution response information is successfully matched with the security check information carried by the second domain name resolution request, the cloud DNS node generates second domain name resolution response information according to the first domain name resolution response information.
In one possible embodiment, the authoritative DNS node comprises a washing device equipped with a distributed denial of service attack unit;
and the cleaning equipment is used for judging whether the network flow of the authoritative DNS node reaches an attack flow threshold value in real time, and if so, dragging and cleaning the network flow.
In one possible embodiment, the authoritative DNS node includes a high-level firewall unit;
the high-level firewall unit is used for acquiring a daily request baseline of a request sending end and/or a daily request upper limit of the authoritative DNS node, and determining whether the authoritative DNS node is attacked or not according to the daily request baseline of the request sending end and/or the daily request upper limit of the authoritative DNS node.
The embodiment of the present application further provides a domain name resolution system, where the domain name resolution system includes any implementation manner of a local DNS server corresponding to the request terminal provided in the embodiment of the present application, any implementation manner of a cloud DNS node provided in the embodiment of the present application, and any implementation manner of an authoritative DNS node provided in the embodiment of the present application.
An embodiment of the present application further provides an apparatus, where the apparatus includes a processor and a memory:
the memory is used for storing a computer program;
the processor is configured to execute any implementation manner of the domain name resolution method provided by the embodiment of the application according to the computer program.
The embodiment of the present application further provides a computer-readable storage medium, where the computer-readable storage medium is used to store a computer program, and the computer program is used to execute any implementation manner of the domain name resolution method provided in the embodiment of the present application.
The embodiment of the present application further provides a computer program product, and when the computer program product runs on a terminal device, the terminal device is enabled to execute any implementation manner of the domain name resolution method provided in the embodiment of the present application.
Compared with the prior art, the embodiment of the application has at least the following advantages:
in the domain name resolution method and the domain name resolution system provided by the embodiment of the application, after a request terminal sends a first domain name resolution request to a cloud DNS node through a local DNS server corresponding to the request terminal, the cloud DNS node generates a second domain name resolution request according to the first domain name resolution request and a first IP address, so that the second domain name resolution request carries the first IP address; the first IP address refers to the IP address of a local DNS server corresponding to the request terminal; secondly, the cloud DNS node sends a second domain name resolution request to the authoritative DNS node, and the authoritative DNS node generates first domain name resolution response information according to the second domain name resolution request and a first IP address carried by the second domain name resolution request; and then, the authoritative DNS node sends first domain name resolution response information to the cloud DNS node, and the cloud DNS node sends second domain name resolution response information to the local DNS server corresponding to the request terminal, so that the local DNS server corresponding to the request terminal carries out domain name resolution feedback to the request terminal according to the second domain name resolution response information. Therefore, the domain name resolution request sent by the local DNS server corresponding to the request terminal is transmitted to the authoritative DNS node by the cloud DNS node.
The cloud DNS node can be in a normal working state all the time due to good performance of the cloud DNS node (such as capability of resisting various attacks, large bandwidth, strong capability and the like), so that the cloud DNS node can always transmit a domain name resolution request sent by a local DNS server to an authoritative DNS node all the time, and the authoritative DNS node can always provide domain name resolution service normally, and therefore the phenomenon that the authoritative DNS node cannot normally provide the domain name resolution service due to the fact that a plurality of NS servers cannot normally work can be effectively avoided, and domain name resolution experience of a user can be effectively improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic structural diagram of a domain name resolution system according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a domain name resolution method according to an embodiment of the present application;
fig. 3 is a schematic performance diagram of a cloud DNS node according to an embodiment of the present application;
fig. 4 is a schematic diagram of a domain name resolution process according to an embodiment of the present application;
fig. 5 is a schematic diagram of security verification information provided in an embodiment of the present application;
fig. 6 is a schematic view of an operating principle of a cleaning apparatus provided in an embodiment of the present application.
Detailed Description
The inventor finds in research on an authoritative DNS node that, if the plurality of NS servers all fail to operate normally due to an abnormal fault, a domain name resolution request sent by a local DNS server cannot be transmitted to the authoritative DNS node through the plurality of NS servers, so that the authoritative DNS node cannot perform domain name resolution feedback for the domain name resolution request sent by the local DNS server, and thus the authoritative DNS node cannot provide a domain name resolution service normally.
The inventor also finds that, in the research on the authoritative DNS node, as long as it is ensured that the domain name resolution request sent by the local DNS server can be always transmitted to the authoritative DNS node, it can be avoided that the authoritative DNS node cannot normally provide the domain name resolution service due to the failure of the plurality of NS servers to normally operate.
Based on this, in order to solve the above technical problem, an embodiment of the present application provides a domain name resolution method, which specifically includes: after a request terminal sends a first domain name resolution request to a cloud DNS node through a local DNS server corresponding to the request terminal, the cloud DNS node generates a second domain name resolution request according to the first domain name resolution request and a first IP address, so that the second domain name resolution request carries the first IP address; the first IP address refers to the IP address of a local DNS server corresponding to the request terminal; secondly, the cloud DNS node sends a second domain name resolution request to the authoritative DNS node, and the authoritative DNS node generates first domain name resolution response information according to the second domain name resolution request and a first IP address carried by the second domain name resolution request; and then, the authoritative DNS node sends first domain name resolution response information to the cloud DNS node, and the cloud DNS node sends second domain name resolution response information to a local DNS server corresponding to the request terminal, so that the local DNS server corresponding to the request terminal carries out domain name resolution feedback to the request terminal according to the second domain name resolution response information. Therefore, the domain name resolution request sent by the local DNS server corresponding to the request terminal is transmitted to the authoritative DNS node by the cloud DNS node.
Therefore, the cloud DNS node can be in a normal working state all the time due to good performance of the cloud DNS node (such as capability of resisting various attacks, large bandwidth, strong capability and the like), so that the cloud DNS node can always transmit the domain name resolution request sent by the local DNS server to the authoritative DNS node all the time, and the authoritative DNS node can always perform domain name resolution feedback aiming at the domain name resolution request sent by the local DNS server, thereby effectively avoiding the phenomenon that the authoritative DNS node cannot normally provide domain name resolution service due to the fact that a plurality of NS servers cannot normally work, and effectively improving the domain name resolution experience of a user.
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In order to facilitate understanding of the technical solution provided by the embodiment of the present application, a domain name resolution method used by the domain name resolution system is described below with reference to the structure and the working principle of the domain name resolution system shown in fig. 1. Fig. 1 is a schematic structural diagram of a domain name resolution system according to an embodiment of the present disclosure.
As shown in fig. 1, a domain name resolution system 100 provided in the embodiment of the present application includes a local DNS server 101, a cloud DNS node 102, and an authoritative DNS node 103 corresponding to a requesting terminal. Wherein the content of the first and second substances,
the cloud DNS node 102 is configured to generate a second domain name resolution request according to the first domain name resolution request and the first IP address after the request terminal sends the first domain name resolution request to the cloud DNS node 102 through the local DNS server 101 corresponding to the request terminal, so that the second domain name resolution request carries the first IP address; the first IP address refers to the IP address of a local DNS server corresponding to the request terminal;
the cloud DNS node 102 is further configured to send a second domain name resolution request to the authoritative DNS node 103;
the authoritative DNS node 103 is used for generating first domain name resolution response information according to the second domain name resolution request and the first IP address carried by the second domain name resolution request;
the authoritative DNS node 103 is further configured to send first domain name resolution response information to the cloud DNS node 102;
the cloud DNS node 102 is further configured to generate second domain name resolution response information according to the first domain name resolution response information;
the cloud DNS node 102 is further configured to send second domain name resolution response information to the local DNS server corresponding to the request terminal, so that the local DNS server corresponding to the request terminal performs domain name resolution feedback to the request terminal according to the second domain name resolution response information.
For ease of understanding, the operation principle of the domain name resolution system 100 is described below with reference to the domain name resolution method shown in fig. 2. Fig. 2 is a flowchart of a domain name resolution method according to an embodiment of the present disclosure.
The domain name resolution method applied to the domain name resolution system 100 provided by the embodiment of the application includes steps S1-S7:
s1: the request terminal sends a first domain name resolution request to the cloud DNS node 102 through the local DNS server 101 corresponding to the request terminal.
The request terminal is a client used for triggering a domain name resolution request; the embodiment of the present application is not limited to the requesting terminal, and the requesting terminal may be a mobile terminal, for example.
The local DNS server 101 corresponding to the requesting terminal is configured to process a domain name resolution request triggered by the requesting terminal. In addition, the IP address of the local DNS server 101 corresponding to the requesting terminal may be a first IP address (e.g., IPA in fig. 4).
The first domain name resolution request is generated by the local DNS server 101 corresponding to the requesting terminal according to the domain name resolution request triggered by the requesting terminal.
Based on the relevant content of S1, after the user triggers the target domain name resolution request on the requesting terminal, the requesting terminal may send the target domain name resolution request to the local DNS server 101 corresponding to the requesting terminal, so that the local DNS server 101 corresponding to the requesting terminal generates a first domain name resolution request according to the target domain name resolution request, so that the first domain name resolution request carries domain name access information (e.g., a domain name accessed by the user) carried in the target domain name resolution request.
S2: the cloud DNS node 102 generates a second domain name resolution request according to the first domain name resolution request and the first IP address, so that the second domain name resolution request carries the first IP address.
The cloud DNS node 102 is a DNS node with better performance; moreover, the structure of the cloud DNS node 102 is not limited in the embodiments of the present application, for example, in order to ensure that the cloud DNS node 102 has better performance, the cloud DNS node 102 may adopt the same bgp anycast architecture as the DNS root node and may multiplex the same IP address (as shown in fig. 3).
The second domain name resolution request is generated by the cloud DNS node 102 according to the first domain name resolution request and the first IP address (that is, the IP address of the local DNS server 101 corresponding to the requesting terminal), so that the second domain name resolution request carries the domain name access information and the first IP address.
Based on the relevant content of S2, after the cloud DNS node 102 receives the first domain name resolution request sent by the local DNS server 101 corresponding to the requesting terminal, the cloud DNS node 102 may generate a second domain name resolution request according to the first domain name resolution request and the IP address of the local DNS server 101, so that the second domain name resolution request carries the IP address of the local DNS server 101, and the subsequent authoritative DNS node 103 can learn the IP address of the local DNS server 101 from the second domain name resolution request.
S3: the cloud DNS node 102 sends a second domain name resolution request to the authoritative DNS node 103.
In this embodiment, after the cloud DNS node 102 generates the second domain name resolution request, the cloud DNS node 102 may send the second domain name resolution request to the authoritative DNS node 103, so that the authoritative DNS node 103 can perform domain name resolution feedback according to the second domain name resolution request.
S4: the authoritative DNS node 103 generates first domain name resolution response information according to the second domain name resolution request and the first IP address carried by the second domain name resolution request.
The first domain name resolution response information refers to a domain name resolution result (for example, an IP address having a mapping relationship with a domain name visited by the user) fed back by the authoritative DNS node 103 with respect to the domain name access information carried in the second domain name resolution request.
In addition, the embodiment of S4 is not limited to the present example, and for the convenience of understanding, the following description will be made with reference to two possible embodiments.
In a first possible implementation, if the authoritative DNS node 103 includes a general server and a Global Traffic Manager (GTM) device, the S4 may specifically include S4a1-S4a 5:
S4A 1: and the universal server generates a third domain name resolution request according to the second domain name resolution request, and extracts the first IP address from the second domain name resolution request as a source address of the third domain name resolution request.
The universal server is used for replacing the source address of the second domain name resolution request with the IP address of the local DNS server corresponding to the request terminal. That is, the universal server is configured to strip the IP address of the cloud DNS node from the domain name resolution request, so that the GTM does not know the transmission process of the domain name resolution request, and thus the GTM still performs domain name resolution according to the conventional domain name resolution method. Therefore, the GTM can still be implemented by adopting the existing structure without changing, and the resource consumption of system upgrading can be effectively reduced.
The third domain name resolution request is generated by the general server according to the second domain name resolution request, so that the third domain name resolution request carries the domain name access information.
The source address of the third domain name resolution request refers to a source address used by the universal server to send the third domain name resolution request, so that the subsequent GTM device considers that the sending end of the third domain name resolution request is the local DNS server 101 corresponding to the request terminal.
Based on the above-mentioned correlation of S4a1, for an authoritative DNS node 103 that includes a generic server and GTM devices, after the authoritative DNS node 103 receives the second domain name resolution request sent by the cloud DNS node 102, the generic server in the authoritative DNS node 103 may generate a third domain name resolution request from the second domain name resolution request, and the first IP address carried by the second domain name resolution request is used as the source address of the third domain name resolution request, so that the general server can send the third domain name resolution request to the GTM device as its source address, this enables the IP address of the cloud DNS node to be stripped from the domain name resolution request by the generic server, so that the subsequent GTM device may consider the sender of the third domain name resolution request to be the local DNS server 101 corresponding to the requesting terminal, instead of the cloud DNS node, the GTM device may still perform domain name resolution according to the conventional domain name resolution method.
S4A 2: and the universal server sends the third domain name resolution request to the GTM equipment according to the source address of the third domain name resolution request.
In this embodiment, for the authoritative DNS node 103 including the general server and the GTM device, after the general server generates a third domain name resolution request and determines that a source address of the third domain name resolution request is the first IP address, the general server sends the third domain name resolution request to the GTM device by using the first IP address, so that the GTM device can consider that a sending end of the third domain name resolution request is the local DNS server 101 corresponding to the request terminal, and can perform domain name resolution feedback for the third domain name resolution request.
S4A 3: and the GTM equipment performs domain name resolution according to the third domain name resolution request to generate third domain name resolution response information.
The third domain name resolution response information refers to a domain name resolution result (for example, an IP address having a mapping relationship with the domain name visited by the user) fed back by the GTM device with respect to the domain name access information carried in the third domain name resolution request.
Based on the relevant content of S4a3, for an authoritative DNS node 103 including a general server and a GTM device, after the GTM device receives a third domain name resolution request sent by the general server, the GTM device may perform domain name resolution according to the domain name access information carried in the third domain name resolution request, to obtain third domain name resolution response information, so that the third domain name resolution response information carries a domain name resolution result determined by the GTM device for the domain name access information.
S4A 4: and the GTM equipment sends third domain name resolution response information to the general server.
In this embodiment, for the authoritative DNS node 103 including the general server and the GTM device, after the GTM device generates the third domain name resolution response information, the GTM device sends the third domain name resolution response information to the general server, so that the subsequent general server can transmit the domain name resolution result carried in the third domain name resolution response information to the local DNS server 101 corresponding to the request terminal by means of the cloud DNS node 102.
S4A 5: and the universal server generates first domain name resolution response information according to the third domain name resolution response information.
In this embodiment, for the authoritative DNS node 103 including the general server and the GTM device, after the general server receives the third domain name resolution response information sent by the GTM device, the general server may generate the first domain name resolution response information according to the third domain name resolution response information, so that the first domain name resolution response information carries the domain name resolution result.
In addition, the embodiment of the present application does not limit the process for determining the destination address of the first domain name resolution response information, for example, in a possible implementation manner, the process for determining the destination address of the first domain name resolution response information may specifically be: and when the universal server determines that the third domain name resolution response information corresponds to the second domain name resolution request according to the session information of the universal server, determining the source address of the second domain name resolution request as the destination address of the first domain name resolution response information, so that the universal server sends the first domain name resolution response information to the cloud DNS node according to the destination address of the first domain name resolution response information.
It should be noted that, the embodiments of the present application do not limit the technical content related to the session information of the general-purpose server, and can be implemented by using the existing technology. For example, for a generic server, after the generic server receives the second domain name resolution request, the general server may establish a session based on the second domain name resolution request and record the port number of the second domain name resolution request, so that after the universal server receives the third domain name resolution response message, if the port number of the third domain name resolution response message minus one is determined to be the same as the port number of the second domain name resolution request, it is determined that the third domain name resolution response information corresponds to the second domain name resolution request, so that the source address of the second domain name resolution request can be found from the above-mentioned information about the session established based on the second domain name resolution request, and determines the source address of the second domain name resolution request as the destination address of the first domain name resolution response information, so that the general server sends the first domain name resolution response information to the cloud DNS node according to the destination address of the first domain name resolution response information.
Based on the related contents of S4a1 to S4a5, if the authoritative DNS node 103 includes a general server and a GTM device, after the authoritative DNS node 103 receives the second domain name resolution request sent by the cloud DNS node 102, the general server first generates a third domain name resolution request according to the second domain name resolution request, and performs disguised sending on a source address of the third domain name resolution request according to the first IP address carried in the second domain name resolution request, so that the GTM device can consider that a sending end of the third domain name resolution request is the local DNS server 101 corresponding to the request terminal; performing domain name resolution by the GTM equipment according to the third domain name resolution request to obtain and feed back third domain name resolution response information; finally, the universal server generates first domain name resolution response information according to the third domain name resolution response information, so that the subsequent cloud DNS node 102 can feed back a domain name resolution result carried by the first domain name resolution response information to the local DNS server 101 corresponding to the request terminal.
In some cases, in order to further improve the domain name resolution efficiency, a load balancing unit may be used to select a general server and a GTM device that participate in the domain name resolution process. Based on this, the embodiment of the present application further provides a second possible implementation manner of S4, in which if the authoritative DNS node 103 includes a load balancing unit, N general servers, and M GTM devices, S4 may specifically include S4B1-S4B 7:
S4B 1: after the load balancing unit receives the second domain name resolution request, the load balancing unit selects a target general server from the N general servers, and forwards the second domain name resolution request to the target general server.
The load balancing unit is used for selecting a target general server (and/or selecting a target GTM device participating in the domain name resolution process from M GTM devices) from the N general servers according to a preset load balancing rule.
The target universal server is the universal server selected by the load balancing unit for transmitting the domain name access information carried by the second domain name resolution request.
Based on the relevant content of the above S4B1, for the authoritative DNS node 103 including the load balancing unit, the N general servers, and the M GTM devices, after the authoritative DNS node 103 receives the second domain name resolution request sent by the cloud DNS node 102, the load balancing unit in the authoritative DNS node 103 may select one general server from the N general servers as the target general server, so that the load balancing unit forwards the second domain name resolution request to the target general server, so that the subsequent target general server can strip the IP address of the cloud DNS node from the domain name resolution request.
It should be noted that, when the load balancing unit forwards the second domain name resolution request to the target general server, the load balancing unit still forwards the second domain name resolution request by using the IP address of the cloud DNS node 102 as the source address of the second domain name resolution request, so that the target general server knows that the second domain name resolution request is sent by the cloud DNS node 102. It can be seen that, the load balancing unit receives the second domain name resolution request sent by the cloud DNS node 102 by using a virtual IP address of a general server (e.g., "IPD" in fig. 4), and uses a real IP address of the general server (e.g., IP address of a target general server) as a destination address (e.g., "IP _ 41" in fig. 4) when forwarding the second domain name resolution request.
S4B 2: and the target general server generates a fourth domain name resolution request according to the second domain name resolution request, and extracts the first IP address from the second domain name resolution request as a source address of the fourth domain name resolution request.
And the fourth domain name resolution request is generated by the target general server according to the second domain name resolution request, so that the fourth domain name resolution request carries the domain name access information.
The source address of the fourth domain name resolution request refers to a source address used by the target general server to send the fourth domain name resolution request, so that the subsequent GTM device considers that the sending end of the fourth domain name resolution request is the local DNS server 101 corresponding to the request terminal.
Based on the above-mentioned related contents of S4B2, for the authoritative DNS node 103 including the load balancing unit, the N general servers and the M GTM devices, after the target generic server receives the second domain name resolution request forwarded by the load balancing unit, the target general server may generate a fourth domain name resolution request from the second domain name resolution request, and the first IP address carried by the second domain name resolution request is used as the source address of the fourth domain name resolution request, so that the target general server can send the fourth domain name resolution request at its source address, so that the subsequent GTM device may consider the sending end of the fourth domain name resolution request as the local DNS server 101 corresponding to the requesting terminal, instead of the cloud DNS node, the GTM device may still perform domain name resolution according to the conventional domain name resolution method.
S4B 3: and the target universal server sends a fourth domain name resolution request to the load balancing unit according to the source address of the fourth domain name resolution request.
In this embodiment, for the authoritative DNS node 103 including the load balancing unit, the N general servers, and the M GTM devices, after the target general server generates the fourth domain name resolution request and determines that the source address of the fourth domain name resolution request is the first IP address, the target general server may send the fourth domain name resolution request to the load balancing unit using the first IP address, so that the load balancing unit can allocate, to the fourth domain name resolution request, the GTM device for performing domain name resolution.
S4B 4: and the load balancing unit selects a target GTM device from the M GTM devices and forwards the fourth domain name resolution request to the target GTM device.
In this embodiment, for the authoritative DNS node 103 including the load balancing unit, the N general servers, and the M GTM devices, after the load balancing unit receives the fourth domain name resolution request sent by the target general server, the load balancing unit may select one GTM device from the M GTM devices as a target GTM device, so that the target GTM device can perform domain name resolution feedback for the fourth domain name resolution request.
It should be noted that, when the load balancing unit forwards the fourth domain name resolution request to the target GTM, the load balancing unit still forwards the fourth domain name resolution request by using the first IP address as the source address of the fourth domain name resolution request, so that the target GTM considers that the sending end of the fourth domain name resolution request is the local DNS server 101 corresponding to the request terminal. It can be seen that, the load balancing unit receives the fourth domain name resolution request sent by the target general server by using a virtual IP address of a GTM (e.g., "IPE" in fig. 4), and uses a real IP address of the GTM (e.g., IP address of the target GTM) as a destination address (e.g., "IP _ 11" in fig. 4) when forwarding the fourth domain name resolution request.
S4B 5: and the target GTM equipment performs domain name resolution according to the fourth domain name resolution request to generate fourth domain name resolution response information.
The fourth domain name resolution response information refers to a domain name resolution result (for example, an IP address having a mapping relationship with the domain name visited by the user) fed back by the GTM device with respect to the domain name access information carried in the fourth domain name resolution request.
Based on the relevant content of S4B5, for the authoritative DNS node 103 including the load balancing unit, the N general servers, and the M GTM devices, after the target GTM device receives the fourth domain name resolution request forwarded by the load balancing unit, the target GTM device can perform domain name resolution according to the domain name access information carried in the fourth domain name resolution request to obtain fourth domain name resolution response information, so that the fourth domain name resolution response information carries a domain name resolution result determined by the target GTM device for the domain name access information.
S4B 6: and the target GTM equipment sends fourth domain name resolution response information to the load balancing unit so that the load balancing unit forwards the fourth domain name resolution response information to the target universal server.
In this embodiment, for the authoritative DNS node 103 including the load balancing unit, the N general servers, and the M GTM devices, after the target GTM device generates the fourth domain name resolution response information, the fourth domain name resolution response information may be sent to the load balancing unit, so that the load balancing unit may feed back the domain name resolution result carried in the fourth domain name resolution response information to the request terminal along the transmission path of the domain name resolution request.
It should be noted that, when the target GTM device sends the fourth domain name resolution response information to the load balancing unit, the target GTM device sends the fourth domain name resolution response information by using the first IP address as the destination address of the fourth domain name resolution response information; when the load balancing unit forwards the fourth domain name resolution response message to the target general server, the load balancing unit still uses the first IP address as the destination address of the fourth domain name resolution response message, and forwards the fourth domain name resolution response message using the virtual IP address of the GTM as the source address of the fourth domain name resolution response message.
S4B 7: and the target general server generates first domain name resolution response information according to the fourth domain name resolution response information.
In this embodiment, for the authoritative DNS node 103 including the load balancing unit, the N general servers, and the M GTM devices, after the target general server receives the fourth domain name resolution response information forwarded by the load balancing unit, the target general server may generate the first domain name resolution response information according to the fourth domain name resolution response information, so that the first domain name resolution response information carries the domain name resolution result.
In addition, the embodiment of the present application does not limit the process for determining the destination address of the first domain name resolution response information, for example, in a possible implementation manner, the process for determining the destination address of the first domain name resolution response information may specifically be: when the target general server determines that the fourth domain name resolution response information corresponds to the second domain name resolution request according to the session information of the target general server, determining the source address of the second domain name resolution request as the destination address of the first domain name resolution response information, so that the target general server sends the first domain name resolution response information to the cloud DNS node according to the destination address of the first domain name resolution response information.
It should be noted that, the embodiments of the present application do not limit the technical content related to the session information of the target general-purpose server, and can be implemented by using the existing technology. For example, for the target generic server, after the target generic server receives the second domain name resolution request, the target general server may establish a session based on the second domain name resolution request and record the port number of the second domain name resolution request, so that after the target general server receives the fourth domain name resolution response message, if it is determined that the port number of the fourth domain name resolution response message minus one is the same as the port number of the second domain name resolution request, it is determined that the fourth domain name resolution response information corresponds to the second domain name resolution request, so the source address of the second domain name resolution request can be found from the above-mentioned information about the session established based on the second domain name resolution request, and determines the source address of the second domain name resolution request as the destination address of the first domain name resolution response information, and the target general server sends the first domain name resolution response information to the cloud DNS node according to the destination address of the first domain name resolution response information.
Further, the target general server may send the first domain name resolution response information to the cloud DNS node 102 (as shown in fig. 4) by means of the load balancing unit.
Based on the related contents of the above-mentioned S4B1 to S4B7, if the authoritative DNS node 103 includes the load balancing unit, the N general servers and the M GTM devices, the load balancing unit may select a target general server participating in the domain name resolution process from the N general servers and a target GTM device participating in the domain name resolution process from the M GTM devices, so that the target general server and the target GTM device can participate in the domain name resolution process for the above-mentioned domain name access information, which is favorable for improving the domain name resolution efficiency and the reliability of domain name resolution.
Based on the relevant content of S4, after the authoritative DNS node 103 receives the second domain name resolution request sent by the cloud DNS node 102, the authoritative DNS node 103 generates the first domain name resolution response information according to the second domain name resolution request and the first IP address carried by the second domain name resolution request, so that the first domain name resolution response information carries the domain name resolution result corresponding to the domain name access information, and the subsequent cloud DNS node 102 can perform domain name resolution feedback to the local DNS server corresponding to the request terminal based on the first domain name resolution response information.
S5: the authoritative DNS node 103 sends the first domain name resolution response information to the cloud DNS node 102.
In this embodiment, after the first domain name resolution response information is generated by the authoritative DNS node 103, the authoritative DNS node 103 may send the first domain name resolution response information to the cloud DNS node 102, so that the cloud DNS node 102 can perform domain name resolution feedback to the local DNS server corresponding to the request terminal based on the first domain name resolution response information.
S6: the cloud DNS node 102 generates second domain name resolution response information according to the first domain name resolution response information.
The second domain name resolution response information is generated by the cloud DNS node 102 according to the first domain name resolution response information, so that the second domain name resolution response information carries a domain name resolution result corresponding to the domain name access information.
Based on the relevant content of S6, after the cloud DNS node 102 receives the first domain name resolution response information sent by the authoritative DNS node 103, the cloud DNS node 102 generates second domain name resolution response information according to the first domain name resolution response information, so that the second domain name resolution response information carries a domain name resolution result corresponding to the domain name access information, and thus the cloud DNS node 102 can feed back the second domain name resolution response information to the receiving device corresponding to the first IP address (i.e., the local DNS server corresponding to the request terminal), so that the receiving device corresponding to the first IP address can feed back the domain name resolution result carried by the second domain name resolution response information.
S7: the cloud DNS node 102 sends the second domain name resolution response information to the local DNS server corresponding to the request terminal, so that the local DNS server 101 corresponding to the request terminal performs domain name resolution feedback to the request terminal according to the second domain name resolution response information.
In this embodiment, after the cloud DNS node 102 generates the second domain name resolution response information, the cloud DNS node 102 may send the second domain name resolution response information to the local DNS server 101 corresponding to the request terminal, so that after the local DNS server 101 corresponding to the request terminal receives the second domain name resolution response information sent by the cloud DNS node 102, the local DNS server 101 feeds back a domain name resolution result carried in the second domain name resolution response information to the request terminal corresponding to the local DNS server 101.
It should be noted that, in the embodiment of the present application, a manner of obtaining the destination address of the second domain name resolution response information is also not limited, for example, the determining process of the destination address of the first domain name resolution response information may be used for implementation, that is, the cloud DNS node 102 may determine the destination address of the second domain name resolution response information according to the session information of the cloud DNS node 102.
Based on the relevant contents of S1 to S7, for the domain name resolution system including the local DNS server, the cloud DNS node, and the authoritative DNS node corresponding to the requesting terminal, since the cloud DNS node can be used to perform the service work of the above NS server (as shown in fig. 4) and the cloud DNS node has good performance (such as being able to resist various attacks, large bandwidth, strong capability, etc.), the cloud DNS node can be always in a normal working state, so that the cloud DNS node can always transmit the domain name resolution request sent by the local DNS server to the authoritative DNS node, and further the authoritative DNS node can always perform domain name resolution feedback for the domain name resolution request sent by the local DNS server, thereby effectively avoiding the occurrence that the authoritative DNS node cannot normally provide the domain name resolution service due to the abnormal work of a plurality of NS servers, therefore, the domain name resolution experience of the user can be effectively improved.
In fig. 4, "LDNS" indicates the local DNS server 101 corresponding to the requesting terminal; "IPA" indicates the IP address of the local DNS server 101 corresponding to the requesting terminal; "cloud DNS" represents the IP address of cloud DNS node 102; "IPB" refers to a destination address that can be used when the local DNS server 101 sends information to the cloud DNS node 102, so that the "IPB" can represent an IP address of the cloud DNS node 102; "IPC" refers to a source address that can be used when the cloud DNS node 102 sends information to "Load Balance", so that the "IPC" can represent an IP address of the cloud DNS node 102; "Load Balance" represents a Load balancing unit in the authoritative DNS node 103; "IPD" refers to a destination address that can be used when the cloud DNS node 102 sends information to the authoritative DNS node 103, so that the "IPD" can represent an IP address of the authoritative DNS node 103, and "IPD" refers to a virtual IP address that can be used when any general server in the authoritative DNS node 103 receives information through the load balancing unit; "US 1" refers to the general server 1, and "IP 41" denotes the real IP address of the general server 1; "US 2" refers to the general-purpose server 2, and "IP 42" denotes the real IP address of the general-purpose server 2; "IPE" refers to a destination address that can be used when the universal server 1 sends information to the load balancing unit and a virtual IP address that can be used when the GTM device receives information through the load balancing unit; "GTM 1" refers to GTM device 1, and "IP _ 11" represents the IP address of GTM device 1; "GTM 2" refers to GTM device 2, and "IP _ 12" represents the IP address of GTM device 2.
In addition, in order to ensure the communication security between the cloud DNS node 102 and the authoritative DNS node 103, security check data may be added to the communication message between the cloud DNS node 102 and the authoritative DNS node 103. Based on this, the embodiment of the present application further provides a possible implementation manner of the domain name resolution method, in which the second domain name resolution request carries security check information; the first domain name resolution response information is generated according to the second domain name resolution request, the first IP address carried by the second domain name resolution request and the safety check information carried by the second domain name resolution request, so that the first domain name resolution response information carries the safety check information; and the domain name resolution method further comprises S8:
s8: the cloud DNS node 102 determines whether the security check information carried in the first domain name resolution response information matches the security check information carried in the second domain name resolution request, so that after it is determined that the security check information carried in the first domain name resolution response information matches the security check information carried in the second domain name resolution request successfully by the cloud DNS node 102, the above S6 is executed. Note that S8 is executed after S5 is executed.
The safety verification information can be preset, and the safety verification information is not limited in the embodiment of the application. In addition, the embodiment of the present application also does not limit the carrying manner of the security check information, for example, the security check information may be carried by using an OPT field in the DNS protocol, and for an OPT field including 28 bytes, the security check information may be carried by using 9 th to 12 th bytes in the OPT field.
Based on the above-mentioned relevant content of S8, if the second domain name resolution request generated by the cloud DNS node 102 carries security check information (e.g., the random number carried in the 9 th to 12 th bytes in the OPT field shown in fig. 5), after the cloud DNS node 102 receives the first domain name resolution response information fed back by the authoritative DNS node 103, it is determined whether the security check information carried in the first domain name resolution response information is consistent with the security check information carried in the second domain name resolution request, so that when it is determined that the security check information carried in the first domain name resolution response information is consistent with the security check information carried in the second domain name resolution request, it can be determined that the first domain name resolution response information is sent by the real DNS node 103, but not that a third party pretends to be sent by the authoritative DNS node, thereby effectively preventing the third party from pretending to be an authoritative DNS node to harm caused by the DNS resolution process, thereby being beneficial to improving the safety of domain name resolution.
In addition, in order to reduce attacks on the authoritative DNS node by a large number of concurrent domain name resolution requests as much as possible, embodiments of the present application further provide a possible implementation manner of the authoritative DNS node 103, in which the authoritative DNS node may include a cleaning device equipped with a Distributed denial of service attack (DDOS) unit, and the cleaning device is configured to determine whether network traffic of the authoritative DNS node 103 reaches an attack traffic threshold in real time, and if so, pull and clean the network traffic.
It should be noted that, as shown in fig. 6, for the cleaning device, after an attack traffic triggering alarm (that is, after the network traffic of the authoritative DNS node 103 reaches an attack traffic threshold), the cleaning device starts traffic pulling and cleaning, determines an attack state by the cleaning device, stops pulling and cleaning after the traffic returns to normal, ignores a cleaning stop instruction of the detection device during the period, triggers an NTA alarm of the detection device during the period, and after the cleaning instruction is issued, the cleaning device should pull and clean the service domain at the same time, and the cleaning stop condition is the same as above.
In addition, in order to reduce the attack of a large number of concurrent domain name resolution requests on the authoritative DNS node as much as possible, the present embodiment also provides a possible implementation manner of the authoritative DNS node 103, in which the authoritative DNS node may include an Advanced Firewall unit (AFM), and the AFM is configured to obtain a daily request baseline of a request sender (e.g., the hypertext DNS server 101) and/or a daily request upper limit of the authoritative DNS node 103, and determine whether the authoritative DNS node 103 is attacked or not according to the daily request baseline of the request sender and/or the daily request upper limit of the authoritative DNS node 103.
The daily request baseline of the request sending end is used for describing the average value of the number of domain name resolution requests sent by the request sending end per second; and the daily request baseline of the request sending end can be preset by a worker, and can also be determined according to the domain name resolution request sent by the request sending end in history.
The daily request upper limit of the authoritative DNS node 103 is used for describing an average value of the number of domain name resolution requests fed back by the authoritative DNS node 103 every second; moreover, the daily request upper limit of the authoritative DNS node 103 may be preset by a worker, or may be determined according to a domain name resolution request historically fed back by the authoritative DNS node 103.
Based on the relevant content of the AFM, the AFM can be deployed in advance in the authoritative DNS node 103, so that the authoritative DNS node 103 can automatically learn the daily request baseline of the request sending end and/or the daily request upper limit of the authoritative DNS node 103 first, or read the manually set daily request baseline of the request sending end and/or the daily request upper limit of the authoritative DNS node 103 first; and then determining whether the authoritative DNS node 103 is attacked or not according to the obtained daily request base line of the request sending end and/or the daily request upper limit of the authoritative DNS node 103, so that the speed limitation of the domain name and the IP address can be performed in time, and the speed limitation process can be specifically as follows: if the speed of the current domain name resolution request sent by the target request sending end is detected to exceed the daily request baseline of the target request sending end, the feedback speed of the authoritative DNS node 103 to the domain name resolution request sent by the target request sending end is reduced, so that the target request sending end can be effectively prevented from attacking a large number of concurrent domain name requests aiming at the authoritative DNS node 103; if it is detected that the current speed of receiving the domain name resolution request by the authoritative DNS node 103 exceeds the daily request upper limit of the authoritative DNS node 103, the feedback speed of the domain name resolution request sent by the authoritative DNS node 103 for all target request sending ends is reduced, so that paralysis of the authoritative DNS node 103 due to a large number of concurrent domain name request attacks can be effectively avoided.
In addition, in order to improve the domain name resolution efficiency of the authoritative DNS node 103, the embodiment of the present application further provides a possible implementation manner of the authoritative DNS node 103, where the authoritative DNS node 103 includes a fast forwarding (Express) unit, so that the authoritative DNS node 103 can send information in a cache manner, and thus, the processing performance of the authoritative DNS node 103 can be effectively improved, and the response efficiency of the authoritative DNS node 103 is improved.
Further, an embodiment of the present application further provides an apparatus, where the apparatus includes a processor and a memory:
the memory is used for storing a computer program;
the processor is configured to execute any implementation manner of the domain name resolution method provided by the embodiment of the application according to the computer program.
Further, an embodiment of the present application also provides a computer-readable storage medium, where the computer-readable storage medium is used to store a computer program, and the computer program is used to execute any implementation manner of the domain name resolution method provided in the embodiment of the present application.
Further, an embodiment of the present application also provides a computer program product, which when running on a terminal device, causes the terminal device to execute any implementation of the domain name resolution method provided in the embodiment of the present application.
It should be understood that in the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" for describing an association relationship of associated objects, indicating that there may be three relationships, e.g., "a and/or B" may indicate: only A, only B and both A and B are present, wherein A and B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of single item(s) or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
The foregoing is merely a preferred embodiment of the invention and is not intended to limit the invention in any manner. Although the present invention has been described with reference to the preferred embodiments, it is not intended to be limited thereto. Those skilled in the art can make numerous possible variations and modifications to the present teachings, or modify equivalent embodiments to equivalent variations, without departing from the scope of the present teachings, using the methods and techniques disclosed above. Therefore, any simple modification, equivalent change and modification made to the above embodiments according to the technical essence of the present invention are still within the scope of the protection of the technical solution of the present invention, unless the contents of the technical solution of the present invention are departed.
Claims (8)
1. A domain name resolution method is applied to a domain name resolution system, the domain name resolution system comprises a local DNS server, a cloud DNS node and an authoritative DNS node corresponding to a request terminal, and the method comprises the following steps:
the request terminal sends a first domain name resolution request to the cloud DNS node through a local DNS server corresponding to the request terminal;
the cloud DNS node generates a second domain name resolution request according to the first domain name resolution request and the first IP address, so that the second domain name resolution request carries the first IP address; the first IP address refers to the IP address of a local DNS server corresponding to the request terminal;
the cloud DNS node sends the second domain name resolution request to the authoritative DNS node;
the authoritative DNS node generates first domain name resolution response information according to the second domain name resolution request and the first IP address carried by the second domain name resolution request;
the authoritative DNS node sends the first domain name resolution response information to the cloud DNS node;
the cloud DNS node generates second domain name resolution response information according to the first domain name resolution response information;
the cloud DNS node sends the second domain name resolution response information to a local DNS server corresponding to the request terminal, so that the local DNS server corresponding to the request terminal carries out domain name resolution feedback to the request terminal according to the second domain name resolution response information;
the authoritative DNS node comprises a load balancing unit, N universal servers and M GTM equipment; n is a positive integer, M is a positive integer;
the generation process of the first domain name resolution response information comprises the following steps:
after the load balancing unit receives the second domain name resolution request, the load balancing unit selects a target universal server from the N universal servers and forwards the second domain name resolution request to the target universal server;
the target universal server generates a fourth domain name resolution request according to the second domain name resolution request, and extracts the first IP address from the second domain name resolution request as a source address of the fourth domain name resolution request;
the target universal server sends the fourth domain name resolution request to the load balancing unit according to the source address of the fourth domain name resolution request;
the load balancing unit selects a target GTM device from the M GTM devices, and forwards the fourth domain name resolution request to the target GTM device;
the target GTM equipment performs domain name resolution according to the fourth domain name resolution request to generate fourth domain name resolution response information;
the target GTM device sends the fourth domain name resolution response information to the load balancing unit, so that the load balancing unit forwards the fourth domain name resolution response information to the target general server;
and the target general server generates the first domain name resolution response information according to the fourth domain name resolution response information.
2. The method of claim 1, wherein the authoritative DNS nodes include a generic server and a global traffic management, GTM, device;
the generation process of the first domain name resolution response information comprises the following steps:
the universal server generates a third domain name resolution request according to the second domain name resolution request, and extracts the first IP address from the second domain name resolution request as a source address of the third domain name resolution request;
the general server sends the third domain name resolution request to the GTM equipment according to the source address of the third domain name resolution request;
the GTM equipment performs domain name resolution according to the third domain name resolution request to generate third domain name resolution response information;
the GTM equipment sends the third domain name resolution response information to the general server;
and the universal server generates the first domain name resolution response information according to the third domain name resolution response information.
3. The method according to claim 1, wherein if the second domain name resolution request carries security check information, the first domain name resolution response information is generated according to the second domain name resolution request, the first IP address carried by the second domain name resolution request, and the security check information carried by the second domain name resolution request, so that the first domain name resolution response information carries the security check information;
after the authoritative DNS node sends the first domain name resolution response information to the cloud DNS node, the method further includes:
the cloud DNS node judges whether the security check information carried by the first domain name resolution response information is matched with the security check information carried by the second domain name resolution request;
the cloud DNS node generates second domain name resolution response information according to the first domain name resolution response information, including:
after the cloud DNS node determines that the security check information carried by the first domain name resolution response information is successfully matched with the security check information carried by the second domain name resolution request, the cloud DNS node generates second domain name resolution response information according to the first domain name resolution response information.
4. The method of claim 1, wherein the authoritative DNS node comprises a washing device equipped with a distributed denial of service attack unit;
and the cleaning equipment is used for judging whether the network flow of the authoritative DNS node reaches an attack flow threshold value in real time, and if so, dragging and cleaning the network flow.
5. The method of claim 1, wherein the authoritative DNS node comprises a high-level firewall unit;
the high-level firewall unit is used for acquiring a daily request baseline of a request sending end and/or a daily request upper limit of the authoritative DNS node, and determining whether the authoritative DNS node is attacked or not according to the daily request baseline of the request sending end and/or the daily request upper limit of the authoritative DNS node.
6. A domain name resolution system, characterized in that the domain name resolution system comprises a local DNS server corresponding to the requesting terminal according to any one of claims 1 to 5, a cloud DNS node according to any one of claims 1 to 5, and an authoritative DNS node according to any one of claims 1 to 5.
7. An apparatus, comprising a processor and a memory:
the memory is used for storing a computer program;
the processor is configured to perform the method of any of claims 1-5 in accordance with the computer program.
8. A computer-readable storage medium, characterized in that the computer-readable storage medium is used to store a computer program for performing the method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110228883.1A CN112738296B (en) | 2021-03-02 | 2021-03-02 | Domain name resolution method and domain name resolution system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110228883.1A CN112738296B (en) | 2021-03-02 | 2021-03-02 | Domain name resolution method and domain name resolution system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112738296A CN112738296A (en) | 2021-04-30 |
| CN112738296B true CN112738296B (en) | 2022-09-20 |
Family
ID=75595605
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110228883.1A Active CN112738296B (en) | 2021-03-02 | 2021-03-02 | Domain name resolution method and domain name resolution system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112738296B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103493455A (en) * | 2011-04-19 | 2014-01-01 | 微软公司 | Global flow management using modified hostname |
| CN107852430A (en) * | 2015-07-06 | 2018-03-27 | 康维达无线有限责任公司 | The wide-area services of Internet of Things are found |
| CN109495604A (en) * | 2018-12-20 | 2019-03-19 | 互联网域名系统北京市工程研究中心有限公司 | A kind of method of general domain name mapping |
| CN111464648A (en) * | 2020-04-02 | 2020-07-28 | 聚好看科技股份有限公司 | Distributed local DNS system and domain name query method |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102340549B (en) * | 2010-07-22 | 2014-03-26 | 中国移动通信集团公司 | Domain name resolution method and device |
| WO2013189024A1 (en) * | 2012-06-19 | 2013-12-27 | Hewlett-Packard Development Company, L.P. | Server site selection |
| CN107623751B (en) * | 2016-07-14 | 2021-02-12 | 网宿科技股份有限公司 | DNS network system, domain name resolution method and system |
-
2021
- 2021-03-02 CN CN202110228883.1A patent/CN112738296B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103493455A (en) * | 2011-04-19 | 2014-01-01 | 微软公司 | Global flow management using modified hostname |
| CN107852430A (en) * | 2015-07-06 | 2018-03-27 | 康维达无线有限责任公司 | The wide-area services of Internet of Things are found |
| CN109495604A (en) * | 2018-12-20 | 2019-03-19 | 互联网域名系统北京市工程研究中心有限公司 | A kind of method of general domain name mapping |
| CN111464648A (en) * | 2020-04-02 | 2020-07-28 | 聚好看科技股份有限公司 | Distributed local DNS system and domain name query method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112738296A (en) | 2021-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11522827B2 (en) | Detecting relayed communications | |
| US10200402B2 (en) | Mitigating network attacks | |
| US11683401B2 (en) | Correlating packets in communications networks | |
| US8670316B2 (en) | Method and apparatus to control application messages between client and a server having a private network address | |
| JP5499183B2 (en) | Method and system for preventing DNS cache poisoning | |
| US20170034174A1 (en) | Method for providing access to a web server | |
| JP2018528679A (en) | Device and method for establishing a connection in a load balancing system | |
| US20090245265A1 (en) | Communication gateway device and relay method of the same | |
| US10397225B2 (en) | System and method for network access control | |
| US20210203641A1 (en) | Predictive activation of security rules to protect web application servers against web application layer attacks | |
| CN106487807A (en) | A kind of means of defence of domain name mapping and device | |
| WO2023193513A1 (en) | Honeypot network operation method and apparatus, device, and storage medium | |
| Sen | A robust mechanism for defending distributed denial of service attacks on web servers | |
| Boppana et al. | Analyzing the vulnerabilities introduced by ddos mitigation techniques for software-defined networks | |
| Suresh et al. | Feasible DDoS attack source traceback scheme by deterministic multiple packet marking mechanism | |
| CN112383559B (en) | Address resolution protocol attack protection method and device | |
| Lin et al. | Stepping stone detection at the server side | |
| CN112738296B (en) | Domain name resolution method and domain name resolution system | |
| EP3065372B1 (en) | Detection and mitigation of network component distress | |
| US11658995B1 (en) | Methods for dynamically mitigating network attacks and devices thereof | |
| CN105939315A (en) | Method and device for protecting against HTTP attack | |
| US20070147376A1 (en) | Router-assisted DDoS protection by tunneling replicas | |
| Sulaeman | A highly-available multiple region multi-access edge computing platform with traffic failover | |
| US11683327B2 (en) | Demand management of sender of network traffic flow | |
| CN111835735B (en) | Anti-attack method, device, equipment and machine-readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |