CN114401129B - Internet surfing behavior control method, DNS server, home gateway and storage medium - Google Patents
Internet surfing behavior control method, DNS server, home gateway and storage medium Download PDFInfo
- Publication number
- CN114401129B CN114401129B CN202210001900.2A CN202210001900A CN114401129B CN 114401129 B CN114401129 B CN 114401129B CN 202210001900 A CN202210001900 A CN 202210001900A CN 114401129 B CN114401129 B CN 114401129B
- Authority
- CN
- China
- Prior art keywords
- dns
- user terminal
- controlled
- internet surfing
- request message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000013507 mapping Methods 0.000 claims abstract description 10
- 230000006399 behavior Effects 0.000 claims description 73
- 230000004044 response Effects 0.000 claims description 59
- 238000004590 computer program Methods 0.000 claims description 15
- 238000012545 processing Methods 0.000 claims description 13
- 238000004458 analytical method Methods 0.000 claims description 8
- 238000004891 communication Methods 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000004438 eyesight Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002411 adverse Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/255—Maintenance or indexing of mapping tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application relates to a control method of internet surfing behavior, a DNS server, a home gateway and a storage medium, and relates to the technical field of communication, comprising the steps of receiving and analyzing a DNS request message sent by the home gateway to obtain a device identifier of a user terminal to be controlled and a domain name to be accessed corresponding to the device identifier; and according to the equipment identifier of the user terminal to be controlled, the domain name to be accessed and the preset internet surfing rule, if the fact that the user terminal to be controlled cannot access the domain name to be accessed is detected, the domain name to be accessed is not analyzed. According to the method and the device, the Internet surfing behavior is controlled through the DNS server far away from the user terminal and based on the mapping relation between the equipment identifier of the user terminal and the Internet surfing rule, so that Internet surfing control failure caused by restoration of factory setting of the home gateway can be avoided; the internet surfing behavior is controlled based on the internet surfing rule stored at the far end, the internet surfing rule is not required to be reconfigured on a new home gateway, and the problem that internet surfing configuration information cannot be shared and repeated configuration is required can be solved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method for controlling internet surfing behavior, a DNS server, a home gateway, and a storage medium.
Background
With the gradual improvement of the family informatization level and the demand of education informatization, the time for using the electronic product by the minors is increased; because the minors have poor self-control capability, more time is wasted on software and websites irrelevant to learning easily, and websites irrelevant to learning are accessed easily in a learning time period, the learning quality can be influenced, and adverse effects can be caused on the vision, so parents need to control surfing behaviors such as surfing time of children, website access permission and the like.
However, at the current stage, not all electronic products have perfect parental control functions, and some products may even have unlimited use. The products with parental control function often realize internet access control through the home gateway, that is, the home gateway configures internet access rules, when the user terminal sends an internet access request, the home gateway intercepts a domain name or an IP (Internet Protocol Address ) address corresponding to the internet access request, and controls access to the domain name or the IP address based on the internet access rules.
However, since the internet surfing rules are stored in the home gateways and the internet surfing behavior is controlled through the corresponding home gateways, once the user terminal is switched to a new network to surf the internet, the internet surfing rules need to be reconfigured on the new home gateways, otherwise, the internet surfing behavior cannot be controlled, and therefore, the method has the problems that internet surfing configuration information among different home gateways cannot be shared and repeated configuration is needed; in addition, the home gateway product is easy to be set to restore factory configuration, and once the home gateway is restored to factory configuration, the internet surfing rule set on the home gateway is broken, so that internet surfing behavior cannot be controlled, and internet surfing control is invalid.
Disclosure of Invention
The application provides a control method of internet surfing behavior, a DNS server, a home gateway and a storage medium, which are used for solving the problems that internet surfing configuration information cannot be shared, repeated configuration is needed and internet surfing control is easy to fail in the related technology.
In a first aspect, a method for controlling internet surfing behavior is provided, where the method for controlling internet surfing behavior is applied to a DNS server, and the method for controlling internet surfing behavior includes the following steps:
receiving and analyzing a second DNS request message sent by a home gateway to obtain a device identifier of a user terminal to be controlled and a domain name to be accessed corresponding to the device identifier;
and according to the equipment identifier of the user terminal to be controlled, the domain name to be accessed and the preset internet surfing rule, if the fact that the user terminal to be controlled cannot access the domain name to be accessed is detected, the domain name to be accessed is not resolved.
In some embodiments, after the step of not resolving the domain name to be accessed, the method further includes:
writing the analysis failure information into a DNS response message, and sending the DNS response message to a home gateway.
In some embodiments, the preset internet surfing rule includes an accessible domain name corresponding to the device identifier and an accessible period.
In a second aspect, a method for controlling internet surfing behavior is provided, where the method for controlling internet surfing behavior is applied to a home gateway, and the method for controlling internet surfing behavior includes the following steps:
acquiring a first DNS request message sent by a user terminal to be controlled, wherein the first DNS request message comprises an equipment IP address of the user terminal to be controlled;
determining the equipment identification of the user terminal to be controlled according to the equipment IP address of the user terminal to be controlled;
encoding the equipment identification of the user terminal to be controlled to a DNS extension option message;
and adding the DNS extension option message to the first DNS request message to obtain a second DNS request message, and sending the second DNS request message to a DNS server.
In some embodiments, the obtaining a first DNS request message sent by a user terminal to be controlled includes:
when capturing a first DNS request message sent by a user terminal to be controlled to a custom DNS server, carrying out redirection processing on the first DNS request message, and obtaining the first DNS request message.
In some embodiments, the determining the device identifier of the to-be-controlled user terminal according to the device IP address of the to-be-controlled user terminal includes:
and searching the equipment identifier corresponding to the user terminal to be controlled from a neighbor cache table according to the equipment IP address of the user terminal to be controlled, wherein the neighbor cache table stores the mapping relationship between the equipment IP address of the user terminal and the equipment identifier of the user terminal.
In some embodiments, the method further comprises:
when the home gateway receives a DNS response message sent by the DNS server, detecting whether a DNS extension option message is stored in the DNS response message;
if yes, deleting the DNS extension option message in the DNS response message to form a new DNS response message, and sending the new DNS response message to a user terminal to be controlled so that the user terminal to be controlled can control the internet surfing behavior based on the new DNS response message;
if not, the DNS response message is sent to the user terminal to be controlled, so that the user terminal to be controlled can control the internet surfing behavior based on the DNS response message.
In a third aspect, a DNS server is provided, the DNS server comprising: the system comprises a memory, a processor and a surfing behavior control program which is stored in the memory and can run on the processor, wherein the surfing behavior control program realizes the steps of the surfing behavior control method when being executed by the processor.
In a fourth aspect, there is provided a home gateway comprising: the system comprises a memory, a processor and a surfing behavior control program which is stored in the memory and can run on the processor, wherein the surfing behavior control program realizes the steps of the surfing behavior control method when being executed by the processor.
In a fifth aspect, a computer readable storage medium is provided, the computer storage medium storing a computer program, which when executed by a processor, implements the aforementioned method of controlling internet behavior.
The beneficial effects that technical scheme that this application provided brought include: not only can the internet configuration information be shared, but also the internet control failure can be avoided.
The application provides a control method of internet surfing behavior, a DNS server, a home gateway and a storage medium, comprising the following steps: receiving and analyzing a DNS request message sent by a home gateway to obtain a device identifier of a user terminal to be controlled and a domain name to be accessed corresponding to the device identifier; and according to the equipment identifier of the user terminal to be controlled, the domain name to be accessed and the preset internet surfing rule, if the fact that the user terminal to be controlled cannot access the domain name to be accessed is detected, the domain name to be accessed is not analyzed. According to the method and the device, the Internet surfing behavior is controlled through the DNS server far away from the user terminal and based on the mapping relation between the equipment identifier of the user terminal and the Internet surfing rule, the Internet surfing behavior is not required to be controlled through the home gateway, and the problem of Internet surfing control failure caused by restoration of the home gateway to factory setting can be avoided; the internet surfing behavior is controlled based on the internet surfing rule stored at the far end, so that the user terminal does not need to reconfigure the internet surfing rule on a new home gateway even if the user terminal is switched to a new network for surfing, and the problem that internet surfing configuration information cannot be shared and needs to be repeatedly configured can be solved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a method for controlling internet surfing behavior according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a DNS server according to an embodiment of the present application;
fig. 3 is a schematic workflow diagram of a DNS server according to an embodiment of the present application;
fig. 4 is a flow chart of another method for controlling internet surfing behavior according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a home gateway according to an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present application based on the embodiments herein.
The embodiment of the application provides a control method for surfing behavior, a DNS server, a home gateway and a storage medium, which can solve the problems that surfing configuration information cannot be shared, repeated configuration is needed and surfing control is easy to fail in the related technology.
Fig. 1 is a flowchart of a first embodiment of a method for controlling internet surfing behavior, where the method for controlling internet surfing behavior is applied to a DNS server, and the method for controlling internet surfing behavior includes the following steps:
step S10: receiving and analyzing a DNS request message sent by a home gateway to obtain a device identifier of a user terminal to be controlled and a domain name to be accessed corresponding to the device identifier; further, the equipment identifier is the MAC address of the user terminal to be controlled;
for example, from the viewpoints of protecting eyesight of a child and ensuring learning quality, a parent is required to control surfing behavior of the child, and in general, the parent controls surfing behavior of the child in the following manner: configuring a surfing rule on a home gateway, intercepting a domain name or an IP address corresponding to a surfing request through the home gateway, and controlling access to the domain name or the IP address based on the surfing rule so as to realize control of surfing behavior, wherein the inventor discovers that the method has the problems that surfing configuration information among different home gateways cannot be shared, the configuration needs to be repeated and surfing control is easy to fail; therefore, in the present application, the internet surfing behavior of the user terminal is controlled by a DNS (Domain Name System ) server provided at a remote location from the user terminal, so as to avoid the problem of failure of internet surfing control caused by restoration of the home gateway to factory settings.
When the user terminal needs to carry out network access, DNS request messages are sent to network equipment such as a home gateway, a router and the like; when the network equipment receives the DNS request message, the network equipment processes the related information of the user terminal. In this embodiment, the control of the internet surfing behavior is realized in a manner that the user terminal inputs the domain name, that is, after the domain name is resolved into the IP address by the DNS server, the browser can connect to the server, and if the DNS resolution fails, the web page corresponding to the domain name cannot be accessed.
In this embodiment, a first DNS request message sent by a user terminal to be controlled and storing an equipment IP address of the user terminal to be controlled is obtained through a home gateway, and then an equipment identifier of the user terminal to be controlled is determined according to the equipment IP address of the user terminal to be controlled; the device identifier may be a MAC address of the user terminal to be controlled, or may be determined according to actual requirements, which is not limited herein; in this embodiment, taking the device identifier as the MAC address of the user terminal to be controlled as an example, when the home gateway obtains the first DNS request packet sent by the user terminal to be controlled, because the first DNS packet request includes the device IP address of the user terminal to be controlled, the MAC address of the user terminal to be controlled can be determined according to the mapping relationship between the device IP address and the MAC address of the user terminal to be controlled; coding the MAC address into a DNS extension option message, specifically, coding the MAC address to obtain coded data, putting the coded data into an OPT (Resource Record) of DNS, and inserting the OPT into a first one of Additional Resource Record (Additional RR); and adding the OPT to the first DNS request message to form a second DNS request message, and sending the second DNS request message containing the MAC address of the user terminal to be controlled and the domain name to be accessed to a DNS server.
And when the type of the read Additional RR is an OPT record, reading and decrypting the encoded data in the OPT record, thereby obtaining the equipment identifier of the user terminal to be controlled in the DNS request message.
Step S20: and according to the equipment identifier of the user terminal to be controlled, the domain name to be accessed and the preset internet surfing rule, if the fact that the user terminal to be controlled cannot access the domain name to be accessed is detected, the domain name to be accessed is not resolved.
In this embodiment, a parent may pre-configure a plurality of internet surfing rules of a controlled user terminal through a remote control platform, and the internet surfing rules and device identifiers of the controlled user terminal have a mapping relationship, where the internet surfing rules may be stored in the remote control platform or in a DNS server, and may be determined according to actual needs, but both the two ways may store a large amount of internet surfing rule configurations, so that the problem that the number of internet surfing rule configuration entries is limited due to storing the internet surfing rules through a home gateway may be solved; the remote control platform can be an application program, can also be presented in a form of a database and a foreground, can be determined according to specific requirements, and is not limited herein. In the following embodiments, the internet surfing rule is stored in the remote control platform, and the device identifier is exemplified as a MAC address.
The internet rule may be in the form of a white list, for example, the internet rule includes an accessible domain name and an accessible period corresponding to the device identifier, or in the form of a black list, for example, the internet rule includes an inaccessible domain name and an inaccessible period corresponding to the accessible domain name corresponding to the device identifier, or in the form of a white list and a black list, for example, the internet rule includes an accessible domain name, an inaccessible domain name, an accessible period and an inaccessible period corresponding to the device identifier; the specific presentation form of the internet rule may be determined according to specific requirements, and is not limited herein.
The present embodiment is exemplified in the form of a white list: a surfing white list is set based on a time parameter, for example, a surfing rule of the controlled user terminal a (MAC address: 08:00:20:0a:8c:6d) on monday is taken as an example: time T epsilon [0:00, 8:00), any website can not be accessed, i.e. the website which can be allowed to be accessed is not available; when the time T epsilon [8:00,11:00] is in the period, only the learning website can be accessed, and the domain name of the learning website which can be accessed in the period is set; when the time T epsilon (11:00, 13:00) is the period, a news website and a learning website can be accessed, and the domain name of the learning website and the domain name of the news website which can be accessed in the period are set; when the time T epsilon [13:00, 17:00] is in the period, only the learning website can be accessed, and the domain name of the learning website which can be accessed in the period is set; when the time T epsilon (17:00, 20:00) is the period, news websites, learning websites and entertainment websites can be accessed, the domain name of the corresponding website which can be accessed in the period is set, and when the time T epsilon (20:00, 24:00) is the period, any website cannot be accessed, namely the website which can be accessed is not allowed.
Referring to fig. 2, in this embodiment, a DNS server module, a device identifier decoding module, and a device identifier query module are set for a DNS server, and based on the above three modules, data interaction with a home gateway and a remote control platform is implemented; the DNS server module is responsible for general DNS message processing, DNS record management, etc., the device identifier decoding module is responsible for decoding the pseudo resource record in the DNS request message and decoding the device identifier, and the device identifier query module is responsible for querying the remote control platform for the internet surfing rule of the device identifier through the device identifier, specifically referring to fig. 3, the workflow of the DNS server is described:
step P10: after receiving the second DNS request message, the DNS server module analyzes the second DNS request message to obtain a domain name to be accessed, and forwards the second DNS request message to the equipment identifier decoding module;
step P20: after receiving the second DNS request message, the device identifier decoding module analyzes the second DNS request message, reads and decrypts the data encoded in the OPT record when the type of the Additional RR is the OPT record, and obtains the MAC address of the user terminal to be controlled in the second DNS request message, however, it should be noted that the device identifier decoding module may not decode the device identifier into the final MAC address, for example, when Hash encoding is adopted, only a Hash value is needed, so long as the home gateway, the DNS server, and the remote control platform adopt the same encoding and decoding modes; the equipment identification decoding module sends the MAC address of the user terminal to be controlled to the equipment identification inquiring module;
step P30: when the equipment identification inquiring module receives the MAC address of the user terminal to be controlled, the MAC address and the domain name to be accessed are sent to the remote control platform, and whether the configuration for prohibiting the user terminal to be controlled corresponding to the MAC address from accessing the domain name to be accessed exists is inquired;
after receiving the MAC address, the remote control platform first determines whether an internet surfing rule for a user terminal to be controlled corresponding to the MAC address is configured, if not, it indicates that the user terminal to be controlled corresponding to the MAC address is not a controlled user terminal, then the information allowing access can be returned to the device identifier query module, and of course, the information prohibiting access can also be returned, and the information returned here can be set according to actual requirements; if so, indicating that the user terminal to be controlled corresponding to the MAC address is the controlled user terminal, further inquiring whether the MAC address allows access to the domain name to be accessed at the current moment based on the internet surfing rule, and if not, returning access prohibition information to the equipment identification inquiring module; and if the access is allowed, returning the information allowing the access to the equipment identification inquiring module.
Step P40: if the equipment identification inquiry module receives the access prohibition information, the access prohibition information is sent to the DNS server module; the DNS server module does not analyze the domain name to be accessed, writes analysis failure information into a DNS response message, and sends the DNS response message to the home gateway, and the DNS response message is required to carry a DNS expansion option message if the DNS request message carries the DNS expansion option message according to the specification of RFC (Request For Comments, solicited opinion manuscript) 6891 protocol, so that the DNS response message is required to carry the DNS expansion option message; the analysis failure information can be No Such Name or IP of a portal website to prompt that the user terminal is forbidden to surfing the Internet currently, and the analysis failure information is only an example presentation and can be set according to specific requirements;
step P50: if the equipment identification inquiry module receives the information allowing access, the equipment identification inquiry module sends the information allowing access to the DNS server module; and the DNS server module analyzes the domain name to be accessed to obtain the IP address to be accessed corresponding to the domain name to be accessed.
The process of the DNS server module for resolving the domain name to be accessed is as follows: the DNS server module firstly detects whether the domain name to be accessed exists in the local domain name record, and if so, the IP address of the domain name to be accessed is directly found from the local domain name record; if the domain name does not exist, the domain name to be accessed is possibly an illegal domain name, and the analysis failure information can be directly written into a DNS response message and the DNS response message is sent to the home gateway; of course, if the domain name does not exist, other DNS servers can be queried in a recursive query mode, the IP address corresponding to the domain name to be accessed is further resolved, then the IP address corresponding to the domain name to be accessed is written into a DNS response message, and the DNS response message is sent to the home gateway.
In this embodiment, the user terminal to be controlled determines whether to surf the internet according to the analysis result, so as to achieve the purpose of controlling the surfing behavior. Specifically, if the DNS server returns an IP address that is normally resolved, it indicates that the user terminal to be controlled may access the domain name to be accessed at this time; if analysis failure information Such as No Such Name is returned, the user terminal to be controlled is limited by the Internet surfing rule, and the user terminal to be controlled cannot access the webpage corresponding to the domain Name to be accessed.
According to the method and the device, the Internet surfing behavior is controlled through the DNS server far away from the user terminal and based on the mapping relation between the equipment identifier of the user terminal and the Internet surfing rule, the Internet surfing behavior is not required to be controlled through the home gateway, and the problem of Internet surfing control failure caused by restoration of the home gateway to factory setting can be avoided; the internet surfing behavior is controlled based on the internet surfing rule stored at the far end, so that the user terminal does not need to reconfigure the internet surfing rule on a new home gateway even if the user terminal is switched to a new network for surfing, and the problem that internet surfing configuration information cannot be shared and needs to be repeatedly configured can be solved. Meanwhile, the method and the device can be applied to institutions such as operators, enterprises or schools to control the internet surfing behaviors of staff, students and the like.
Fig. 4 is a flowchart of a second embodiment of a method for controlling internet surfing behavior, where the method for controlling internet surfing behavior is applied to a home gateway, and the method for controlling internet surfing behavior includes the following steps:
step N10: acquiring a first DNS request message sent by a user terminal to be controlled, wherein the first DNS request message comprises an equipment IP address of the user terminal to be controlled;
step N20: determining the equipment identification of the user terminal to be controlled according to the equipment IP address of the user terminal to be controlled;
step N30: encoding the equipment identification of the user terminal to be controlled into a DNS extension option message;
step N40: and adding the DNS extension option message to the first DNS request message to obtain a second DNS request message, and sending the second DNS request message to a DNS server.
Referring to fig. 5, in this embodiment, a DNS proxy module, a DNS redirection module, a neighbor cache table module, and a device identifier processing module are set for a home gateway, and based on the above four modules, data interaction with a DNS server and a user terminal is implemented, and the following is specifically described with reference to the workflow of the home gateway by combining the above four modules:
the DNS proxy module is responsible for monitoring a first DNS request message sent to the DNS server by the user terminal to be controlled, so that when the user terminal to be controlled sends the first DNS request message to the DNS server in the first embodiment, the DNS proxy module acquires the first DNS request message; however, when the user terminal to be controlled uses the custom DNS server to perform domain name resolution, the first DNS request message sent by the user terminal to be controlled will be sent to the custom DNS server (in this case, the user terminal to be controlled will bypass the parental control function and its internet surfing behavior will not be limited by the internet surfing rule), instead of being sent to the DNS server in the first embodiment, so the DNS redirection module will capture the first DNS request message sent to the custom DNS server and redirect the first DNS request message to the DNS proxy module, that is, capture and redirect the first DNS request messages that are not sent to the DNS server in the first embodiment in all the first DNS request messages sent by the user terminal to be controlled.
The device identifier may be a MAC address of the user terminal to be controlled, or may be determined according to actual requirements, which is not limited herein; in this embodiment, taking the device identifier as the MAC address of the user terminal to be controlled as an example, when the DNS proxy module obtains the first DNS request packet sent by the user terminal to be controlled, because the first DNS packet request includes the device IP address of the user terminal to be controlled, the MAC address of the user terminal to be controlled can be determined according to the mapping relationship between the device IP address and the MAC address of the user terminal to be controlled.
Furthermore, the mapping relationship between the device IP address of the user terminal and the device identifier of the user terminal may be stored by the neighbor cache table module, and a search time threshold may be set (the search time threshold may be set to 60 seconds or may be set according to the actual requirement, which is not limited herein), and if the search time exceeds the search time threshold, i.e. the search is overtime, it is indicated that the MAC address of the user terminal to be controlled may not exist in the neighbor cache table; therefore, the DNS proxy module can search the MAC address of the user terminal to be controlled in the neighbor cache table, so that the processing speed of the DNS request message is improved; however, if the neighbor cache table does not have the MAC address corresponding to the device IP address or the lookup has timed out, the DNS proxy module will again find the MAC address corresponding to the device IP address from the system neighbor table (normally, when the DNS proxy module receives the first DNS request message, it can successfully return the record to the system neighbor table by searching), and place the device IP address and the MAC address in the neighbor cache table, and reset the lookup time threshold.
After the DNS proxy module finds the MAC address of the user terminal to be controlled, the DNS proxy module sends the MAC address to the equipment identification processing module; after receiving the MAC address, the equipment identification processing module encodes the MAC address into a DNS expansion option message, specifically encodes the MAC address to obtain encoded data, and places the encoded data into an OPT of DNS, wherein the pseudo resource record does not contain any DNS data, the OPT cannot be cached, cannot be forwarded and cannot be stored in a zone file, the OPT is inserted into the first of Additional RRs, and meanwhile the number of Additional RRs is increased by 1; the encoding mode may be any one of 16-ary algorithm, hash algorithm, base64 algorithm, and the like, and is not limited herein.
The device identification processing module adds the OPT (namely DNS extension option message) to the first DNS request message to form a second DNS request message, and sends the second DNS request message to the DNS proxy module; the DNS proxy module forwards the second DNS request packet containing the MAC address of the user terminal to be controlled and the domain name to be accessed to the DNS server in the first embodiment.
In this embodiment, the identification and processing of the device identifier of the user terminal to be controlled are completed on the home gateway, so that the advantage of the pseudo resource record in the home gateway is fully utilized, and the DNS server can obtain the device identifier of the user terminal to be controlled through the pseudo resource record, thereby providing possibility for the DNS server to control the internet surfing behavior based on the mapping relationship between the device identifier of the user terminal to be controlled and the internet surfing rule.
Further, the internet surfing behavior control method further comprises the steps of: when the home gateway receives a DNS response message sent by the DNS server, detecting whether a DNS extension option message is stored in the DNS response message; if yes, deleting the DNS extension option message in the DNS response message to form a new DNS response message, and sending the new DNS response message to a user terminal to be controlled so that the user terminal to be controlled can control the internet surfing behavior based on the new DNS response message; if not, the DNS response message is sent to the user terminal to be controlled, so that the user terminal to be controlled can control the internet surfing behavior based on the DNS response message.
In this embodiment, after receiving a DNS response message sent by a DNS server, the home gateway first searches whether a DNS request message with the same xid is forwarded according to the xid of the DNS response message, and if not, the DNS response message is illegal, and at this time, the DNS response message can be directly discarded; if the DNS response message is found, the DNS response message is indicated to be the DNS response message corresponding to the DNS request message sent by the controlled user terminal, and the home gateway directly sends the DNS response message to the user terminal to be controlled according to the normal operation; however, according to the RFC6891 protocol, if the DNS request message carries a DNS extension option message, the DNS response message should also carry a DNS extension option message, so that the DNS response message received by the home gateway also carries a DNS extension option message; according to the requirements of the RFC1035 protocol, the user terminal to be controlled does not support the expansion options, namely the DNS response message received by the user terminal to be controlled cannot carry the DNS expansion option message, so that the home gateway needs to ensure that the DNS response message sent to the user terminal to be controlled does not contain the DNS expansion option message.
Therefore, when the DNS extension option message exists in the DNS response message, the home gateway of the present application needs to delete the DNS extension option message, but does not exclude the possibility that the DNS extension option message in the DNS response message is deleted by the DNS server along with development of network technology or by a custom protocol or the like.
Therefore, when the home gateway receives the DNS response message, whether the DNS response message is stored with the DNS extension option message or not can be detected, if the DNS extension option message is detected, a device identification processing module in the home gateway is responsible for deleting the DNS extension option message in the DNS response message to obtain a new DNS response message, namely deleting the pseudo resource record added before, stripping the device identification from the DNS response message, subtracting 1 from the Additional RRs, and forwarding the new DNS response message to the user terminal to be controlled by a DNS proxy module, wherein the processing of the DNS response message by the home gateway does not modify DNS records except for OPT and the Additional RRs; if the DNS extension option message is not detected, the DNS extension option message is deleted by the DNS server, and the DNS proxy module directly sends a DNS response message to the user terminal to be controlled, so that the user terminal to be controlled can control the internet behavior based on the DNS response message.
In addition, the embodiment of the application also provides a DNS server, where the DNS server includes: the system comprises a memory, a processor and a surfing behavior control program which is stored in the memory and can run on the processor, wherein the surfing behavior control program realizes the steps of the surfing behavior control method when being executed by the processor.
The specific embodiments of the DNS server in the present application are substantially the same as the embodiments of the above-described internet behavior control method, and are not described herein.
In addition, the embodiment of the application also provides a home gateway, which comprises: the system comprises a memory, a processor and a surfing behavior control program which is stored in the memory and can run on the processor, wherein the surfing behavior control program realizes the steps of the surfing behavior control method when being executed by the processor.
The specific embodiments of the home gateway are basically the same as the embodiments of the above-mentioned internet surfing behavior control method, and are not described herein.
The processor may be a CPU, but also other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field Programmable Gate Array, FPGA) or other programmable logic devices, discrete gates or transistor logic discrete hardware components, etc. A general purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like, that is a control center of a computer device, with various interfaces and lines connecting various parts of the entire computer device.
The memory may be used to store computer programs and/or modules, and the processor implements various functions of the computer device by running or executing the computer programs and/or modules stored in the memory, and invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, application programs required for at least one function (such as a video playing function, an image playing function, etc.), and the like; the storage data area may store data (such as video data, image data, etc.) created according to the use of the cellular phone, etc. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart Media Card (SMC), secure Digital (SD) Card, flash Card (Flash Card), at least one disk storage device, flash memory device, or other volatile solid state storage device.
The embodiment of the application also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements all or part of the steps of the aforementioned internet behavior control method.
The embodiments of the present application implement all or part of the above-described procedures, or may be implemented by a computer program that instructs related hardware to perform the steps of the above-described methods when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, executable files or in some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a Read-Only memory (ROM), a random access memory (Random Access memory, RAM), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the content of the computer readable medium can be appropriately increased or decreased according to the requirements of the jurisdiction's jurisdiction and the patent practice, for example, in some jurisdictions, the computer readable medium does not include electrical carrier signals and telecommunication signals according to the jurisdiction and the patent practice.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, server, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, magnetic disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
The foregoing is merely a specific embodiment of the application to enable one skilled in the art to understand or practice the application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (9)
1. The internet surfing behavior control method is characterized by being applied to a DNS server and comprises the following steps of:
receiving and analyzing a second DNS request message sent by a home gateway to obtain a device identifier of a user terminal to be controlled and a domain name to be accessed corresponding to the device identifier, wherein the second DNS request message comprises a first DNS request message and a DNS extension option message, the first DNS request message is a DNS request message received from the user terminal to be controlled through the home gateway, and the DNS extension option message comprises the device identifier of the user terminal to be controlled determined according to the first DNS request message;
and according to the equipment identifier of the user terminal to be controlled, the domain name to be accessed and the preset internet surfing rule, if the fact that the user terminal to be controlled cannot access the domain name to be accessed is detected, the domain name to be accessed is not resolved.
2. The internet behavior control method according to claim 1, further comprising, after the step of not resolving the domain name to be accessed:
writing the analysis failure information into a DNS response message, and sending the DNS response message to a home gateway.
3. The internet behavior control method according to claim 1, wherein: the preset internet surfing rule comprises an accessible domain name corresponding to the equipment identifier and an accessible period.
4. The internet surfing behavior control method is characterized by being applied to a home gateway and comprising the following steps of:
acquiring a first DNS request message sent by a user terminal to be controlled, wherein the first DNS request message comprises an equipment IP address of the user terminal to be controlled;
determining the equipment identification of the user terminal to be controlled according to the equipment IP address of the user terminal to be controlled;
encoding the equipment identification of the user terminal to be controlled to a DNS extension option message;
adding the DNS extension option message to the first DNS request message to obtain a second DNS request message, and sending the second DNS request message to a DNS server;
when the home gateway receives a DNS response message sent by the DNS server, detecting whether a DNS extension option message is stored in the DNS response message;
if yes, deleting the DNS extension option message in the DNS response message to form a new DNS response message, and sending the new DNS response message to a user terminal to be controlled so that the user terminal to be controlled can control the internet surfing behavior based on the new DNS response message;
if not, the DNS response message is sent to the user terminal to be controlled, so that the user terminal to be controlled can control the internet surfing behavior based on the DNS response message.
5. The method for controlling internet surfing behavior according to claim 4 wherein said obtaining a first DNS request message sent by a user terminal to be controlled comprises:
when capturing a first DNS request message sent by a user terminal to be controlled to a custom DNS server, carrying out redirection processing on the first DNS request message, and obtaining the first DNS request message.
6. The method for controlling internet surfing behavior according to claim 4 wherein said determining the device identification of said user terminal to be controlled according to the device IP address of said user terminal to be controlled comprises:
and searching the equipment identifier corresponding to the user terminal to be controlled from a neighbor cache table according to the equipment IP address of the user terminal to be controlled, wherein the neighbor cache table stores the mapping relationship between the equipment IP address of the user terminal and the equipment identifier of the user terminal.
7. A DNS server, wherein the DNS server comprises: a memory, a processor and a surfing behavior control program stored on the memory and executable on the processor, which when executed by the processor, implements the steps of the surfing behavior control method according to any one of claims 1 to 3.
8. A home gateway, the home gateway comprising: memory, a processor and a surfing behavior control program stored on the memory and executable on the processor, which when executed by the processor, implements the steps of the surfing behavior control method according to any one of claims 4 to 6.
9. A computer-readable storage medium, characterized by: the computer readable storage medium stores a computer program which, when executed by a processor, implements the internet behavior control method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210001900.2A CN114401129B (en) | 2022-01-04 | 2022-01-04 | Internet surfing behavior control method, DNS server, home gateway and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210001900.2A CN114401129B (en) | 2022-01-04 | 2022-01-04 | Internet surfing behavior control method, DNS server, home gateway and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114401129A CN114401129A (en) | 2022-04-26 |
| CN114401129B true CN114401129B (en) | 2024-02-13 |
Family
ID=81228310
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210001900.2A Active CN114401129B (en) | 2022-01-04 | 2022-01-04 | Internet surfing behavior control method, DNS server, home gateway and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114401129B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115051867B (en) * | 2022-06-22 | 2024-04-09 | 深信服科技股份有限公司 | Illegal external connection behavior detection method and device, electronic equipment and medium |
| CN115174248B (en) * | 2022-07-18 | 2023-08-04 | 天翼云科技有限公司 | Control method and device for network access |
| CN115442159B (en) * | 2022-11-07 | 2023-03-24 | 深圳市华曦达科技股份有限公司 | Household routing-based risk management and control method, system and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102025713A (en) * | 2010-02-09 | 2011-04-20 | 中国移动通信集团北京有限公司 | Access control method, system and DNS (Domain Name Server) server |
| CN104283895A (en) * | 2014-10-29 | 2015-01-14 | 上海斐讯数据通信技术有限公司 | Compulsive portal authentication control system and method used for wireless router |
| CN104994066A (en) * | 2015-05-22 | 2015-10-21 | 杭州华三通信技术有限公司 | Network access method and device |
| CN105704141A (en) * | 2016-03-17 | 2016-06-22 | 四川长虹电器股份有限公司 | WIFI-based advertisement push method |
| CN105763660A (en) * | 2014-12-17 | 2016-07-13 | 中兴通讯股份有限公司 | Domain name analysis method and device |
| CN106658496A (en) * | 2015-10-31 | 2017-05-10 | 东莞酷派软件技术有限公司 | WIFI access control method, related device and system |
| CN109167758A (en) * | 2018-08-07 | 2019-01-08 | 新华三技术有限公司 | A kind of message processing method and device |
| US10992678B1 (en) * | 2015-09-15 | 2021-04-27 | Sean Gilman | Internet access control and reporting system and method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006180095A (en) * | 2004-12-21 | 2006-07-06 | Matsushita Electric Ind Co Ltd | Gateway, and access control method of web server |
| US10742595B2 (en) * | 2018-04-20 | 2020-08-11 | Pulse Secure, Llc | Fully qualified domain name-based traffic control for virtual private network access control |
-
2022
- 2022-01-04 CN CN202210001900.2A patent/CN114401129B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102025713A (en) * | 2010-02-09 | 2011-04-20 | 中国移动通信集团北京有限公司 | Access control method, system and DNS (Domain Name Server) server |
| CN104283895A (en) * | 2014-10-29 | 2015-01-14 | 上海斐讯数据通信技术有限公司 | Compulsive portal authentication control system and method used for wireless router |
| CN105763660A (en) * | 2014-12-17 | 2016-07-13 | 中兴通讯股份有限公司 | Domain name analysis method and device |
| CN104994066A (en) * | 2015-05-22 | 2015-10-21 | 杭州华三通信技术有限公司 | Network access method and device |
| US10992678B1 (en) * | 2015-09-15 | 2021-04-27 | Sean Gilman | Internet access control and reporting system and method |
| CN106658496A (en) * | 2015-10-31 | 2017-05-10 | 东莞酷派软件技术有限公司 | WIFI access control method, related device and system |
| CN105704141A (en) * | 2016-03-17 | 2016-06-22 | 四川长虹电器股份有限公司 | WIFI-based advertisement push method |
| CN109167758A (en) * | 2018-08-07 | 2019-01-08 | 新华三技术有限公司 | A kind of message processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114401129A (en) | 2022-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114401129B (en) | Internet surfing behavior control method, DNS server, home gateway and storage medium | |
| US10979485B2 (en) | Mechanism for distinguishing between content to be served through first or second delivery channels | |
| WO2017129016A1 (en) | Resource access method, apparatus and system | |
| US20110022681A1 (en) | User targeting management, monitoring and enforcement | |
| US20100281146A1 (en) | Dynamic domain name service system and automatic registration method | |
| CN102783119A (en) | Access control method and system, and access terminal | |
| US20170041422A1 (en) | Method and system for retrieving a content manifest in a network | |
| CN105338126A (en) | Method and server of remote information query | |
| CN103580962A (en) | System and method for providing customization network service for home gateway user | |
| CN108270827B (en) | User location capability opening method and device | |
| CN111314301A (en) | Website access control method and device based on DNS (Domain name Server) analysis | |
| CN114465791B (en) | Method and device for establishing white list in network management equipment, storage medium and processor | |
| CN114466054A (en) | Data processing method, device, equipment and computer readable storage medium | |
| CN110708402A (en) | Accessible resource display method and device and resource access system | |
| EP3457686A1 (en) | Method and device for determining popular live broadcast video | |
| CN101751421B (en) | Anisomerous synchronization method, system and device of database in video monitoring system | |
| US20210226913A1 (en) | Enhanced domain name system (dns) server | |
| CN101788918A (en) | Method and device for managing television Widget | |
| CN105812503A (en) | Root server address update method and recursive server | |
| KR101356836B1 (en) | Method, apparatus and system for sharing information of service executed on browser | |
| WO2016180223A1 (en) | Wireless communication device management method and wireless communication device | |
| CN109151085B (en) | Method and device for sending domain name query request | |
| CN111756673A (en) | Information processing method, server, terminal equipment and storage medium | |
| CN102571757A (en) | Method and system for providing web services | |
| KR100909115B1 (en) | Network automatic login system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |