CN113286016A - Method and device for analyzing service range of cache domain name system - Google Patents
Method and device for analyzing service range of cache domain name system Download PDFInfo
- Publication number
- CN113286016A CN113286016A CN202110815966.0A CN202110815966A CN113286016A CN 113286016 A CN113286016 A CN 113286016A CN 202110815966 A CN202110815966 A CN 202110815966A CN 113286016 A CN113286016 A CN 113286016A
- Authority
- CN
- China
- Prior art keywords
- domain name
- cache
- sniffing
- time
- ttl
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/12—Network monitoring probes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/58—Caching of addresses or names
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a method and a device for analyzing the service range of a cache domain name system, wherein the method comprises the following steps: analyzing the user crowd behavior data, and constructing a localization domain name dictionary in a classified manner; analyzing the obtained domain name record to obtain an authoritative TTL; sniffing a cache domain name server based on a time wheel algorithm; measuring background noise of a cache domain name system, and filtering the background noise; judging whether the returned result of the cache domain name system is the existing cache record or not based on the preset tolerance; and determining the service range of the cache domain name system based on a preset statistical threshold value for all the judged domain name cache resolution records. According to the method, the analysis record sniffing of the cache domain name system is realized; the method and the device realize the formatted analysis, storage and use of the domain name resolution record and can analyze the service range of the cache domain name system.
Description
Technical Field
The invention relates to the field of domain name system measurement, in particular to a method and a device for analyzing the service range of a cache domain name system.
Background
The Domain Name System (DNS), which is one of the largest global distributed database systems, links users with the internet routing infrastructure by providing users with translation services between Domain names and network IP addresses, and is an important basic part of the current internet. The caching domain name system is a domain name system which provides recursive query service for users and realizes a caching mechanism. In the domain name resolution process, the domain name system stores the resource records obtained by resolution in a cache of the domain name system, and a TTL-based cache mechanism is adopted. The TTL in the resource record refers to time to live, which indicates the cache time of the resolution record in the domain name server, and the time length unit of the TTL is seconds.
The domain name system service range is mastered, so that the cache domain name system deployment is optimized, the resolution delay is reduced, and the user resolution experience is improved; the method is beneficial to analyzing the influence range caused by the fault or failure of the cache domain name system; the method is helpful for helping the administrator to complete the construction of the domain name system and promoting the safety of the domain name system. Therefore, the research of domain name system service scope has a very important role in such systems. Currently, research on domain name systems at home and abroad mainly focuses on measuring and analyzing the performance and security of a domain name server. There is no systematic research result on how to efficiently and accurately determine the service range of the domain name system.
At present, the method for determining the service range of the domain name system is mainly to obtain the geographical position of the domain name server by a method for positioning the IP address of the domain name system to infer the service range of the domain name system. However, there are many problems in using IP address location to infer the domain name system service scope. First, the geographic location of the domain name system does not represent that the service scope of the domain name system is limited to the geographic location. Secondly, the IP positioning algorithm widely used at present cannot accurately obtain the location of the IP address based on speculation and based on time delay. Thirdly, as the geographic position of the IP address is in the process of dynamic change, although the IP address can be roughly positioned, it is a common phenomenon that the positioned position is not accurate due to untimely updating or wrong labeling.
Disclosure of Invention
In order to solve the technical problem, the invention provides a method and a device for analyzing the service range of a cache domain name system, which can analyze the service range of the domain name system without depending on IP address positioning.
According to a first aspect of the present invention, there is provided a method for analyzing a service scope of a cache domain name system, the method comprising the steps of:
step S101: analyzing the user crowd behavior data, and constructing a localization domain name dictionary in a classified manner;
step S102: analyzing the obtained domain name record aiming at the localization domain name dictionary to obtain an authoritative TTL;
step S103: sniffing the analysis record of the localized domain name dictionary in a cache domain name system based on a time wheel algorithm;
step S104: measuring background noise of a cache domain name system, and filtering the background noise;
step S105: judging the domain name cache resolution record owned by the cache domain name system based on the preset tolerance;
step S106: and determining the service range of the cache domain name system based on a statistical threshold value for all the judged domain name cache resolution records.
According to a second aspect of the present invention, there is provided a device for analyzing a service scope of a cache domain name system, the device comprising:
constructing a dictionary module: analyzing the user crowd behavior data, and constructing a localized domain name dictionary in a classified manner;
an authoritative TTL acquisition module: analyzing the obtained domain name record aiming at the localization domain name dictionary to obtain an authoritative TTL;
a sniffing module: configured to sniff resolved records of the localized domain name dictionary in a cached domain name system based on a time-wheel algorithm;
a filtering module: the method comprises the steps of measuring background noise of a cache domain name system and filtering the background noise;
a judging module: the method comprises the steps that a domain name cache resolution record owned by a cache domain name system is judged based on preset tolerance;
a service range determination module: and determining the service range of the cache domain name system based on a statistical threshold value for all the judged domain name cache resolution records.
According to a third aspect of the present invention, there is provided a system for analyzing a service scope of a cache domain name system, comprising:
a processor for executing a plurality of instructions;
a memory to store a plurality of instructions;
wherein the instructions are used for being stored by the memory and loaded and executed by the processor to perform the above-mentioned cache domain name system service scope analysis method.
According to a fourth aspect of the present invention, there is provided a computer readable storage medium having a plurality of instructions stored therein; the instructions are used for loading and executing the cache domain name system service range analysis method by the processor.
According to the scheme of the invention, the problems of inaccuracy and academia of domain name system service range analysis in the prior art are solved. The method of the invention realizes the analysis and determination of the service range of the cache domain name system by constructing a localization domain name dictionary and adopting a mode of actively measuring to obtain a domain name authority TTL value and a cache TTL value in a cache domain name server. Given a cached dns server IP address, it is determined which zones this cached dns server serves. The following effects are achieved: (1) the method can realize the acquisition of domain name authority analysis records; (2) by using the method, the analysis record sniffing of the cache domain name system server can be realized; (3) the method can realize the formatted analysis, storage and use of the cached domain name record; (4) by using the method, a cache domain name system server following a TTL mechanism can be screened out; (5) the method can realize the construction of the localization domain name dictionary library; (6) the method can realize the background noise measurement of abnormal request analysis of the domain name system in the network. (7) The method can realize the analysis of the service range of the cache domain name system server following the TTL mechanism.
The foregoing description is only an overview of the technical solutions of the present invention, and in order to make the technical solutions of the present invention more clearly understood and to implement them in accordance with the contents of the description, the following detailed description is given with reference to the preferred embodiments of the present invention and the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention. In the drawings:
FIG. 1 is a flowchart of a method for analyzing a service area of a cache domain name system according to an embodiment of the present invention;
FIG. 2 is a flowchart of obtaining an authoritative TTL, according to an embodiment of the invention;
fig. 3 is a schematic diagram illustrating a sniffing principle of a caching domain name server based on time rounds and domain name TTL values according to an embodiment of the present invention;
fig. 4 is a flowchart of a cache domain name server sniffing method based on time rounds and domain name TTL values according to an embodiment of the present invention;
fig. 5 is a flowchart of a method for determining a domain name cache resolution record according to an embodiment of the present invention;
FIG. 6 is a flowchart of a method for determining that a cached domain name system provides service based on a statistical threshold according to an embodiment of the present invention;
fig. 7 is a block diagram of a service area analysis apparatus of a cache domain name system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the specific embodiments of the present invention and the accompanying drawings. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
First, a method for analyzing a service scope of a cache domain name system according to an embodiment of the present invention is described with reference to fig. 1. The method comprises the following steps:
step S101: analyzing the user crowd behavior data, and constructing a localization domain name dictionary in a classified manner;
step S102: analyzing the obtained domain name record aiming at the localization domain name dictionary to obtain an authoritative TTL;
step S103: sniffing the analysis record of the localized domain name dictionary in a cache domain name system based on a time wheel algorithm;
step S104: measuring background noise of a cache domain name system, and filtering the background noise;
step S105: judging the domain name cache resolution record owned by the cache domain name system based on the preset tolerance;
step S106: and determining the service range of the cache domain name system based on a statistical threshold value for all the judged domain name cache resolution records.
The step S101: analyzing the user crowd behavior data, and constructing a localization domain name dictionary in a classified manner, wherein:
the user has regional characteristics when accessing the domain name, and the domain name is divided into a localized domain name and a non-localized domain name, wherein the localized domain name refers to a local group which accesses the domain name and is a region corresponding to the domain name; and arranging the localized domain names obtained through data analysis to form integration of the localized domain names corresponding to the region, namely forming a localized domain name dictionary representing the region.
In the embodiment, by tracking and investigating the domain names accessed by the ordinary user group by using the network daily and performing user behavior analysis after formatting the survey data, the ordinary user can be judged to have strong regional characteristics when accessing the domain names. When accessing a domain name in the internet, general user groups can access some special websites of a local area, such as primary schools, small hospitals, local forums and the like, besides some large websites. But the website domain names of primary schools, small hospitals, local forums and the like in the region are rarely or basically not accessible by people outside qualified areas. The domain names can be divided into localized domain names and non-localized domain names according to the characteristics and general rules of the domain names accessed by the user when the user uses the network daily. The localized domain name refers to a domain name which is basically accessed by the local crowd in the region in daily operation and is rarely or basically impossible to be accessed by the crowd outside the region.
The method for collecting the local domain names can divide the domain names of daily visits into categories of education, medical treatment, communities, services and the like, and then find out the local domain names from the categories, such as local primary schools, kindergartens and small training institutions of education, local small hospitals and health centers of medical treatment, local forums of communities, local driving schools of services and the like. The regional localized domain names are abstracted and sorted to complete the integration of the regional localized domain names, so that a localized domain name dictionary which can represent a region is formed. According to the method, the localization domain name dictionary of each region is collected to form a localization domain name dictionary library capable of identifying each region.
The step S102: and analyzing the obtained domain name record and obtaining an authoritative TTL aiming at the localization domain name dictionary, wherein:
as shown in fig. 2, a domain name record is obtained, in the domain name resolution process, if there is no resolution record of the domain name to be resolved in the cache record of the cache domain name system, the cache domain name system first requests the authoritative record of the domain name from the authoritative domain name server of the domain name, then stores the authoritative record of the domain name in its own cache, and returns the result to the user;
in the detection process, the authoritative TTL of each domain name needs to be obtained, and whether the domain name record is already in the cache of the cache domain name system is judged at the later stage to determine a standard. In order to obtain an authoritative TTL of a certain domain name, a public domain name system is requested for the domain name of an authoritative domain name server of the domain name, then the public domain name system is requested for analyzing the record to be analyzed to obtain an IP of the authoritative domain name server, and then the authoritative TTL value of the domain name is obtained by requesting for the analysis of the domain name to the authoritative domain name server.
The step S103: sniffing the resolution records of the localized domain name dictionary in a cache domain name system based on a time wheel algorithm, wherein:
when sniffing the caching domain name server, the time interval of each sniffing needs to be noticed. If the time interval is too short, the window time left for access by the user is too short, resulting in the resolution records requested by the user through the caching domain name server being overwhelmed by my probe resolution records. If the time interval is too long, it may cause the resolution record requested by the user through the caching domain name server to expire without being detected. However, each domain name in the localized domain name dictionary has a separate domain name resolution record, so that the caching time of the resolution record of each domain name in the caching domain name server may be different. By adopting the idea of combining the time wheel algorithm with the TTL value sniffed in the cache domain name server at the previous time, the time for sniffing the cache domain name server at each time can be accurately controlled, so that the resolution record of a user can be guaranteed to be sniffed, the sniffed requests can be annihilated as little as possible, and meanwhile, the complex multithreading realization can be avoided in the aspect of detection realization. Fig. 3 illustrates a cache domain name server sniffing principle combining time-round with authoritative TTL.
The time wheel algorithm (also called time wheel algorithm) is a timer algorithm.
In this embodiment, it is a typical timing task problem to sniff response records of localized domain name lists in different cached domain name systems. Using the idea of a time wheel, one time wheel was set to 3600 shares, each representing 1 second, and each round representing 1 hour. And each time pane maintains a task list to indicate the tasks required to be executed at the current moment, after the current task is executed, the next time of executing the task can be calculated according to the task execution time interval, and the task is added into the task list at the corresponding moment.
Assume that the current sniff time isTThen, after the current probing, for the domain nameD i Assuming caching domain namesTTL of response records returned by the system is
Domain nameD i Is an authoritative TTL of
Then its next best sniffing timingT’Comprises the following steps:
if it is earlier than
If the current cache in the cache domain name system is not invalid, the multiple sniffing belongs to invalid sniffing, and if the current cache is later than the invalid sniffing
Then, the user access record in the next TTL period may not be captured, resulting in wasted time window.
The way of sniffing the caching domain name server is shown in fig. 4, and includes:
step S1031: setting the sniffing times of each domain name in the localization domain name dictionary; when sniffing for the first time, all domain names in the localization domain name dictionary are sniffed, and the last _ time of the first sniffed time of each domain name is recorded on a time wheel disc; all domain names are used as domain names to be processed;
step S1032: sniffing the cache DNS to obtain the cache TTL of the domain name;
step S1033: for each domain name to be processed, the following operations are performed: summing the domain name cache TTL obtained from the cache domain name server with the last time of the domain name on the time wheel disc to obtain the minimum time min _ time allowed for sniffing of the domain name on the time wheel disc next time; adding the authority TTL value of the domain name to the minimum time allowed to be sniffed on the time wheel disc next time of the domain name to obtain the maximum time max _ time allowed to be sniffed on the time wheel disc next time of the domain name;
step S1034: if the domain name to be processed does not exist on the time wheel disc, all sniffing tasks are completed, and the method is ended; otherwise, go to step S1035;
step S1035: for each domain name to be processed, the following operations are performed: after each sniffing is finished, calculating the remaining sniffing times of the domain name, if the remaining sniffing times of the domain name are already 0, adding the task of the domain name into the time wheel disc, and the domain name is not used as the domain name to be processed any more; if the remaining sniffing times are more than 0, taking the domain name as a domain name to be processed;
step S1036: and acquiring all domain names to be processed, and entering step S1033.
Theoretically, the closer the time for starting detection is to max _ time, the more the analysis record of the user can be sniffed, and the least the analysis record of the user can be annihilated by sniffing requests, but in practice, due to the influence of detection delay and the like, the more the time for the detector to reserve a dominant detection time t.
Further, the max _ time-t can be used to obtain the time when the domain name is detected next time on the time wheel.
The step S104: measuring background noise of a cache domain name system, and filtering the background noise, wherein:
in a practical network, there is much interference noise in the measurement of the cache domain name system due to various black box factors. In order to detect the background noise level, active resolution requests may be initiated to such caching domain name servers using some caching domain name server of known approximate service scope with a localized domain name dictionary that must not be in the region of the caching domain name server service scope, such requests may be considered anomalous to the caching domain name server because there would normally not be such a domain name to request resolution from the caching domain name server. By initiating such probing, the result should ideally be that no resolution record for the localized domain name exists in the caching domain name server. If the analytic record of the regional localization domain name is found in the cache domain name server in the active measurement, the analytic record is judged to be interference noise caused by other abnormal requests. By using the method, the background noise of the cache domain name system can be measured by detecting the localized domain name dictionary of different regions for multiple times.
In a real network, there is much interference noise in the measurement of the domain name system due to various black box factors. By using several caching domain name servers with known service ranges, measuring with the caching domain name server using a localized domain name dictionary that must not be in the region of the caching domain name server service range, the frequency with which domain names are resolved in the localized domain name dictionary in such a case is obtained. The measurement is carried out according to the method, and the background noise of the cache domain name system can be obtained by carrying out statistical analysis on the analytic frequency obtained by each measurement.
The step S105: based on a preset tolerance, determining a domain name cache resolution record owned by the cache domain name system, as shown in fig. 5, where:
by sniffing the data obtained from the cache domain name system, if the data is sniffed, the cache domain name system is found to provide domain name resolution in the localization domain name dictionary for the user, namely, the cache TTL < the authoritative TTL, which is called hit. However, in the actual measurement process, some cached domain name servers actually do not provide resolution for the user due to network delay and other reasons, that is, the cached records of the cached domain name servers do not have the domain name resolution records, but the cached TTL obtained through actual detection is slightly smaller than the authoritative TTL. Therefore, it cannot be simply considered that: if the cached TTL is less than the authoritative TTL, the result is a hit. A judgment method with certain tolerance is adopted when judging whether the cache of the cache domain name system has domain name cache resolution records.
In this embodiment, the difference between the TTL value and the domain name authority TTL value of the domain name that is not cached and recorded in the cache of each cached domain name system server is counted according to the historical sniffing result, and the counted result is averaged, where the average is the preset tolerance
。
After adding tolerance
Later, if sniffing, obtaining the cache TTL of the cache domain name system<(authoritative TTL-
) If so, judging that the resolution record of the domain name exists in the cache record of the cache domain name system and recording as hit; otherwise, judging that the resolution record of the domain name does not exist in the cache record of the cache domain name system, and recording as miss.
In actual measurement, a large number of cache domain name servers are measured in advance, and the deviation average value of the cache TTL caused by delay, which is smaller than the TTL in the real cache, is within 2 seconds, so that the tolerance can be reduced
Set to 2.
The step S106: for all the domain name cache resolution records passing the judgment, determining the service range of the cache domain name system based on a statistical threshold, as shown in fig. 6, wherein:
background noise of abnormal requests of the localized domain names in a cache domain name system is obtained through early detection, detection is carried out for a plurality of times, the background noise obtained through detection is averaged, and the obtained value is used as a preset statistical threshold value; sending a plurality of sniffing requests to a domain name server of which the service range of the cache domain name system is to be determined, acquiring the resolution hit rate of the cache domain name server to a localized domain name dictionary corresponding to a certain region, and calculating the hit rate by the ratio of the sniffing hit times to the total sniffing times, namely:
wherein the content of the first and second substances,hit_ratein order to be able to do a hit rate,nthe number of domain names of the local domain name dictionary,min order to buffer the number of sniffs,hit_ count i is as followsiNumber of sniff hits for individual domain names,1≤i≤n(ii) a Comparing the resolution frequency with the preset statistical threshold, and if the hit rate is smaller than the preset statistical threshold, determining that the cache domain name server does not provide service for the region; and if the hit rate is greater than or equal to the preset statistical threshold, judging that the cache domain name server provides service for the region.
An embodiment of the present invention further provides a device for analyzing a service range of a cache domain name system, where as shown in fig. 7, the device includes:
constructing a dictionary module: analyzing the user crowd behavior data, and constructing a localized domain name dictionary in a classified manner;
an authoritative TTL acquisition module: analyzing the obtained domain name record aiming at the localization domain name dictionary to obtain an authoritative TTL;
a sniffing module: configured to sniff resolved records of the localized domain name dictionary in a cached domain name system based on a time-wheel algorithm;
a filtering module: the method comprises the steps of measuring background noise of a cache domain name system and filtering the background noise;
a judging module: the method comprises the steps that a domain name cache resolution record owned by a cache domain name system is judged based on preset tolerance;
a service range determination module: and determining the service range of the cache domain name system based on a statistical threshold value for all the judged domain name cache resolution records.
The embodiment of the invention further provides a system for analyzing the service range of the cache domain name system, which comprises the following steps:
a processor for executing a plurality of instructions;
a memory to store a plurality of instructions;
wherein the instructions are used for being stored by the memory and loaded and executed by the processor to perform the above-mentioned cache domain name system service scope analysis method.
The embodiment of the invention further provides a computer readable storage medium, wherein a plurality of instructions are stored in the storage medium; the instructions are used for loading and executing the cache domain name system service range analysis method by the processor.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
In the embodiments provided in the present invention, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions in actual implementation, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a physical machine Server, or a network cloud Server, etc., and needs to install a Windows or Windows Server operating system) to perform some steps of the method according to various embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and any simple modification, equivalent change and modification made to the above embodiment according to the technical spirit of the present invention are still within the scope of the technical solution of the present invention.
Claims (10)
1. A method for analyzing the service range of a cache domain name system is characterized by comprising the following steps:
step S101: analyzing the user crowd behavior data, and constructing a localization domain name dictionary in a classified manner;
step S102: analyzing the obtained domain name record aiming at the localization domain name dictionary to obtain an authoritative TTL;
step S103: sniffing the analysis record of the localized domain name dictionary in a cache domain name system based on a time wheel algorithm;
step S104: measuring background noise of a cache domain name system, and filtering the background noise;
step S105: judging the domain name cache resolution record owned by the cache domain name system based on the preset tolerance;
step S106: and determining the service range of the cache domain name system based on a statistical threshold value for all the judged domain name cache resolution records.
2. The method for analyzing the service scope of the cache domain name system according to claim 1, wherein the step S102: analyzing the obtained domain name record to obtain an authoritative TTL, wherein in order to obtain the authoritative TTL of a certain domain name, the domain name of an authoritative domain name server of the domain name is requested to a public domain name system, and then the record to be analyzed is requested to the public domain name system to obtain the authoritative domain name serverRequesting the resolution of the domain name from an authoritative domain name server to obtain an authoritative TTL value of the domain name; the step S103, wherein the current sniffing time isTThen, after the current probing, for the domain nameD i Assume that the TTL of the response record returned by the caching domain name system is
Domain nameD i Is an authoritative TTL of
Then its next best sniffing timingT’Comprises the following steps:
3. the method for analyzing the service scope of the cache domain name system according to claim 2, wherein the step S103: sniffing the analytic records of the localized domain name dictionary in a cache domain name system based on a time wheel algorithm, comprising:
step S1031: setting the sniffing times of each domain name in the localization domain name dictionary; when sniffing for the first time, all domain names in the localization domain name dictionary are sniffed, and the last _ time of the first sniffed time of each domain name is recorded on a time wheel disc; all domain names are used as domain names to be processed;
step S1032: sniffing the cache DNS to obtain the cache TTL of the domain name;
step S1033: for each domain name to be processed, the following operations are performed: summing the domain name cache TTL obtained from the cache domain name server with the last time of the domain name on the time wheel disc to obtain the minimum time min _ time allowed for sniffing of the domain name on the time wheel disc next time; adding the authority TTL value of the domain name to the minimum time allowed to be sniffed on the time wheel disc next time of the domain name to obtain the maximum time max _ time allowed to be sniffed on the time wheel disc next time of the domain name;
step S1034: if the domain name to be processed does not exist on the time wheel disc, all sniffing tasks are completed, and the method is ended; otherwise, go to step S1035;
step S1035: for each domain name to be processed, the following operations are performed: after each sniffing is finished, calculating the remaining sniffing times of the domain name, if the remaining sniffing times of the domain name are already 0, adding the task of the domain name into the time wheel disc, and the domain name is not used as the domain name to be processed any more; if the remaining sniffing times are more than 0, taking the domain name as a domain name to be processed;
step S1036: and acquiring all domain names to be processed, and entering step S1033.
4. The analysis method for service scope of cache domain name system according to claim 3, wherein the step S105: judging the domain name cache resolution record owned by the cache domain name system based on the preset tolerance, wherein:
by analyzing historical sniffing results, counting the difference value between the TTL value and the domain name authority TTL value of the domain name which is not cached and recorded in the cache of each cached domain name system server, averaging the counted results, wherein the average value is the preset tolerance
。
5. An apparatus for analyzing a service range of a cache domain name system, the apparatus comprising:
constructing a dictionary module: analyzing the user crowd behavior data, and constructing a localized domain name dictionary in a classified manner;
an authoritative TTL acquisition module: analyzing the obtained domain name record aiming at the localization domain name dictionary to obtain an authoritative TTL;
a sniffing module: configured to sniff resolved records of the localized domain name dictionary in a cached domain name system based on a time-wheel algorithm;
a filtering module: the method comprises the steps of measuring background noise of a cache domain name system and filtering the background noise;
a judging module: the method comprises the steps that a domain name cache resolution record owned by a cache domain name system is judged based on preset tolerance;
a service range determination module: and determining the service range of the cache domain name system based on a statistical threshold value for all the judged domain name cache resolution records.
6. The apparatus of claim 5, wherein the authoritative TTL acquisition module, in order to obtain an authoritative TTL for a domain name, requests the public domain name system for the domain name of the authoritative DNS server of the domain name, then requests the public domain name system for resolution of the record to be resolved to obtain the IP of the authoritative domain name server, and then requests the authoritative domain name server for resolution of the domain name to obtain the authoritative TTL value of the domain name; the sniffing module, wherein: the current sniffing time isTThen, after the current probing, for the domain nameD i Assume that the TTL of the response record returned by the caching domain name system is
Domain nameD i Is an authoritative TTL of
Then its next best sniffing timingT’Comprises the following steps:
7. the cache domain name system service scope analysis apparatus of claim 6, wherein the sniffing module comprises:
initializing a submodule: configured to set a number of sniffs for each domain name in the localized domain name dictionary; when sniffing for the first time, all domain names in the localization domain name dictionary are sniffed, and the last _ time of the first sniffed time of each domain name is recorded on a time wheel disc; all domain names are used as domain names to be processed;
the cache sniffing submodule: sniffing the cache DNS to obtain the cache TTL of the domain name;
a first processing submodule: the method comprises the following steps of configuring to execute the following operations for each domain name to be processed: summing the domain name cache TTL obtained from the cache domain name server with the last time of the domain name on the time wheel disc to obtain the minimum time min _ time allowed for sniffing of the domain name on the time wheel disc next time; adding the authority TTL value of the domain name to the minimum time allowed to be sniffed on the time wheel disc next time of the domain name to obtain the maximum time max _ time allowed to be sniffed on the time wheel disc next time of the domain name;
a first judgment sub-module: the method comprises the steps that all sniffing tasks are completed if no domain name to be processed exists on a time wheel disc;
sniff number update submodule: the method comprises the following steps of configuring to execute the following operations for each domain name to be processed: after each sniffing is finished, calculating the remaining sniffing times of the domain name, if the remaining sniffing times of the domain name are already 0, adding the task of the domain name into the time wheel disc, and the domain name is not used as the domain name to be processed any more; if the remaining sniffing times are more than 0, taking the domain name as a domain name to be processed;
a domain name to be processed acquisition submodule: configured to obtain all domain names to be processed.
8. The apparatus of claim 7, wherein the determining module is configured to count a difference between a domain name TTL value and a domain name authority TTL value of a domain name that is not cached and recorded in the cache of each cached dns server by analyzing the historical sniff result, and average the counted result, wherein the average is a preset tolerance
。
9. A cache domain name system service scope analysis system, comprising:
a processor for executing a plurality of instructions;
a memory to store a plurality of instructions;
wherein the plurality of instructions are for storage by the memory and for loading and executing by the processor the cache domain name system service scope analysis method of any of claims 1-4.
10. A computer-readable storage medium having stored therein a plurality of instructions; the plurality of instructions for loading and executing by a processor the cache domain name system service scope analysis method of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110815966.0A CN113286016B (en) | 2021-07-20 | 2021-07-20 | Method and device for analyzing service range of cache domain name system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110815966.0A CN113286016B (en) | 2021-07-20 | 2021-07-20 | Method and device for analyzing service range of cache domain name system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113286016A true CN113286016A (en) | 2021-08-20 |
| CN113286016B CN113286016B (en) | 2021-09-28 |
Family
ID=77286709
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110815966.0A Active CN113286016B (en) | 2021-07-20 | 2021-07-20 | Method and device for analyzing service range of cache domain name system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113286016B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115277636A (en) * | 2022-09-14 | 2022-11-01 | 中国科学院大学 | Method and system for analyzing extensive domain name |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102137174A (en) * | 2010-12-29 | 2011-07-27 | 华为技术有限公司 | Method for caching of domain name system, authorized domain name server and cache domain name server |
| CN105681358A (en) * | 2016-03-31 | 2016-06-15 | 北京奇虎科技有限公司 | Domain name hijacking detection method, device and system |
| US20160241508A1 (en) * | 2013-08-26 | 2016-08-18 | Jeong Hoan Seo | Domain name system (dns) and domain name service method based on user information |
| CN106331212A (en) * | 2016-08-25 | 2017-01-11 | 北京润通丰华科技有限公司 | Domain name server (DNS) cache camping-based domain name resolution method and system |
| CN106790469A (en) * | 2016-12-09 | 2017-05-31 | 中国联合网络通信集团有限公司 | A kind of buffer control method, device and system |
| CN111181868A (en) * | 2019-12-30 | 2020-05-19 | 互联网域名系统北京市工程研究中心有限公司 | Domain name heat based cache TTL dynamic change method and system |
| CN111447304A (en) * | 2020-06-17 | 2020-07-24 | 中国人民解放军国防科技大学 | Anycast node IP address enumeration method and system for anycast recursive domain name system |
| CN112040027A (en) * | 2020-09-14 | 2020-12-04 | 网易(杭州)网络有限公司 | Data processing method and device, electronic equipment and storage medium |
-
2021
- 2021-07-20 CN CN202110815966.0A patent/CN113286016B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102137174A (en) * | 2010-12-29 | 2011-07-27 | 华为技术有限公司 | Method for caching of domain name system, authorized domain name server and cache domain name server |
| US20160241508A1 (en) * | 2013-08-26 | 2016-08-18 | Jeong Hoan Seo | Domain name system (dns) and domain name service method based on user information |
| CN105681358A (en) * | 2016-03-31 | 2016-06-15 | 北京奇虎科技有限公司 | Domain name hijacking detection method, device and system |
| CN106331212A (en) * | 2016-08-25 | 2017-01-11 | 北京润通丰华科技有限公司 | Domain name server (DNS) cache camping-based domain name resolution method and system |
| CN106790469A (en) * | 2016-12-09 | 2017-05-31 | 中国联合网络通信集团有限公司 | A kind of buffer control method, device and system |
| CN111181868A (en) * | 2019-12-30 | 2020-05-19 | 互联网域名系统北京市工程研究中心有限公司 | Domain name heat based cache TTL dynamic change method and system |
| CN111447304A (en) * | 2020-06-17 | 2020-07-24 | 中国人民解放军国防科技大学 | Anycast node IP address enumeration method and system for anycast recursive domain name system |
| CN112040027A (en) * | 2020-09-14 | 2020-12-04 | 网易(杭州)网络有限公司 | Data processing method and device, electronic equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| KAZUNORI FUJIWARA,AKIRA SATO,KENICHI YOSHIDA: "Cache Effect of Shared DNS Resolver", 《2017 IEEE 41ST ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE》 * |
| 胡荣贵,许成喜,汪永益,张亮: "马尔科夫链在域名信息探测中的应用", 《计算机应用与软件》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115277636A (en) * | 2022-09-14 | 2022-11-01 | 中国科学院大学 | Method and system for analyzing extensive domain name |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113286016B (en) | 2021-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230396689A1 (en) | Methods and apparatus to determine media impressions using distributed demographic information | |
| US8909760B2 (en) | Domain popularity scoring | |
| WO2017113677A1 (en) | User behavior data processing method and system | |
| CN104468860B (en) | The recognition methods of domain name resolution server danger and device | |
| CN111885086B (en) | Malicious software heartbeat detection method, device and equipment and readable storage medium | |
| CN111159514B (en) | Method, device and equipment for detecting task effectiveness of web crawler and storage medium | |
| CN109302418B (en) | Malicious domain name detection method and device based on deep learning | |
| CN113286016B (en) | Method and device for analyzing service range of cache domain name system | |
| EP3913888A1 (en) | Detection method for malicious domain name in domain name system and detection device | |
| CN102055815A (en) | System for acquiring local domain name analyses server of caller | |
| CN107612946B (en) | IP address detection method and device and electronic equipment | |
| EP2988455A1 (en) | Domain name system traffic analysis | |
| CN108282495B (en) | DNS hijacking defense method and device | |
| CN110866611A (en) | Malicious domain name detection method based on SVM machine learning | |
| Akcan et al. | Geographic web usage estimation by monitoring dns caches | |
| Zou et al. | Detecting malware based on expired command-and-control traffic | |
| RU2775591C2 (en) | Method and system for detecting abnormal crowdsourcing label | |
| KR101548330B1 (en) | Method of detecting a plurality of terminals using effective time of internet address and apparatus thereof | |
| CN114064440A (en) | Training method of credibility analysis model, credibility analysis method and related device | |
| CN117411695A (en) | Feature recognition model training method and DNS tunnel detection method | |
| Bao | Research of matrix clustering algorithm based on web user access pattern | |
| KR20090049704A (en) | System and method for determining invalid clicks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |