CN101924776A - Method and system for domain name resolution server to resist flooding attacks of DNS (Domain Name System) request reports - Google Patents
Method and system for domain name resolution server to resist flooding attacks of DNS (Domain Name System) request reports Download PDFInfo
- Publication number
- CN101924776A CN101924776A CN2010102825640A CN201010282564A CN101924776A CN 101924776 A CN101924776 A CN 101924776A CN 2010102825640 A CN2010102825640 A CN 2010102825640A CN 201010282564 A CN201010282564 A CN 201010282564A CN 101924776 A CN101924776 A CN 101924776A
- Authority
- CN
- China
- Prior art keywords
- server
- domain name
- service
- name resolution
- cluster
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a system for a domain name resolution server to resist the flooding attack of DNS (Domain Name System) request messages, which can effectively resist the flooding attacks of the DNS request messages, protect the domain name resolution server, and ensure the normal operation of domain name resolution. In the technical scheme, the method comprises the steps of: combining a plurality of domain name resolution servers into a server cluster which shares one IP address; timely monitoring the service parameters and the cluster service availability of all the domain name resolution servers by a monitoring server, and reporting the service parameters and the cluster service availability to a control server; determining whether attacks exist or not by the control server according to the collected service parameters and cluster service availability of the domain name resolution server; if so, adjusting the domain name resolution server and notifying a refreshing server; and refreshing the domain name resolution server information cached by a public network domain name server by the refreshing server so as to ensure that the adjustment of the domain name resolution server takes effect.
Description
Technical field
The present invention relates to computer network, relate in particular to a kind of by in time adjusting, refresh domain name resolution server information and draw the method for DNS (name server, Domain Name Server) request message extensive aggression, thereby reach the purpose of resisting DNS request message extensive aggression.
Background technology
Every main frame on the Internet all has the unique IP address of one or more the whole networks, and these main frames just are to use these IP addresses to carry out transmission of Information, the telephone number in similar our daily life.Along with network application is more and more, host number in the network is also more and more, this uninteresting digital form in IP address is difficult to memory, people can't remember numerous IP addresses at all, so domain name system (DNS) just occurred, domain name system is a kind of distributed data base of the TCP/IP of being used for application program, it provides the mutual conversion between domain name and the IP address, pass through domain name system, we just can memory easy to use title find the IP address of main frame in the network, and then and network in main frame carry out communication.
Domain name system is stratified, is similar to the directory tree in the unix/linux system, and top layer is a rhizosphere, next is TLD, and getting off is second-level domain again, and the rest may be inferred.The subdomain of oneself can be managed in the territory of each level, also subdomain can be licensed to other name servers, and these are authorized to be and are responsible for carrying out the authoritative server of resolving of associated dns name is exactly domain name resolution server.The corresponding relation of domain name and IP address and time (TTL) that can buffer memory come into force by domain name resolution server setting.
The public network name server is generally provided by the network insertion merchant, is mainly used in to help the user to carry out the mutual parsing conversion of domain name and IP address.The public network name server can carry out the recursion resolution of each hierarchy domain, and the result who resolves is carried out buffer memory, in cache-time, if the request of pair same domain name is arranged, and the direct analysis result of return cache then.
The process of domain name mapping is a process of asking and replying as shown in Figure 1, and client sends the request of domain name mapping to dns server, and dns server sends to the message of response the client of request.The request and the message transmission of replying can be based on udp protocols, also can be based on Transmission Control Protocol.Do not using under the situation of DNS expansion, the data of using udp protocol to deliver can not surpass 512Byte, otherwise the data of returning will be blocked, and client uses Transmission Control Protocol to initiate again to ask automatically; Though Transmission Control Protocol can transmit big data, because the round number of times of Transmission Control Protocol is more, so the response time can be long, it is overtime to occur dns resolution easily.So everybody uses udp protocol to carry out the transmission of message basically at present.
The assailant often sends a large amount of domain name mapping requests in moment when attacking, make that the bandwidth of dns server is depleted, perhaps depletes the system resource of server, causes the normal client requests can not be serviced.If the target of attacking is a domain name resolution server, can cause problem to be exaggerated.
Summary of the invention
The objective of the invention is to address the above problem; a kind of method of resisting DNS request message extensive aggression of domain name resolution server is provided; can effectively resist DNS request message extensive aggression, the protection domain name resolution server guarantees that the parsing of domain name can normally be carried out.
Another object of the present invention is to provide a kind of system that resists DNS request message extensive aggression of domain name resolution server, resisted DNS request message extensive aggression by automatic scheduling.
Technical scheme of the present invention is: the present invention has disclosed a kind of method of resisting DNS request message extensive aggression of domain name resolution server, comprising:
Many domain name resolution servers are formed server cluster, and this server cluster is shared an IP address;
Regularly monitor the service parameter of each domain name resolution server and the availability of cluster service by monitoring server, and the availability of service parameter and cluster service is reported to Control Server;
According to the service parameter of the domain name resolution server of collecting and the availability of cluster service, whether decision-making exists attack by Control Server;
There is attack if make a strategic decision out, then carries out the adjustment of domain name resolution server, and notice refreshing service device;
By refreshing the domain name resolution server information of public network name server buffer memory, make the adjustment of domain name resolution server to come into force by the refreshing service device.
Embodiment according to the method for resisting DNS request message extensive aggression of domain name resolution server of the present invention, the service parameter of domain name resolution server comprises system resource occupancy, service response time, service request number, the service response mortality of server, and the availability of the cluster service of domain name resolution server is meant that the analysis request response time of preset proportion is less than set point.
Embodiment according to the method for resisting DNS request message extensive aggression of domain name resolution server of the present invention, whether exist in the process of attack in decision-making, the availability calculations service nargin of the system resource occupancy by server, service request number, cluster service, when service nargin is lower than a certain set point, obtain existing the result of decision of attack.
According to an embodiment of the method for resisting DNS request message extensive aggression of domain name resolution server of the present invention, the adjustment of domain name resolution server comprises:
Use standby server cluster to replace the server cluster of being attacked, if the server cluster of being attacked is returning to after the replacement below a certain threshold value, then with it as standby server cluster.
Embodiment according to the method for resisting DNS request message extensive aggression of domain name resolution server of the present invention, server cluster detects domain name resolution server unusual of cluster inside automatically, and will occur unusual domain name resolution server automatically and switch to normal domain name resolution server.
Embodiment according to the method for resisting DNS request message extensive aggression of domain name resolution server of the present invention, the refreshing service device is collected the IP address of public network name server in advance, after the refreshing service device was received refresh notification from Control Server, the IP address by the public network name server collected in advance was updated to each public network name server with the change of server cluster.
The present invention has also disclosed a kind of system that resists DNS request message extensive aggression of domain name resolution server, comprising:
The server cluster of forming by a plurality of domain name resolution servers;
Monitoring server is set up data with each domain name resolution server in the server cluster and is connected, and monitoring server comprises:
The service parameter monitoring module is monitored the service parameter of each domain name resolution server;
Cluster service availability monitor module, the availability of monitoring server cluster;
Report module, couple service parameter monitoring module and cluster service availability monitor module, the service parameter that monitors and the availability of cluster service are reported to Control Server;
Control Server is set up data with monitoring server and is connected, and Control Server comprises:
Data reception module receives the service parameter of monitoring server report and the availability of cluster service;
Decision-making module, according to the service parameter of the domain name resolution server of collecting and the availability of cluster service, whether decision-making exists attack;
Adjusting module is handled the adjustment of each domain name resolution server in the server cluster, uses standby server cluster to replace the server cluster of being attacked;
The information interaction module, notice refreshing service device when domain name resolution server takes place to adjust;
The refreshing service device is set up data with Control Server and is connected, and the refreshing service device comprises:
Refresh module by refreshing the domain name resolution server information of public network name server buffer memory, makes the adjustment of domain name resolution server to come into force.
According to an embodiment of the system that resists DNS request message extensive aggression of domain name resolution server of the present invention, the service parameter of the domain name resolution server of service parameter monitoring module monitoring comprises system resource occupancy, service response time, service request number, the service response mortality of server; The availability of the cluster service of the domain name resolution server of cluster service availability monitor module monitors is meant that the analysis request response time of preset proportion is less than set point.
Embodiment according to the system that resists DNS request message extensive aggression of domain name resolution server of the present invention, in the decision-making module of Control Server, the availability calculations service nargin of the system resource occupancy by server, service request number, cluster service, when service nargin is lower than a certain set point, obtain existing the result of decision of attack.
According to an embodiment of the system that resists DNS request message extensive aggression of domain name resolution server of the present invention, the refreshing service device also comprises:
Public network name server IP address collection module, couple refresh module, collect the IP address of public network name server in advance and offer refresh module, after refresh module was received refresh notification from Control Server, the IP address by the public network name server collected in advance was updated to the change of server cluster in each public network name server.
The present invention contrasts prior art following beneficial effect: the present invention is by allowing many domain name resolution servers form a server cluster, monitor the availability of the service parameter of each domain name resolution server and cluster service and report Control Server by a monitoring server, whether there is attack by Control Server according to these information decisions, if have attack then carry out the adjustment of name server, notify the refreshing service device simultaneously, the refreshing service device makes the adjustment of domain name resolution server to come into force by refreshing the domain name resolution server information of public network name server buffer memory.The contrast prior art, the present invention effectively resists DNS request message extensive aggression by the automatic scheduling to each domain name resolution server in the cluster.
Description of drawings
Fig. 1 is the schematic diagram of traditional domain name mapping.
Fig. 2 is the flow chart of embodiment of the method for resisting DNS request message extensive aggression of domain name resolution server of the present invention.
Fig. 3 is the schematic diagram of embodiment of the system that resists DNS request message extensive aggression of domain name resolution server of the present invention.
Embodiment
The invention will be further described below in conjunction with drawings and Examples.
The embodiment of the method for resisting DNS request message extensive aggression of domain name resolution server
Fig. 2 shows the embodiment of the method for resisting DNS request message extensive aggression of domain name resolution server of the present invention.See also Fig. 2, each step of the method for present embodiment is as described below.
Step S10: many domain name resolution servers are formed server cluster, and these domain name resolution servers in the server cluster are shared an IP address.
Can improve the service ability of server cluster like this, and this server cluster is dynamic change, can at any time a certain domain name resolution server be added in the server cluster.In addition, whether the domain name resolution server that server cluster can detect in the cluster automatically is unusual, occurs then carrying out the switching of unusual server automatically unusually as a certain domain name resolution server.
Step S11: regularly monitor the service parameter of each domain name resolution server and the availability of cluster service by monitoring server, and these information are reported to Control Server.
The service parameter of domain name resolution server comprises system resource occupancy, service response time, service request number and the service response mortality of server.The system resource occupancy comprises the occupancy that CPU, internal memory, load, disk or network connect again.Whether the availability of cluster service is meant a certain proportion of analysis request response time less than a set point, can use if the analysis request response time more than a certain ratio, then illustrates cluster service less than set point, otherwise the explanation cluster service is unavailable.
Step S12: according to the service parameter of the domain name resolution server of collecting and the availability of cluster service, whether decision-making exists attack by Control Server.If there is attack, then enter step S13, if there is no attack, then flow process finishes.
In the present embodiment, be based on the different weight of each parameter, the availability calculations service nargin of the system resource occupancy by server, service request number, cluster service, when service nargin is lower than a certain set point, obtain existing the result of decision of attack, when service nargin is higher than a certain setting, there is not the result of decision of attack.
For example, according to actual conditions the weight of these parameters such as availability of said system resources occupation rate, service request number, cluster service being set, coming calculation services nargin according to actual conditions and logic, is one of them example of account form below:
Service nargin W=100%-wr * R+wq * (Q/QALL)+wa * A, wherein W is service nargin, R is the system resource occupancy, wr is the shared weight of system resource occupancy, Q is the service request number, and QALL is the service largest request number, and wq is the weight of service request number, A is a service availability, and wa is the shared weight of service availability.
Step S13: adjust domain name resolution server, and notice refreshing service device.
The adjustment of domain name resolution server is meant: unusual condition occurs for single domain name analysis server, the processing of then reporting to the police; Occur unusually for whole server cluster, then use standby server cluster to replace the server cluster of being attacked, if the server cluster of being attacked is returning to after the replacement below a certain threshold value, then with it as standby server cluster.
Step S14: by refreshing the domain name resolution server information of public network name server buffer memory, make the adjustment of domain name resolution server to come into force by the refreshing service device.
In this step, the refreshing service device is collected the IP address of public network name server (public network DNS) in advance, after the refreshing service device received refresh notification from Control Server, the IP address by the public network name server collected in advance was updated to each public network name server with the change of server cluster.
The embodiment of the system that resists DNS request message extensive aggression of domain name resolution server
Fig. 3 shows the structure of embodiment of the system that resists DNS request message extensive aggression of domain name resolution server of the present invention.See also Fig. 3, the system of present embodiment comprises: server cluster 1, monitoring server 2, Control Server 3 and the refreshing service device 4 be made up of many domain name resolution servers 10.Each domain name resolution server 10 in monitoring server 2 and the server cluster establishes a communications link, and establishes a communications link between Control Server 3 and the monitoring server 2, establishes a communications link between refreshing service device 4 and the Control Server 3.
In monitoring server 2, be provided with three modules: service parameter monitoring module 20, cluster service availability monitor module 22 and report module 24.The service parameter of each domain name resolution server of service parameter monitoring module 20 monitoring wherein, these service parameters comprise the system resource occupancy, service response time, service request number, service response mortality of server etc.The availability of cluster service availability monitor module 22 monitoring server clusters, the availability here is meant that the analysis request response time of a certain ratio is less than set point, also be, when the analysis request response time surpasses certain proportion less than set point, illustrate that server cluster can use, otherwise the explanation server cluster is unavailable.Report module 24 and couple service parameter monitoring module 20 and cluster service availability monitor module 22, the service parameter that monitors and the availability of cluster service are reported to Control Server 3.
Be provided with four modules in the Control Server 3: data reception module 30, decision-making module 32, adjusting module 34 and information interaction module 36, these four modules are the relations that couple in regular turn.
Service nargin W=100%-wr * R+wq * (Q/QALL)+wa * A, wherein W is service nargin, R is the system resource occupancy, wr is the shared weight of system resource occupancy, Q is the service request number, and QALL is the service largest request number, and wq is the weight of service request number, A is a service availability, and wa is the shared weight of service availability.
After adjusting module 34 drew the result of decision that has attack at decision-making module 32, each domain name resolution server of handling in the server cluster was adjusted, and used standby server cluster to replace the server cluster of being attacked.And if returned to after the replacement below a certain threshold value by the server cluster attacked, then with it as standby server cluster.
The foregoing description provides to those of ordinary skills and realizes or use of the present invention; those of ordinary skills can be under the situation that does not break away from invention thought of the present invention; the foregoing description is made various modifications or variation; thereby protection scope of the present invention do not limit by the foregoing description, and should be the maximum magnitude that meets the inventive features that claims mention.
Claims (10)
1. the method for resisting DNS request message extensive aggression of a domain name resolution server comprises:
Many domain name resolution servers are formed server cluster, and this server cluster is shared an IP address;
Regularly monitor the service parameter of each domain name resolution server and the availability of cluster service by monitoring server, and the availability of service parameter and cluster service is reported to Control Server;
According to the service parameter of the domain name resolution server of collecting and the availability of cluster service, whether decision-making exists attack by Control Server;
There is attack if make a strategic decision out, then carries out the adjustment of domain name resolution server, and notice refreshing service device;
By refreshing the domain name resolution server information of public network name server buffer memory, make the adjustment of domain name resolution server to come into force by the refreshing service device.
2. the method for resisting DNS request message extensive aggression of domain name resolution server according to claim 1, it is characterized in that, the service parameter of domain name resolution server comprises system resource occupancy, service response time, service request number, the service response mortality of server, and the availability of the cluster service of domain name resolution server is meant that the analysis request response time of preset proportion is less than set point.
3. the method for resisting DNS request message extensive aggression of domain name resolution server according to claim 2, it is characterized in that, whether exist in the process of attack in decision-making, the availability calculations service nargin of the system resource occupancy by server, service request number, cluster service, when service nargin is lower than a certain set point, obtain existing the result of decision of attack.
4. the method for resisting DNS request message extensive aggression of domain name resolution server according to claim 1 is characterized in that, the adjustment of domain name resolution server comprises:
Use standby server cluster to replace the server cluster of being attacked, if the server cluster of being attacked is returning to after the replacement below a certain threshold value, then with it as standby server cluster.
5. the method for resisting DNS request message extensive aggression of domain name resolution server according to claim 1, it is characterized in that, server cluster detects domain name resolution server unusual of cluster inside automatically, and will occur unusual domain name resolution server automatically and switch to normal domain name resolution server.
6. the method for resisting DNS request message extensive aggression of domain name resolution server according to claim 1, it is characterized in that, the refreshing service device is collected the IP address of public network name server in advance, after the refreshing service device was received refresh notification from Control Server, the IP address by the public network name server collected in advance was updated to each public network name server with the change of server cluster.
7. the system that resists DNS request message extensive aggression of a domain name resolution server comprises:
The server cluster of forming by a plurality of domain name resolution servers;
Monitoring server is set up data with each domain name resolution server in the server cluster and is connected, and monitoring server comprises:
The service parameter monitoring module is monitored the service parameter of each domain name resolution server;
Cluster service availability monitor module, the availability of monitoring server cluster;
Report module, couple service parameter monitoring module and cluster service availability monitor module, the service parameter that monitors and the availability of cluster service are reported to Control Server;
Control Server is set up data with monitoring server and is connected, and Control Server comprises:
Data reception module receives the service parameter of monitoring server report and the availability of cluster service;
Decision-making module, according to the service parameter of the domain name resolution server of collecting and the availability of cluster service, whether decision-making exists attack;
Adjusting module is handled the adjustment of each domain name resolution server in the server cluster, uses standby server cluster to replace the server cluster of being attacked;
The information interaction module, notice refreshing service device when domain name resolution server takes place to adjust;
The refreshing service device is set up data with Control Server and is connected, and the refreshing service device comprises:
Refresh module by refreshing the domain name resolution server information of public network name server buffer memory, makes the adjustment of domain name resolution server to come into force.
8. the system that resists DNS request message extensive aggression of domain name resolution server according to claim 7, it is characterized in that the service parameter of the domain name resolution server of service parameter monitoring module monitoring comprises system resource occupancy, service response time, service request number, the service response mortality of server; The availability of the cluster service of the domain name resolution server of cluster service availability monitor module monitors is meant that the analysis request response time of preset proportion is less than set point.
9. the system that resists DNS request message extensive aggression of domain name resolution server according to claim 8, it is characterized in that, in the decision-making module of Control Server, the availability calculations service nargin of the system resource occupancy by server, service request number, cluster service, when service nargin is lower than a certain set point, obtain existing the result of decision of attack.
10. the system that resists DNS request message extensive aggression of domain name resolution server according to claim 7 is characterized in that, the refreshing service device also comprises:
Public network name server IP address collection module, couple refresh module, collect the IP address of public network name server in advance and offer refresh module, after refresh module was received refresh notification from Control Server, the IP address by the public network name server collected in advance was updated to the change of server cluster in each public network name server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010282564 CN101924776B (en) | 2010-09-16 | 2010-09-16 | Method and system for domain name resolution server to resist flooding attacks of DNS (Domain Name System) request reports |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010282564 CN101924776B (en) | 2010-09-16 | 2010-09-16 | Method and system for domain name resolution server to resist flooding attacks of DNS (Domain Name System) request reports |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101924776A true CN101924776A (en) | 2010-12-22 |
| CN101924776B CN101924776B (en) | 2013-09-04 |
Family
ID=43339420
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010282564 Active CN101924776B (en) | 2010-09-16 | 2010-09-16 | Method and system for domain name resolution server to resist flooding attacks of DNS (Domain Name System) request reports |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101924776B (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102404318A (en) * | 2011-10-31 | 2012-04-04 | 杭州迪普科技有限公司 | Method and device for prevention of DNS (Domain Name Server) cathe attack |
| CN103905572A (en) * | 2012-12-26 | 2014-07-02 | 中国移动通信集团公司 | Domain name resolution request processing method and device |
| CN104219200A (en) * | 2013-05-30 | 2014-12-17 | 杭州迪普科技有限公司 | Device and method for protection from DNS cache attack |
| CN104993953A (en) * | 2015-06-19 | 2015-10-21 | 北京奇虎科技有限公司 | Method for detecting network service state and device detecting network service state |
| CN105025114A (en) * | 2014-04-17 | 2015-11-04 | 中国电信股份有限公司 | Domain name resolution method and domain name resolution system |
| CN105187359A (en) * | 2014-06-17 | 2015-12-23 | 阿里巴巴集团控股有限公司 | Method and device for detecting attack client |
| CN106878254A (en) * | 2016-11-16 | 2017-06-20 | 国家数字交换系统工程技术研究中心 | Improve the method and device of DNS securities of system |
| CN107404496A (en) * | 2017-09-05 | 2017-11-28 | 成都知道创宇信息技术有限公司 | A kind of ddos attack defence and source tracing method based on HTTP DNS |
| CN108259631A (en) * | 2016-12-29 | 2018-07-06 | 腾讯科技(深圳)有限公司 | A kind of data processing method based on name service, system and relevant device |
| CN108810092A (en) * | 2018-05-17 | 2018-11-13 | Oppo广东移动通信有限公司 | Network Access Method and device, electronic equipment, computer readable storage medium |
| CN108809910A (en) * | 2017-05-04 | 2018-11-13 | 贵州白山云科技有限公司 | A kind of domain name system server dispatching method and system |
| CN108933842A (en) * | 2017-05-24 | 2018-12-04 | 贵州白山云科技有限公司 | A kind of method and device for realizing DNS dynamic IP service |
| CN108965277A (en) * | 2018-07-02 | 2018-12-07 | 杭州安恒信息技术股份有限公司 | A kind of infection host distribution monitoring method and system based on DNS |
| CN109413095A (en) * | 2018-11-29 | 2019-03-01 | 新华三大数据技术有限公司 | The method and device of defensive attack |
| CN109510809A (en) * | 2018-09-17 | 2019-03-22 | 华为技术有限公司 | Method for accessing domain name and device |
| CN109561165A (en) * | 2018-11-01 | 2019-04-02 | Oppo广东移动通信有限公司 | Domain name system configuration method and relevant apparatus |
| CN111083114A (en) * | 2019-11-19 | 2020-04-28 | 宏图智能物流股份有限公司 | Logistics warehouse network safety system and construction method |
| CN112261174A (en) * | 2020-10-21 | 2021-01-22 | 北京云联壹云技术有限公司 | Multi-cloud-fusion DNS (Domain name Server) analysis method and device |
| CN112671860A (en) * | 2020-12-15 | 2021-04-16 | 杭州溪塔科技有限公司 | Service access method, system, electronic device and medium for kubernets cluster |
| CN113852495A (en) * | 2021-09-13 | 2021-12-28 | 天翼数字生活科技有限公司 | Method for monitoring DNS server abnormity based on mass probes |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030182269A1 (en) * | 2002-03-19 | 2003-09-25 | Cheshire Stuart D. | Method and apparatus for supporting duplicate suppression when issuing multicast queries using DNS-format message packets |
| CN101282209A (en) * | 2008-05-13 | 2008-10-08 | 杭州华三通信技术有限公司 | Method and apparatus for preventing DNS request message from flooding attack |
| CN101321055A (en) * | 2008-06-28 | 2008-12-10 | 华为技术有限公司 | Attack protection method and device |
-
2010
- 2010-09-16 CN CN 201010282564 patent/CN101924776B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030182269A1 (en) * | 2002-03-19 | 2003-09-25 | Cheshire Stuart D. | Method and apparatus for supporting duplicate suppression when issuing multicast queries using DNS-format message packets |
| CN101282209A (en) * | 2008-05-13 | 2008-10-08 | 杭州华三通信技术有限公司 | Method and apparatus for preventing DNS request message from flooding attack |
| CN101321055A (en) * | 2008-06-28 | 2008-12-10 | 华为技术有限公司 | Attack protection method and device |
Cited By (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102404318B (en) * | 2011-10-31 | 2015-09-09 | 杭州迪普科技有限公司 | A kind of method and device taking precautions against DNS cache attack |
| CN102404318A (en) * | 2011-10-31 | 2012-04-04 | 杭州迪普科技有限公司 | Method and device for prevention of DNS (Domain Name Server) cathe attack |
| CN103905572A (en) * | 2012-12-26 | 2014-07-02 | 中国移动通信集团公司 | Domain name resolution request processing method and device |
| CN103905572B (en) * | 2012-12-26 | 2019-05-07 | 中国移动通信集团公司 | The processing method and processing device of domain name mapping request |
| CN104219200A (en) * | 2013-05-30 | 2014-12-17 | 杭州迪普科技有限公司 | Device and method for protection from DNS cache attack |
| CN104219200B (en) * | 2013-05-30 | 2017-10-17 | 杭州迪普科技股份有限公司 | A kind of apparatus and method for taking precautions against DNS cache attack |
| CN105025114A (en) * | 2014-04-17 | 2015-11-04 | 中国电信股份有限公司 | Domain name resolution method and domain name resolution system |
| CN105187359B (en) * | 2014-06-17 | 2018-06-08 | 阿里巴巴集团控股有限公司 | The method and apparatus of detection attack client |
| CN105187359A (en) * | 2014-06-17 | 2015-12-23 | 阿里巴巴集团控股有限公司 | Method and device for detecting attack client |
| CN104993953A (en) * | 2015-06-19 | 2015-10-21 | 北京奇虎科技有限公司 | Method for detecting network service state and device detecting network service state |
| CN106878254A (en) * | 2016-11-16 | 2017-06-20 | 国家数字交换系统工程技术研究中心 | Improve the method and device of DNS securities of system |
| CN106878254B (en) * | 2016-11-16 | 2020-09-25 | 国家数字交换系统工程技术研究中心 | Method and device for improving safety of DNS (Domain name System) |
| CN108259631A (en) * | 2016-12-29 | 2018-07-06 | 腾讯科技(深圳)有限公司 | A kind of data processing method based on name service, system and relevant device |
| CN108259631B (en) * | 2016-12-29 | 2021-06-25 | 腾讯科技(深圳)有限公司 | Data processing method and system based on name service and related equipment |
| CN108809910A (en) * | 2017-05-04 | 2018-11-13 | 贵州白山云科技有限公司 | A kind of domain name system server dispatching method and system |
| CN108809910B (en) * | 2017-05-04 | 2021-01-05 | 贵州白山云科技股份有限公司 | Domain name system server scheduling method and system |
| CN108933842A (en) * | 2017-05-24 | 2018-12-04 | 贵州白山云科技有限公司 | A kind of method and device for realizing DNS dynamic IP service |
| CN107404496A (en) * | 2017-09-05 | 2017-11-28 | 成都知道创宇信息技术有限公司 | A kind of ddos attack defence and source tracing method based on HTTP DNS |
| CN108810092A (en) * | 2018-05-17 | 2018-11-13 | Oppo广东移动通信有限公司 | Network Access Method and device, electronic equipment, computer readable storage medium |
| CN108810092B (en) * | 2018-05-17 | 2021-09-14 | Oppo广东移动通信有限公司 | Network access method and device, electronic equipment and computer readable storage medium |
| CN108965277B (en) * | 2018-07-02 | 2022-01-25 | 杭州安恒信息技术股份有限公司 | DNS (Domain name System) -based infected host distribution monitoring method and system |
| CN108965277A (en) * | 2018-07-02 | 2018-12-07 | 杭州安恒信息技术股份有限公司 | A kind of infection host distribution monitoring method and system based on DNS |
| CN109510809B (en) * | 2018-09-17 | 2020-09-08 | 华为技术有限公司 | Domain name access method and device |
| CN109510809A (en) * | 2018-09-17 | 2019-03-22 | 华为技术有限公司 | Method for accessing domain name and device |
| CN109561165A (en) * | 2018-11-01 | 2019-04-02 | Oppo广东移动通信有限公司 | Domain name system configuration method and relevant apparatus |
| CN109413095A (en) * | 2018-11-29 | 2019-03-01 | 新华三大数据技术有限公司 | The method and device of defensive attack |
| CN109413095B (en) * | 2018-11-29 | 2021-11-12 | 新华三大数据技术有限公司 | Method and device for defending attack |
| CN111083114B (en) * | 2019-11-19 | 2021-09-24 | 宏图智能物流股份有限公司 | Logistics warehouse network safety system and construction method |
| CN111083114A (en) * | 2019-11-19 | 2020-04-28 | 宏图智能物流股份有限公司 | Logistics warehouse network safety system and construction method |
| CN112261174A (en) * | 2020-10-21 | 2021-01-22 | 北京云联壹云技术有限公司 | Multi-cloud-fusion DNS (Domain name Server) analysis method and device |
| CN112671860A (en) * | 2020-12-15 | 2021-04-16 | 杭州溪塔科技有限公司 | Service access method, system, electronic device and medium for kubernets cluster |
| CN112671860B (en) * | 2020-12-15 | 2023-04-18 | 杭州溪塔科技有限公司 | Service access method, system, electronic device and medium for kubernets cluster |
| CN113852495A (en) * | 2021-09-13 | 2021-12-28 | 天翼数字生活科技有限公司 | Method for monitoring DNS server abnormity based on mass probes |
| CN113852495B (en) * | 2021-09-13 | 2024-04-30 | 天翼数字生活科技有限公司 | Method for monitoring DNS server abnormality based on mass probes |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101924776B (en) | 2013-09-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101924776B (en) | Method and system for domain name resolution server to resist flooding attacks of DNS (Domain Name System) request reports | |
| CN105407180B (en) | The information push method and device of server | |
| US20190182351A1 (en) | Route selection method and system, network acceleration node, and network acceleration system | |
| CN111385235B (en) | DDoS attack defense system and method based on dynamic transformation | |
| WO2006073804A3 (en) | Data traffic load balancing based on application layer messages | |
| CN102480469B (en) | Based on the method for the load dispatch of balancing energy and device in a kind of SIP service cluster | |
| JP5468681B2 (en) | Message interaction method based on simple network management protocol | |
| CN101409654B (en) | Method for processing SNMP information in network management system | |
| CN111510325A (en) | Alarm information pushing method, server, client and system | |
| CN101895591A (en) | Method and domain name server for increasing robustness of credible Internet domain name service | |
| CN112491961A (en) | Scheduling system and method and CDN system | |
| KR20100057885A (en) | Method and system for checking automatically connectivity status of an ip link on ip network | |
| CN103516821A (en) | Address resolution method, corresponding system, switch, and server | |
| CN113037716B (en) | Attack defense method based on content distribution network | |
| Kumar et al. | Denial of Service due to direct and indirect ARP storm attacks in LAN environment | |
| CN113326100A (en) | Cluster management method, device and equipment and computer storage medium | |
| CN112543150B (en) | Dynamic load balancing method based on server control | |
| CN113626478A (en) | Method for realizing meteorological data service calling based on multi-level cache | |
| CN101695049A (en) | Method and device for processing businesses in monitoring system | |
| CN107438098A (en) | A kind of dynamic content dispensing method and its system | |
| CN100370770C (en) | Method for implementing long connection changeover of network | |
| EP3435615B1 (en) | Network service implementation method, service controller, and communication system | |
| CN101150526B (en) | A method and server for realizing load balance service of dynamic host configuration protocol | |
| CN107547551B (en) | Message filtering method, device, equipment and storage medium | |
| CN112004161B (en) | Address resource processing method and device, terminal equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP02 | Change in the address of a patent holder |
Address after: 200030 Shanghai city Xuhui District Xietu Road No. 2899 Building 5 floor A Kuangchi Cultural Square Patentee after: ChinaNetCenter Co., Ltd. Address before: 200030 Shanghai Xietu Road No. 15 building 2669 Patentee before: ChinaNetCenter Co., Ltd. |