CN101488965A - Domain name filtering system and method - Google Patents
Domain name filtering system and method Download PDFInfo
- Publication number
- CN101488965A CN101488965A CNA2009100782402A CN200910078240A CN101488965A CN 101488965 A CN101488965 A CN 101488965A CN A2009100782402 A CNA2009100782402 A CN A2009100782402A CN 200910078240 A CN200910078240 A CN 200910078240A CN 101488965 A CN101488965 A CN 101488965A
- Authority
- CN
- China
- Prior art keywords
- domain name
- filtering
- filter
- blacklist
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a filtering system for domain name, comprising a domain name server for achieving the domain name filter installed with a filtering proxy sub system and a filtering centre sub system for generating the filtering directive. The sub system filter center filter based on information entered by the user in light of filter sub system status information agent for the filtering agent sub system command to generate the corresponding filter; domain filtering proxy server sub system analysis and implementation of the filter orders received, according to modify the content filter command of the domain name server configuration file, the domain name server configuration file under the name of the content filter to filter the domain name. The present invention does not require the operation of the existing domain name server to do any changes, which are easy to implement, easy to maintain the advantages of the existing domain name and server stability and performance have no effect.
Description
Technical field
The present invention relates to network safety filed, particularly a kind of domain name filtering system and method.
Background technology
Along with the fast development of the Internet, internet domain name (DNS) registration and usage quantity also rapidly increase, and 2007, China's internet domain name registration reached 1,193 ten thousand, and annual growth reaches 190.4%.Meanwhile, domain name also becomes the main tool that the hacker utilizes gradually.Utilize domain name, the hacker can implement extensive webpage flexibly, snugly and hang rogue activitys such as horse, Botnet control, phishing, for example, the hacker can utilize the security breaches of website operation system or network server, illegally obtain the control authority of the webserver, thereby distort web page contents, steal important internal data, even more serious then is to implant malicious code (being commonly called as " webpage is hung horse ") in webpage, makes that more website callers are encroached on.For effectively containment or elimination such as webpage are hung malice injurious acts such as horse, Botnet control, phishing, a kind of traditional method is to utilize IP (procotol) address that malicious act is monitored and controlled, yet, appearance and extensive use along with dynamic territory analyzing technology such as Fast-Flux, IP-based traditional control method is traced and the blocking-up difficulty that becomes more and more malicious act, even powerless.Therefore, adopt filter method based on domain name to the infringement of effective containment malicious act significant and real value.
At present, existing domain name filtering technique mainly adopts the method based on the domain name request packet.These class methods are by catching the domain name request packet, therefrom obtain the domain name that will resolve, determine the whether needs filtration of this domain name according to specified rule then.These class methods and corresponding filtration system thereof have good real-time performance, but also have certain shortcoming.In a kind of implementation method, in order to reach filter effect preferably, often need be in this locality or border name server place dispose independent filter plant.These class methods need increase a large amount of additional filtration equipment, therefore have the shortcoming of deployment cost costliness.In another kind of implementation method, can increase the domain name filtering module on this locality or border name server realizes filtering, but these class methods need be revised the software program of existing operating name server, therefore be difficult in practice implement, the follow-up maintenance cost is also very big, and has reduced the stability and the handling property of existing system.In addition, a large amount of domain name request packets need be caught and handle to above-mentioned two kinds of implementation methods in real time in filter process, the handling property of filtration system self is had higher requirement, and increased the delay of domain name request.
Summary of the invention
It is high or be used to realize that the name server maintenance cost of filtering is big, the shortcoming of poor stability to the objective of the invention is to overcome existing domain name filtering system deployment cost, thereby a kind of easy deployment, easy care, domain name filtering system that filter efficiency is high are provided.
To achieve these goals, the invention provides a kind of domain name filtering system, comprise the name server that is used to realize the domain name filtration that the filtering proxy subsystem is installed, and the filter center's subsystem that is used to generate filter command; Wherein,
Described filter center subsystem is according to the filtering information of user's input and the state information of described filtering proxy subsystem, for described filtering proxy subsystem generates corresponding filter command;
Filtering proxy sub system analysis in the domain name server is also carried out received filter command, according to the domain name configuration file in the content modification domain name server of described filter command, the domain name that the domain name server will filter according to the information filtering of domain name configuration file.
In the technique scheme, the domain name center subsystem comprises configuration module, version management module, version repository, Agent Status storehouse, incremental update module and first communication module; Wherein,
Described configuration module receives the filtering information that the user imported, and then resulting filtering information is sent to described version management module; Described version management module goes heavily to go to comprise processing to received described filtering information, then the result is saved in described version repository and sends to described incremental update module; Described incremental update module is according to filtering information of being received and the state information that is kept at the filtering proxy subsystem in the described Agent Status storehouse, for described filtering proxy subsystem generates corresponding filter command; Described filter command sends by described first communication module.
In the technique scheme, described filtering proxy subsystem comprises second communication module and filter command Executive Module; Wherein,
Described second communication module receives described filter command, and the described filter command that receives is sent to described filter command Executive Module; Described filter command Executive Module is carried out described filter command, according to the execution result of described filter command the domain name configuration file of place name server is made amendment.
In the technique scheme, described filtering information comprises the blacklist domain name of filtration parameter relevant with filter operation and the desired filtration of user.
In the technique scheme, described filtration parameter comprises and is used to represent that described filtering proxy subsystem connects the time interval parameter in the time interval of described filter center subsystem, be used for stipulating that described filtering proxy subsystem restarts the reboot time parameter in the moment of the domain name service program of this subsystem place name server, be used to represent that selecting which domain name when the registered domain name on blacklist domain name and the name server during owing to consistent clashing is the consistent collisions parameter of effective value, be used to represent that to select which domain name when conflicting be the collisions parameter that comprises of effective value when blacklist domain name and registered domain name on the name server comprise.
In the technique scheme, described blacklist domain name comprises domain-name information, and the IP address that this domain name and all subdomains thereof and host name will be resolved.
In the technique scheme, the described IP address that will resolve comprises 127.0.0.1 or other the incorrect IP address that is used to represent this machine.
In the technique scheme, the domain name server is realized the filtration that will filter domain name is comprised according to the content of domain name configuration file:
After the domain name server receives packet, packet is done domain name mapping, for the domain name that will filter is returned 127.0.0.1 or other non-correct IP addresses according to the domain name configuration file.
In the technique scheme, describedly go heavily to go to comprise operation and comprise:
The repetition domain name that described version management module is concentrated the blacklist domain name in the received filtering information is deleted;
Described version management module concentrates the domain name that whether has inclusion relation to judge to the blacklist domain name of described filtering information, deletion subdomain name wherein when existing.
In the technique scheme, the state information of described filtering proxy subsystem comprises: the Agent IP information that is used to represent described filtering proxy subsystem place name server IP, be used to represent the version number information of the version of the current filtering information of carrying out of described filtering proxy subsystem, be used to represent because the consistent Pending The Entry Into Force blacklist domain name collection that conflicts and comprise the set of the unenforced blacklist domain name that causes of conflicting.
In the technique scheme, described filter command comprises the order that is used to represent to increase operation, deletion action, renewal operation and setting operation.
The present invention also provides a kind of and has adopted described domain name filtering system to realize the method that domain name is filtered, and comprising:
Step 1), the order of described filtering proxy subsystem receiving filtration;
Step 2), described filtering proxy sub system analysis, carry out described filter command, according to the domain name configuration file in the results modification domain name server, in the domain name configuration file, be the IP address or the incorrect IP address of name server itself with the IP address configuration that will filter domain name;
Step 3), domain name server are done domain name mapping according to the domain name configuration file after receiving packet, realize the filtration to domain name.
In the technique scheme, before described step 1), also comprise:
Step 0), the user imports filtering information on described filter center subsystem, be that described filtering proxy subsystem generates filter command according to the state information of described filtering information and described filtering proxy subsystem.
In the technique scheme, described step 1) comprises:
Step 1-1), described filtering proxy subsystem is in wait state, until current time of system clock and last time the filtering proxy subsystem satisfy the time interval parameter value that sets in the filtration parameter to the time interval that filter center's subsystem is initiated the connect hours;
Step 1-2), the filtering proxy subsystem compares the reboot time parameter that sets in current time of system clock and the filtration parameter, if the current time is more than or equal to reboot time, then restart the domain name service program in the name server, making domain name filter comes into force, carry out next step then, if the current time less than reboot time, is then directly carried out next step;
Step 1-3), the filtering proxy subsystem initiates to connect to obtain up-to-date filter command to filter center's subsystem.
In the technique scheme, described filter command comprises the order that is used to represent to increase operation, deletion action, renewal operation and setting operation; In described step 2) in, described filtering proxy sub system analysis, the described filter command of execution comprise:
Step 2-1), get a undressed filter command, then the type of described filter command is judged, to being used to represent the filter command of setting operation, execution in step 2-2), to being used to represent to increase the filter command of operation, execution in step 2-3), to being used to represent the filter command of deletion action, execution in step 2-4), to being used to represent to upgrade the filter command of operation, execution in step 2-5);
Step 2-2), the filtration parameter that comprises according to being provided with in the order, the filtration parameter in the filtering proxy subsystem of place is made amendment;
Step 2-3), at first whether the blacklist domain name that is comprised in the judgement increase order can consistently with the registered domain name generation in the domain name configuration file in the name server of filtering proxy subsystem place conflict or comprise conflict, if do not clash, then in domain name configuration file, increase a domain name registration record according to this order, if there is conflict, then according to the unanimity conflict of defined in the filtration parameter or the effective value regulation when comprising conflict, judgement should be the blacklist domain name, and effectively still registered domain name is effective, when being that the blacklist domain name is when effective, in domain name configuration file, increase a domain name registration record according to increasing order, when being registered domain name when effective, generate the information of Pending The Entry Into Force blacklist domain name;
Step 2-4), in the domain name configuration file of filtering proxy subsystem place name server, search corresponding registered domain name, find the registration of this domain name of back deletion, and delete corresponding resolution file according to the domain-name information that is comprised in the delete command;
Step 2-5), according to the domain-name information that is comprised in the update command, in the domain name configuration file of filtering proxy subsystem place name server, search corresponding registered domain name, the IP address of being revised as the IP address in the resolution file of this registered domain name in the update command after finding to be comprised.
In the technique scheme, described filtering information comprises filtration parameter and blacklist domain name; Described filtration parameter comprises time interval parameter, reboot time parameter, consistent collisions parameter and comprises collisions parameter;
In described step 0) in, be that described filtering proxy subsystem generates filter command and comprises according to the state information of described filtering information and described filtering proxy subsystem:
Step 0-1), the version number in version number in the described filtering information and the described state information is compared,, need not to generate filter command,, continue subsequent operation the inconsistent situation of version number to the situation of version number's unanimity;
Step 0-2), the filtration parameter in filtration parameter in the described filtering information and the described state information is compared, to the unequal situation of filtration parameter, after generation is used to represent the filter command of setting operation according to the filtration parameter in the described filtering information, carry out next step, to the situation that filtration parameter equates, directly carry out next step;
Step 0-3), blacklist domain name collection in the described filtering information and the blacklist domain name collection in the described state information are investigated, when all blacklist domain names of the blacklist domain name collection of described filtering information all processed, and the blacklist domain name of described state information is concentrated and also to be had untreated blacklist domain name, then generates the filter command that is used for deletion action for described untreated blacklist domain name; Also there is untreated blacklist domain name when the blacklist domain name of described filtering information is concentrated, carries out next step;
Step 0-4), concentrate from the blacklist domain name of described filtering information and to select a untreated blacklist domain name, concentrate in the blacklist domain name of described state information and search this blacklist domain name, if can not find, then generate the filter command that is used to increase operation; If can find, the Pending The Entry Into Force blacklist domain name collection that then whether this domain name is belonged to state information is judged, when concentrating the IP address of corresponding blacklist domain name inconsistent with the blacklist domain name of state information when IP address that this domain name does not belong to Pending The Entry Into Force blacklist domain name collection and this domain name, generation is used to upgrade the order of operation, when this domain name belongs to Pending The Entry Into Force blacklist domain name collection, then to the pairing consistent collisions parameter of this domain name with comprise collisions parameter and judge, when one of them parameter value is the blacklist domain name, then generate the filter command that is used to increase operation.
The invention has the advantages that:
1, filtration system of the present invention is made amendment to the domain name configuration file in the name server by the filtering proxy subsystem on the name server, utilize the filtration of the domain name mapping function realization domain name of name server self then, except the software that filtering proxy subsystem independently will be installed on name server, do not need existing operating name server is made any modification, thereby have an advantage of easy enforcement, easy care, and to the stability of existing name server and performance without any influence.
2, filtration system of the present invention does not need to catch and handle the domain name request data package in filter process, so filtration system self nonexistence energy problem, can not produce extra request and postpone.
3, filtration system of the present invention is installed the mode of filtering proxy subsystem with software mode on name server, does not need to add extra hardware filtering equipment, therefore has the low advantage of lower deployment cost.
Description of drawings
Fig. 1 is the filter center's subsystem in the domain name filtering system of the present invention and the high-level schematic functional block diagram of filtering proxy subsystem;
Fig. 2 is the schematic diagram of domain name filtering system of the present invention;
Fig. 3 is the workflow diagram of the filter center's subsystem in the domain name filtering system of the present invention;
Fig. 4 is the flow chart that the filter center's subsystem in the domain name filtering system of the present invention generates filter command;
Fig. 5 is the workflow diagram of the filtering proxy subsystem in the domain name filtering system of the present invention.
Embodiment
The present invention is described in detail below in conjunction with the drawings and specific embodiments.
Domain name filtering system of the present invention comprises filter center's subsystem and the name server that has the filtering proxy subsystem.The blacklist domain name that the needs that described filter center subsystem provides according to the user filter generates corresponding filter command for each filtering proxy subsystem, and the filter command realization that the name server that has a filtering proxy subsystem is then generated according to filter center's subsystem is to the filtration of blacklist domain name.When specific implementation, filter center's subsystem realizes with the form that is installed in a software server on the computer equipment, and the filtering proxy subsystem then can be installed in by the form of agent software on other all name servers except that root name server.Because it is direct more that the name server response user domain name request of filtering proxy subsystem is installed, filter effect is good more, so a kind of preferable mounting means of filtering proxy subsystem is mounted on this locality or the border name server.In Fig. 2, provided the composition schematic diagram of domain name filtering system of the present invention.
On the basis that the general function to aforementioned domain name filtering system describes, respectively wherein filter center's subsystem and filtering proxy subsystem is described further below.
With reference to figure 1, filter center's subsystem can be further divided into configuration module, version management module, incremental update module and communication module according to function, in addition, also include the version repository that is used for stored filter information in filter center's subsystem, and the Agent Status storehouse (described version repository and Agent Status storehouse are not shown in Figure 1) that is used to store the state information of each filtering proxy subsystem.
Configuration module in filter center's subsystem is used to receive the filtering information of user's input.Described filtering information comprises filtration parameter and blacklist domain name two parts, can be expressed as<filtration parameter blacklist domain name collection〉form.
Filtration parameter in the filtering information can further be expressed as: in<the time interval, reboot time, comprises conflict at consistent the conflict 〉.Time interval parameter in the filtration parameter represents that the filtering proxy subsystem connects the time interval of filter center's subsystem, the filtering proxy subsystem can initiatively initiate to connect to filter center's subsystem every the time of this time interval defined, to obtain up-to-date filter command.The unit of time interval parameter can be minute.Reboot time parameter in the filtration parameter is used for the moment that regulation filtering proxy subsystem restarts the domain name service program of this subsystem place name server, in general, name server only after restarting the domain name service program, can carry out corresponding filter operation according to the filter command of newly receiving.Consistent collisions parameter in the filtration parameter is used to represent that selecting which domain name is effective value when the registered domain name on blacklist domain name and the name server during owing to consistent clashing.The collisions parameter that comprises in the filtration parameter is used to represent comprise when conflicting when blacklist domain name and registered domain name on the name server, and selecting which domain name is effective value.The conflict that comprises described herein is meant that one in two domain names is another subdomain or host name.
The set of the blacklist domain name that the blacklist domain name collection in the filtering information need filter for the user.A blacklist domain name can be expressed as:<domain name, the IP address 〉, its implication is for to become this IP address with this domain name and all subdomains thereof, in order to reach the purpose of filtering domain name with hostname resolution, the IP address is defaulted as the 127.0.0.1 that is used to represent this machine, also can be other incorrect IP address.
Understand for convenience, in one embodiment, suppose that the user has imported a following filtering information:
<<5,24:00, blacklist domain name, registered domain name 〉,<ccc.bbb.aaa, 127.0.0.1 〉,<zzz.yyy.xxx, 11.11.11.11 〉
In above-mentioned filtering information,<5,24:00, blacklist domain name, registered domain name〉be the filtration parameter that preamble is mentioned, 5 expressions wherein specify the connect hours of all filtering proxy subsystems to be spaced apart 5 minutes; 24:00 represents that the reboot time of the domain name service program of filtering proxy subsystem place name server is that morning is during 24:00; When consistent the conflict takes place, be effective value with the blacklist domain name; Is effective value when comprising when conflict with the registered domain name.And {<ccc.bbb.aaa, 127.0.0.1,<zzz.yyy.xxx, 11.11.11.11 then be the blacklist domain name of being mentioned in the preamble, its expression name server is 127.0.0.1 with domain name ccc.bbb.aaa and all subdomains thereof and hostname resolution, is 11.11.11.11 with domain name zzz.yyy.xxx and all subdomains thereof and hostname resolution.Ccc.bbb.aaa in the above-mentioned filtering information, zzz.yyy.xxx are schematic abstract examples, can replace with concrete domain names in actual applications, for example www.sina.com.cn, www.sohu.com etc.
The filtering information that version management module in filter center's subsystem is used for that configuration module is received is done and is heavily gone to comprise operation, stores resulting result into version repository and sends in the incremental update module.When specific implementation, after version management module receives a filtering information from configuration module, concentrate the domain name that whether has repetition to judge to the blacklist domain name of this filtering information, repeat domain name if exist, whether then deletion repeats domain name, in addition, also need to exist the domain name with inclusion relation to judge to the blacklist domain name is concentrated, if there is the domain name of this type, then delete subdomain name wherein.Version management module is after having carried out above-mentioned going and heavily going to comprise operation to filtering information, this filtering information need be stored into the version repository that is used for stored filter information, judge earlier before storage whether the filtering information that will store has been included in the version repository, if do not comprise, then, then filtering information is stored in the version repository together with version number for this filtering information generates a new version number.
With filtering information cited in the preamble is example, if ccc.bbb.aaa and zzz.yyy.xxx in the filtering information are domain name www.sina.com.cn, obviously these two domain names belong to the repetition domain name, needs one of them domain name of deletion.If the ccc.bbb.aaa in the filtering information is domain name sina.com.cn, and zzz.yyy.xxx is domain name blog.sina.com.cn, then has inclusion relation between two domain names, need deletion subdomain name blog.sina.com.cn wherein.Filtering information stores in the version repository after heavily going to comprise operation finishing, and also needs to give a version number such as 00011 before storage.
Version repository in filter center's subsystem is used to preserve all filtering informations and the pairing version number of filtering information just as mentioned before.The data format of filtering information describes in detail in preamble, therefore, no longer does being repeated in this description, but of particular note, the corresponding unique version number of a filtering information in the version repository.
Agent Status storehouse in filter center's subsystem is used to preserve the state information of each filtering proxy subsystem.The state information of filtering proxy subsystem can be expressed as:<Agent IP, version number, Pending The Entry Into Force blacklist domain name collection 〉, Agent IP is wherein represented the IP of the described filtering proxy subsystem of this state information place name server; Version number represents the version of the current filtering information of carrying out of the described filtering proxy subsystem of this state information; Pending The Entry Into Force blacklist domain name set representations is because the consistent set that conflicts and comprise the unenforced blacklist domain name cause of conflicting.In general, in a filtration system, include what filtering proxy subsystems, the state information of how many bar correspondences is just arranged in the Agent Status storehouse.
Incremental update module in filter center's subsystem is used to receive the filtering information that version management module sends, and according to the state information of each filtering proxy subsystem of being stored in the Agent Status storehouse, for each filtering proxy subsystem generates corresponding filter command.The filter command that the incremental update module is generated can adopt following formal definition: order | object | and updating value.Because the difference of each filtration treatment subsystem concrete condition, the filter command that is adopted also has diversity.The operation that filter command will be finished comprises increase, delete, upgrade, be provided with etc., therefore has following dissimilar filter command:
A, increase | domain name | the IP address.This order expression increases a blacklist domain name record, and wherein the IP address is the IP address of domain name with resolved one-tenth, is defaulted as sky;
B, deletion | domain name | the IP address.Blacklist domain name record of this order expression deletion, wherein the IP address is similarly the IP address of domain name with resolved one-tenth, is defaulted as sky;
C, renewal | domain name | the IP address.A blacklist domain name record is upgraded in this order expression, and wherein the IP address is the IP address after upgrading;
D, setting | filtration parameter | updating value.It is updating value that this order expression is provided with filtration parameter, and wherein filtration parameter comprises the time interval, reboot time, consistently conflicts, comprises parameter such as conflict.
The incremental update module is according to the state information of each filtering proxy subsystem, when generating above-mentioned dissimilar filter command, adopted the incremental update method shown in Fig. 4.With reference to figure 4, the performing step to this incremental update method describes below.Suppose that the incremental update module is R0 from the version number of the resulting filtering information of version management module, and the state information usefulness<IPi of the filtering proxy subsystem that the Agent Status storehouse is preserved, Ri, Ni〉expression, R wherein represents the version number of the employed filtering information of pairing filtration treatment subsystem, N represents Pending The Entry Into Force blacklist domain name collection, and i represents to be used to distinguish the numeral of different conditions information.Therefore the incremental update module need generate corresponding filter command for all the filtering proxy subsystems in the whole domain name filtering system, need handle one by one the state information of all filtering proxy subsystems of being preserved in the Agent Status storehouse.In the single treatment process, get a untreated state information<IPi, Ri, Ni 〉, operate accordingly according to following steps:
Step 41, the R0 of version number of received filtering information and the Ri of version number in this state information are compared, if both equate, obviously do not need to upgrade, reselecting a untreated state information from the Agent Status storehouse handles again and gets final product, if both are unequal, then from version repository, extract the specifying information of filtering information, carry out subsequent step then and do further comparison according to version number.
Step 42, in process further relatively, at first the filtration parameter in the filtering information of R0 and Ri representative is compared, if filtration parameter equates, then directly carry out subsequent step, if filtration parameter is unequal, then, generate the order that is provided with in the aforementioned filter command, and then carry out next step according to the parameter value in the filtration parameter of R0 representative.
Step 43, blacklist domain name collection in the filtering information of R0 and Ri representative is investigated, represent blacklist domain name collection among the R0 with B0, represent blacklist domain name collection among the Ri with Bi, judge whether the blacklist domain name among the B0 is all processed, if yes, then all untreated blacklist domain names among the Bi are generated delete command, reselecting a untreated state information then handles, if not, then untreated blacklist domain name among the B0 is investigated, described blacklist domain name is made as<n0, ip0 〉, n wherein represents domain name, and ip represents the pairing IP of this domain name address, and 0 is sequence number.
Step 44, in Bi, search n0, if do not find, then generate increase order (increase | n0|ip0), select a new untreated blacklist domain name to investigate then; If find, then carry out next step.
Step 45, in Bi, find n0, because n0 equates with the value of ni, therefore the blacklist domain name among the Bi can be expressed as<n0, ipi 〉, judge whether n0 belongs to Pending The Entry Into Force blacklist domain name collection Ni, if do not belong to, then when ip0 is not equal to ipi, the generation update command (upgrade | n0|ip0), and then select a new untreated blacklist domain name to investigate; If n0 belongs to Ni, judge that then filtration parameter " the consistent conflict " and filtration parameter among the R0 " comprise conflict ", if it is the blacklist domain name that a parameter value is wherein arranged, and then generation increase order (increase | n0|ip0), select a new untreated blacklist domain name to investigate again.
More than be that the incremental update module adopts the incremental update method to generate the process of corresponding filter command for each filtering proxy subsystem.Explanation can be known according to said process, if original blacklist domain name is concentrated and is only included blacklist domain name www.sina.com.cn in a filtering proxy subsystem, then the blacklist domain name collection when filtering information that the user imports includes www.sina.com.cn and www.sohu.com, then the filter command that this filtering proxy subsystem is generated needs increases order, concentrates domain name www.sohu.com is increased to the blacklist domain name.Similarly, if the blacklist domain name collection of another filtering proxy subsystem is except including domain name www.sina.com.cn, www.sohu.com, also include domain name www.google.com, and the blacklist domain name collection of the filtering information of user's input only includes www.sina.com.cn and www.sohu.com, then the filter command that this filtering proxy subsystem is generated should have delete command, so that domain name www.google.com is concentrated deletion from the blacklist domain name.
The filter command that communication module in filter center's subsystem is generated described incremental update module sends to corresponding filtering proxy subsystem.In the process that sends filter command,, need between filter center's subsystem and filtering proxy subsystem, do authentication and data encryption operation in order to guarantee safety of data transmission.Described authentication and data encryption operation can be adopted disclosed PKIX (PKI, Public Key Infrastructure) technology.In addition, but the communication module execution result that fed back of receiving filtration agent subsystem also, with the Pending The Entry Into Force blacklist domain name of this filtering proxy subsystem in the update agent state repository.
With reference to figure 1, domain filtering proxy server sub system can be further divided into communication module and filter command Executive Module according to function.Communication module wherein is used for the subsystem receiving filtration order from filter center, and feeds back the execution result of filtering proxy subsystem to filter center's subsystem; The filter command Executive Module then is used to carry out concrete filter command.
Provided the workflow of filtering proxy subsystem in Fig. 5, this flow process may further comprise the steps:
Step 51, filtering proxy subsystem are in wait state, until current time of system clock and last time the filtering proxy subsystem satisfy the time interval parameter value that sets in the filtration parameter to the time interval that filter center's subsystem is initiated the connect hours;
Step 52, filtering proxy subsystem compare the reboot time parameter that sets in current time of system clock and the filtration parameter, if the current time is more than or equal to reboot time, then restart the domain name service program in the name server, making domain name filter comes into force, carry out next step then, if the current time less than reboot time, is then directly carried out next step;
The communication module of step 53, filtering proxy subsystem is initiated to connect to obtain up-to-date filter command to filter center's subsystem, if can receive that filter command then sends to the filter command Executive Module with the filter command of being received, carry out next step then, otherwise directly do not do any operation, keep wait state;
Step 54, filter command Executive Module are resolved, are carried out received filter command, then Pending The Entry Into Force blacklist domain name are fed back to filter center's subsystem by communication module, keep wait state after aforesaid operations is finished.
In the aforesaid operations flow process, in fact comprised the content of two aspects, the one, the process of filter command is carried out in receiving filtration order after certain time interval then, and the 2nd, after arriving reboot time, restart the process of domain name service program.Owing to carry out then in the process of filter command in the receiving filtration order, need make amendment to the configuration file in the name server, therefore, if when restarting the domain name service program, configuration file just in modification process, the failure that can cause the domain name service program to restart.Based on this reason, aforementioned two processes can not be carried out simultaneously, and should make as above-mentioned operating process that two processes have temporal priority logical relation.In the aforesaid operations flow process, before receiving and carrying out filter command, at first carried out the reboot operation of domain name service program.In actual applications, the precedence relationship of these two processes is not limited to above-mentioned explanation, and those skilled in the art also can receive and carry out filter command earlier when realizing, finish the operation relevant with restarting of domain name service program again.
In aforesaid operations, described filter command Executive Module has different operations according to the difference of filter command particular type when resolving and carry out filter command.In Fig. 6, the concrete execution flow process of filter command is illustrated.As can be seen from the figure, the filter command Executive Module need be handled all received filter commands, when carrying out a undressed filter command, at first judge the type of filter command, handle respectively according to the particular type of filter command then.In aforesaid explanation, mention, filter command comprise order be set, increase order, four types of delete command and update command, so the filter command Executive Module mainly is that this filter command of four types is handled.For order was set, the filtration parameter that the filter command Executive Module comprises according to being provided with in the order was made amendment to the filtration parameter in the filtering proxy subsystem of place.For increasing order, the filter command Executive Module judges at first whether increase the blacklist domain name that is comprised in the order can take place with the registered domain name in the domain name configuration file in the name server of filtering proxy subsystem place consistently conflict or comprise conflict, if do not clash, then in domain name configuration file, increase a domain name registration record according to this order, if there is conflict, then according to the unanimity conflict of defined in the filtration parameter or the effective value regulation when comprising conflict, judgement should be the blacklist domain name, and effectively still registered domain name is effective, when being that the blacklist domain name is when effective, in domain name configuration file, increase a domain name registration record according to increasing order, when being that registered domain name is when effective, be that corresponding blacklist domain name is invalid, therefore will generate the information of unenforced blacklist domain name.For delete command, in the domain name configuration file of filtering proxy subsystem place name server, search corresponding registered domain name according to the domain-name information that is comprised in this order, find the registration of this domain name of back deletion, and delete corresponding resolution file.For update command, according to the domain-name information that is comprised in this order, in the domain name configuration file of filtering proxy subsystem place name server, search corresponding registered domain name, the IP address of being revised as the IP address in the resolution file of this registered domain name in the update command after finding to be comprised.
In an example, suppose to have one to increase order: to increase | ccc.bbb.aaa|127.0.0.1, then order when the configuration file of name server increases the domain name registration record according to this, domain name zone (zone) wherein is " ccc.bbb.aaa ", type (type) is " master ", notice (notify) is " no ", resolution file (file) is " ccc.bbb.aaa.blacklist.db ", and wherein the content of " ccc.bbb.aaa.blacklist.db " is for all resolving to domain name ccc.bbb.aaa and subdomain thereof and host name the Typical Disposition of 127.0.0.1.With the famous name server BIND that has been used widely is example, according to the content of above-mentioned increase order, should increase in its configuration file named.conf as next bar record:
zone“ccc.bbb.aaa”IN{type?master;notify?no;file“ccc.bbb.aaa.blacklist.db”;};
The typical definition form of resolution file " ccc.bbb.aaa.blacklist.db " is as follows:
@IN?SOA?dns.ccc.bbb.aaa.root.ccc.bbb.aaa.(
42;serial
3H;refresh
15M;retry
1W;expiry
1D);minimum?TTL
NS?dns.ccc.bbb.aaa.
A 127.0.0.1
* A 127.0.0.1
In another example, suppose to have a delete command: deletion | ccc.bbb.aaa|127.0.0.1, then in configuration file, search registered domain name ccc.bbb.aaa, delete this domain name registration record according to this order, and deletion resolution file " ccc.bbb.aaa.blacklist.db ".
In another example, suppose to have a update command: upgrade | ccc.bbb.aaa|11.11.11.11, then in configuration file, find registered domain name ccc.bbb.aaa, then 11.11.11.11 is revised as in the IP address in its resolution file " ccc.bbb.aaa.blacklist.db " according to this order.
From the explanation of front as can be seen, the filtering proxy subsystem that is installed on the name server has just been made corresponding modification with the domain name configuration file of name server according to filter command in whole workflow, therefore other parts that comprise software program for name server are not done any change, can not impact the stability of a system of existing name server, handling property etc.Name server is when work, behind the packet that receives external transmission, according to its normal workflow, need do domain name mapping for these packets, because in domain name configuration file, the parse addresses of blacklist domain name is defaulted as 127.0.0.1 or other non-correct IP addresses, therefore, when the user asks the blacklist domain name, name server can become this domain name mapping 127.0.0.1 or other non-correct IP addresses, make the user can't obtain the real IP address of blacklist domain name correspondence, thus normal visit can't be implemented, thus reached filter effect to the blacklist domain name.For example, suppose that the user will visit www.sina.com.cn, and being used as the blacklist domain name, this domain name is configured on the name server that this user will ask by filtration system, when the user asks, name server can resolve to 127.0.0.1 with www.sina.com.cn, makes the user can only visit this machine, and can't visit www.sina.com.cn, thus, filtration system has realized the filtration to domain name www.sina.com.cn.With need in the prior art to catch in real time and handle a large amount of domain name request packets and compare, this mode can not increase the burden of name server, can not cause the delay to domain name request yet.
It should be noted last that above embodiment is only unrestricted in order to technical scheme of the present invention to be described.Although the present invention is had been described in detail with reference to embodiment, those of ordinary skill in the art is to be understood that, technical scheme of the present invention is made amendment or is equal to replacement, do not break away from the spirit and scope of technical solution of the present invention, it all should be encompassed in the middle of the claim scope of the present invention.
Claims (16)
1, a kind of domain name filtering system is characterized in that, comprises the name server that is used to realize the domain name filtration that the filtering proxy subsystem is installed, and the filter center's subsystem that is used to generate filter command; Wherein,
Described filter center subsystem is according to the filtering information of user's input and the state information of described filtering proxy subsystem, for described filtering proxy subsystem generates corresponding filter command;
Filtering proxy sub system analysis in the domain name server is also carried out received filter command, according to the domain name configuration file in the content modification domain name server of described filter command, the domain name that the domain name server will filter according to the information filtering of domain name configuration file.
2, domain name filtering system according to claim 1 is characterized in that, the domain name center subsystem comprises configuration module, version management module, version repository, Agent Status storehouse, incremental update module and first communication module; Wherein,
Described configuration module receives the filtering information that the user imported, and then resulting filtering information is sent to described version management module; Described version management module goes heavily to go to comprise processing to received described filtering information, then the result is saved in described version repository and sends to described incremental update module; Described incremental update module is according to filtering information of being received and the state information that is kept at the filtering proxy subsystem in the described Agent Status storehouse, for described filtering proxy subsystem generates corresponding filter command; Described filter command sends by described first communication module.
3, domain name filtering system according to claim 2 is characterized in that, described filtering proxy subsystem comprises second communication module and filter command Executive Module; Wherein,
Described second communication module receives described filter command, and the described filter command that receives is sent to described filter command Executive Module; Described filter command Executive Module is carried out described filter command, according to the execution result of described filter command the domain name configuration file of place name server is made amendment.
4, domain name filtering system according to claim 1 is characterized in that, described filtering information comprises the blacklist domain name of filtration parameter relevant with filter operation and the desired filtration of user.
5, domain name filtering system according to claim 4, it is characterized in that described filtration parameter comprises and is used to represent that described filtering proxy subsystem connects the time interval parameter in the time interval of described filter center subsystem, be used for stipulating that described filtering proxy subsystem restarts the reboot time parameter in the moment of the domain name service program of this subsystem place name server, be used to represent that selecting which domain name when the registered domain name on blacklist domain name and the name server during owing to consistent clashing is the consistent collisions parameter of effective value, be used to represent that to select which domain name when conflicting be the collisions parameter that comprises of effective value when blacklist domain name and registered domain name on the name server comprise.
6, domain name filtering system according to claim 4 is characterized in that, described blacklist domain name comprises domain-name information, and the IP address that this domain name and all subdomains thereof and host name will be resolved.
7, domain name filtering system according to claim 6 is characterized in that, the described IP address that will resolve comprises 127.0.0.1 or other the incorrect IP address that is used to represent this machine.
8, domain name filtering system according to claim 7 is characterized in that, the domain name server is realized the filtration that will filter domain name is comprised according to the content of domain name configuration file:
After the domain name server receives packet, packet is done domain name mapping, for the domain name that will filter is returned 127.0.0.1 or other non-correct IP addresses according to the domain name configuration file.
9, domain name filtering system according to claim 2 is characterized in that, describedly goes heavily to go to comprise operation and comprises:
The repetition domain name that described version management module is concentrated the blacklist domain name in the received filtering information is deleted;
Described version management module concentrates the domain name that whether has inclusion relation to judge to the blacklist domain name of described filtering information, deletion subdomain name wherein when existing.
10, domain name filtering system according to claim 3, it is characterized in that, the state information of described filtering proxy subsystem comprises: the Agent IP information that is used to represent described filtering proxy subsystem place name server IP, be used to represent the version number information of the version of the current filtering information of carrying out of described filtering proxy subsystem, be used to represent because the consistent Pending The Entry Into Force blacklist domain name collection that conflicts and comprise the set of the unenforced blacklist domain name that causes of conflicting.
11, domain name filtering system according to claim 10 is characterized in that, described filter command comprises the order that is used to represent to increase operation, deletion action, renewal operation and setting operation.
12, a kind of described domain name filtering system of one of claim 1-11 that adopts is realized the method that domain name is filtered, and comprising:
Step 1), the order of described filtering proxy subsystem receiving filtration;
Step 2), described filtering proxy sub system analysis, carry out described filter command, according to the domain name configuration file in the results modification domain name server, in the domain name configuration file, be the IP address or the incorrect IP address of name server itself with the IP address configuration that will filter domain name;
Step 3), domain name server are done domain name mapping according to the domain name configuration file after receiving packet, realize the filtration to domain name.
13, domain name filter method according to claim 12 is characterized in that, before described step 1), also comprises:
Step 0), the user imports filtering information on described filter center subsystem, be that described filtering proxy subsystem generates filter command according to the state information of described filtering information and described filtering proxy subsystem.
14, according to claim 12 or 13 described domain name filter methods, it is characterized in that described step 1) comprises:
Step 1-1), described filtering proxy subsystem is in wait state, until current time of system clock and last time the filtering proxy subsystem satisfy the time interval parameter value that sets in the filtration parameter to the time interval that filter center's subsystem is initiated the connect hours;
Step 1-2), the filtering proxy subsystem compares the reboot time parameter that sets in current time of system clock and the filtration parameter, if the current time is more than or equal to reboot time, then restart the domain name service program in the name server, making domain name filter comes into force, carry out next step then, if the current time less than reboot time, is then directly carried out next step;
Step 1-3), the filtering proxy subsystem initiates to connect to obtain up-to-date filter command to filter center's subsystem.
15, according to claim 12 or 13 described domain name filter methods, it is characterized in that described filter command comprises the order that is used to represent to increase operation, deletion action, renewal operation and setting operation; In described step 2) in, described filtering proxy sub system analysis, the described filter command of execution comprise:
Step 2-1), get a undressed filter command, then the type of described filter command is judged, to being used to represent the filter command of setting operation, execution in step 2-2), to being used to represent to increase the filter command of operation, execution in step 2-3), to being used to represent the filter command of deletion action, execution in step 2-4), to being used to represent to upgrade the filter command of operation, execution in step 2-5);
Step 2-2), the filtration parameter that comprises according to being provided with in the order, the filtration parameter in the filtering proxy subsystem of place is made amendment;
Step 2-3), at first whether the blacklist domain name that is comprised in the judgement increase order can consistently with the registered domain name generation in the domain name configuration file in the name server of filtering proxy subsystem place conflict or comprise conflict, if do not clash, then in domain name configuration file, increase a domain name registration record according to this order, if there is conflict, then according to the unanimity conflict of defined in the filtration parameter or the effective value regulation when comprising conflict, judgement should be the blacklist domain name, and effectively still registered domain name is effective, when being that the blacklist domain name is when effective, in domain name configuration file, increase a domain name registration record according to increasing order, when being registered domain name when effective, generate the information of Pending The Entry Into Force blacklist domain name;
Step 2-4), in the domain name configuration file of filtering proxy subsystem place name server, search corresponding registered domain name, find the registration of this domain name of back deletion, and delete corresponding resolution file according to the domain-name information that is comprised in the delete command;
Step 2-5), according to the domain-name information that is comprised in the update command, in the domain name configuration file of filtering proxy subsystem place name server, search corresponding registered domain name, the IP address of being revised as the IP address in the resolution file of this registered domain name in the update command after finding to be comprised.
16, domain name filter method according to claim 13 is characterized in that, described filtering information comprises filtration parameter and blacklist domain name; Described filtration parameter comprises time interval parameter, reboot time parameter, consistent collisions parameter and comprises collisions parameter;
In described step 0) in, be that described filtering proxy subsystem generates filter command and comprises according to the state information of described filtering information and described filtering proxy subsystem:
Step 0-1), the version number in version number in the described filtering information and the described state information is compared,, need not to generate filter command,, continue subsequent operation the inconsistent situation of version number to the situation of version number's unanimity;
Step 0-2), the filtration parameter in filtration parameter in the described filtering information and the described state information is compared, to the unequal situation of filtration parameter, after generation is used to represent the filter command of setting operation according to the filtration parameter in the described filtering information, carry out next step, to the situation that filtration parameter equates, directly carry out next step;
Step 0-3), blacklist domain name collection in the described filtering information and the blacklist domain name collection in the described state information are investigated, when all blacklist domain names of the blacklist domain name collection of described filtering information all processed, and the blacklist domain name of described state information is concentrated and also to be had untreated blacklist domain name, then generates the filter command that is used for deletion action for described untreated blacklist domain name; Also there is untreated blacklist domain name when the blacklist domain name of described filtering information is concentrated, carries out next step;
Step 0-4), concentrate from the blacklist domain name of described filtering information and to select a untreated blacklist domain name, concentrate in the blacklist domain name of described state information and search this blacklist domain name, if can not find, then generate the filter command that is used to increase operation; If can find, the Pending The Entry Into Force blacklist domain name collection that then whether this domain name is belonged to state information is judged, when concentrating the IP address of corresponding blacklist domain name inconsistent with the blacklist domain name of state information when IP address that this domain name does not belong to Pending The Entry Into Force blacklist domain name collection and this domain name, generation is used to upgrade the order of operation, when this domain name belongs to Pending The Entry Into Force blacklist domain name collection, then to the pairing consistent collisions parameter of this domain name with comprise collisions parameter and judge, when one of them parameter value is the blacklist domain name, then generate the filter command that is used to increase operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100782402A CN101488965B (en) | 2009-02-23 | 2009-02-23 | Domain name filtering system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100782402A CN101488965B (en) | 2009-02-23 | 2009-02-23 | Domain name filtering system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101488965A true CN101488965A (en) | 2009-07-22 |
| CN101488965B CN101488965B (en) | 2012-02-15 |
Family
ID=40891640
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100782402A Expired - Fee Related CN101488965B (en) | 2009-02-23 | 2009-02-23 | Domain name filtering system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101488965B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101986642A (en) * | 2010-10-18 | 2011-03-16 | 中国科学院计算技术研究所 | Detection system and method of Domain Flux data stream |
| CN103023864A (en) * | 2011-09-28 | 2013-04-03 | 中国移动通信集团公司 | Method and device for blocking domain |
| CN103152442A (en) * | 2013-01-31 | 2013-06-12 | 中国科学院计算机网络信息中心 | Detection and processing method and system for botnet domain names |
| CN104301311A (en) * | 2014-09-28 | 2015-01-21 | 北京奇虎科技有限公司 | Method and device for filtering network data content through DNS |
| CN104768076A (en) * | 2014-01-06 | 2015-07-08 | 腾讯科技(北京)有限公司 | Video playing method and device |
| CN106411965A (en) * | 2016-12-22 | 2017-02-15 | 北京知道创宇信息技术有限公司 | Method for determining network server providing counterfeit service, equipment and calculating equipment thereof |
| WO2017113082A1 (en) * | 2015-12-29 | 2017-07-06 | Thomson Licensing | Url filtering method and device |
| CN108334337A (en) * | 2018-01-30 | 2018-07-27 | 江苏华存电子科技有限公司 | Low latency instruction scheduler containing automatic management function and filtering conjecture access method |
| JP2019507994A (en) * | 2016-03-09 | 2019-03-22 | ダイナミック・ネットワーク・サービシーズ・インコーポレイテッドDynamic Network Services, Inc. | Method and apparatus for intelligent domain name system transfer |
| CN110099117A (en) * | 2019-05-05 | 2019-08-06 | 中国互联网络信息中心 | A kind of method and apparatus that multi version dns zone file full dose issues |
| CN112272245A (en) * | 2020-10-22 | 2021-01-26 | 广州大学 | Lightweight domain name system data generation system and method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127649B (en) * | 2007-09-30 | 2010-12-08 | 成都市华为赛门铁克科技有限公司 | A method and system for preventing from network attacks |
| CN101321055A (en) * | 2008-06-28 | 2008-12-10 | 华为技术有限公司 | Attack protection method and device |
-
2009
- 2009-02-23 CN CN2009100782402A patent/CN101488965B/en not_active Expired - Fee Related
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101986642B (en) * | 2010-10-18 | 2012-12-26 | 中国科学院计算技术研究所 | Detection system and method of Domain Flux data stream |
| CN101986642A (en) * | 2010-10-18 | 2011-03-16 | 中国科学院计算技术研究所 | Detection system and method of Domain Flux data stream |
| CN103023864A (en) * | 2011-09-28 | 2013-04-03 | 中国移动通信集团公司 | Method and device for blocking domain |
| CN103023864B (en) * | 2011-09-28 | 2015-07-29 | 中国移动通信集团公司 | A kind of domain name method for blocking and equipment |
| CN103152442A (en) * | 2013-01-31 | 2013-06-12 | 中国科学院计算机网络信息中心 | Detection and processing method and system for botnet domain names |
| CN103152442B (en) * | 2013-01-31 | 2016-06-01 | 中国科学院计算机网络信息中心 | A kind of detection and treatment method of corpse domain names and system |
| CN104768076A (en) * | 2014-01-06 | 2015-07-08 | 腾讯科技(北京)有限公司 | Video playing method and device |
| CN104301311B (en) * | 2014-09-28 | 2018-01-23 | 北京奇虎科技有限公司 | The method and apparatus of DNS screen data contents |
| CN104301311A (en) * | 2014-09-28 | 2015-01-21 | 北京奇虎科技有限公司 | Method and device for filtering network data content through DNS |
| WO2017113082A1 (en) * | 2015-12-29 | 2017-07-06 | Thomson Licensing | Url filtering method and device |
| JP2019507994A (en) * | 2016-03-09 | 2019-03-22 | ダイナミック・ネットワーク・サービシーズ・インコーポレイテッドDynamic Network Services, Inc. | Method and apparatus for intelligent domain name system transfer |
| CN106411965A (en) * | 2016-12-22 | 2017-02-15 | 北京知道创宇信息技术有限公司 | Method for determining network server providing counterfeit service, equipment and calculating equipment thereof |
| CN106411965B (en) * | 2016-12-22 | 2019-05-03 | 北京知道创宇信息技术有限公司 | It determines the method that the network server of counterfeit service is provided, equipment and calculates equipment |
| CN108334337A (en) * | 2018-01-30 | 2018-07-27 | 江苏华存电子科技有限公司 | Low latency instruction scheduler containing automatic management function and filtering conjecture access method |
| CN110099117A (en) * | 2019-05-05 | 2019-08-06 | 中国互联网络信息中心 | A kind of method and apparatus that multi version dns zone file full dose issues |
| CN110099117B (en) * | 2019-05-05 | 2021-10-22 | 中国互联网络信息中心 | Method and device for issuing full amount of multi-version DNS zone files |
| CN112272245A (en) * | 2020-10-22 | 2021-01-26 | 广州大学 | Lightweight domain name system data generation system and method |
| CN112272245B (en) * | 2020-10-22 | 2022-11-01 | 广州大学 | Lightweight domain name system data generation system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101488965B (en) | 2012-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101488965B (en) | Domain name filtering system and method | |
| CN102025713B (en) | Access control method, system and DNS (Domain Name Server) server | |
| CN103607385B (en) | Method and apparatus for security detection based on browser | |
| CN112272158A (en) | Data proxy method, system and proxy server | |
| CN102469167B (en) | Domain name query implementing method and system | |
| CN109067930B (en) | Domain name access method, domain name resolution method, server, terminal and storage medium | |
| CN109933701B (en) | Microblog data acquisition method based on multi-strategy fusion | |
| US20070180090A1 (en) | Dns traffic switch | |
| WO2013143403A1 (en) | Method and system for accessing website | |
| CN103905572B (en) | The processing method and processing device of domain name mapping request | |
| CN105554179B (en) | Dns resolution method, system in local area network | |
| CN112600868B (en) | Domain name resolution method, domain name resolution device and electronic equipment | |
| CN102624750B (en) | Resist the method and system that DNS recurrence is attacked | |
| US8935430B2 (en) | Secondary service updates into DNS system | |
| CN106470251B (en) | Domain name resolution method and virtual DNS authoritative server | |
| WO2016040379A1 (en) | Client/server polymorphism using polymorphic hooks | |
| CN110430188B (en) | Rapid URL filtering method and device | |
| JP2006331044A (en) | Single sign-on achievement method | |
| CN113014687B (en) | DNS iterative query method, DNS server, system and computer readable storage medium | |
| CN104754066A (en) | Message processing method and message processing equipment | |
| CN109634753B (en) | Data processing method, device, terminal and storage medium for switching browser kernels | |
| CN105245631A (en) | Method and system for optimizing DNS (Domain Name Server) root service access | |
| CN104079683A (en) | Domain name resolution method and system authorizing direct response of domain name server | |
| CN111711556B (en) | Routing method, device, system, equipment and storage medium of virtual private network | |
| US10171415B2 (en) | Characterization of domain names based on changes of authoritative name servers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120215 Termination date: 20190223 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |