CN102624716A - P - Google Patents
P Download PDFInfo
- Publication number
- CN102624716A CN102624716A CN201210051749XA CN201210051749A CN102624716A CN 102624716 A CN102624716 A CN 102624716A CN 201210051749X A CN201210051749X A CN 201210051749XA CN 201210051749 A CN201210051749 A CN 201210051749A CN 102624716 A CN102624716 A CN 102624716A
- Authority
- CN
- China
- Prior art keywords
- denial
- service attack
- dns server
- dns
- buffer memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a prevention method and a prevention device for domain name system (DNS) denial of service. The prevention method for the DNS denial of service includes detecting a denial of service detection step and a denial of service prevention step when the DNS server is in a denial of service state, wherein the prevention of the denial of service is achieved through a cache curing function in the denial of service prevention step. A DNS denial of service prevention device comprises a denial of service detection module for detecting whether the DNS server is in the denial of service state and a denial of service prevention module for preventing denial of service, wherein the denial of service prevention module achieves the prevention of the denial of service through activating the inner cache curing function. According to the prevention method and a prevention device for the DNS denial of service, when the DNS server is in a denial of service state, the resource waste of a recursive parser of the DNS server is substantially reduced, and the resolution success rate of common domain names is improved.
Description
Technical field
The present invention relates to the defence field of Denial of Service attack, relate in particular to a kind of defence method and device of DNS Denial of Service attack.
Background technology
DNS (Domain Name System) is a distributed data base system that is used for management host name and address information mapping; Domain name that it will be convenient to remember and IP address are mapped; Make people's access internet easily, support for numerous network applications provide essence.
The reliable and stable of DNS service is the assurance that the Internet runs well, and can influence normal domain name mapping to the attack of dns server, seriously influences thereby whole the Internet caused.Attack to dns server mainly contains Denial of Service attack, and this type attack has the characteristics of forging source IP address, randomization IP packet TTL (Time-to-live), randomization request domain name usually.Wherein randomization request domain name is particularly remarkable to the threat of dns server.When dns server receives the inquiry of the domain name request, when its nslookup or query type did not exist in the buffer memory of this server, this server was sent to authorization server to obtain required resource record with domain name request.And a large amount of random domain names that Denial of Service attack produces with making the recursive solution parser resource exhaustion of dns server, thereby make normal domain name request can't obtain recursion resolution.How the defence of effective Denial of Service attack is provided for dns server, becomes the technical barrier of whole world DNS systems face.
Summary of the invention
Because the above-mentioned defective of prior art; Technical problem to be solved by this invention provides a kind of power that resolves to that when dns server receives Denial of Service attack, can improve domain name commonly used; Reduce Denial of Service attack to the normal influence of resolving of dns server, strengthen the defence method and the device of the DNS Denial of Service attack of DNS reliability of service.
For realizing above-mentioned purpose, the invention provides a kind of defence method of DNS Denial of Service attack, it comprises the steps:
Step 1 detects dns server and whether is in the state that receives Denial of Service attack, if detecting said dns server is in the state that receives Denial of Service attack, then sends the signal that starts refusal service attack defending and gives said dns server; If detecting said dns server is not to be in the state that receives Denial of Service attack, then sends the signal of closing said refusal service attack defending and give said dns server;
After step 2, said dns server receive said startup or close the signal of refusal service attack defending, start or close said refusal service attack defending step and defend or stop to defend said Denial of Service attack.
Further; Whether the said detection dns server in the said step 1 is in that to receive the Denial of Service attack state be the DNS query requests amount that receives through dns server, the operating position and the dns server CPU processor operating position of the network bandwidth, and the DNS query requests amount that perhaps receives through dns server and the operating position of dns server recursive solution parser carry out that Denial of Service attack detects.
Further; Said startup refusal service attack defending step is to solidify the function realization through the buffer memory that activates in the said dns server; Said buffer memory solidifies function is said resource record not to be deleted from buffer memory when expired through the TTL of the resource record in the buffer memory of said dns server, realizes in the buffer memory and continue said resource record is retained in.
Further; The said refusal service attack defending step of closing is to solidify function and realize through closing buffer memory in the said dns server, and closing said buffer memory, to solidify function be said resource record to be deleted when expired through the TTL of the resource record in the buffer memory of said dns server to realize from buffer memory.
For realizing above-mentioned purpose; The present invention also provides a kind of defence installation of DNS Denial of Service attack; Comprise and interconnectively be used to detect dns server and whether be in the Denial of Service attack detection module of the state that receives Denial of Service attack and the refusal service attack defending module that is used to defend said Denial of Service attack; Wherein the refusal service attack defending module also is connected in the buffer memory of said dns server, thereby so that the defence that realizes Denial of Service attack controlled in stored resource record in the buffer memory of said dns server.
Further; Said Denial of Service attack detection module is the DNS query requests amount that receives through dns server, the operating position and the CPU processor operating position of the network bandwidth, and the DNS query requests amount that perhaps receives through dns server and the operating position of dns server recursive solution parser carry out that Denial of Service attack detects.
Further; Said refusal service attack defending module is to realize thereby refusal service attack defending is carried out in the control of institute's stored resource record in the buffer memory of said dns server through activating buffer memory curing function; Said buffer memory solidifies function not to be deleted said resource record when expired through the TTL of the resource record in the buffer memory of said dns server from buffer memory, and continues to use this resource record to realize.
Further; Thereby said refusal service attack defending module is to solidify function and discharge control to institute's stored resource record in the buffer memory of said dns server and stop refusal service attack defending through closing said buffer memory, and closing said buffer memory, to solidify function be said resource record to be deleted when expired through the TTL of the resource record in the buffer memory of said dns server to realize from buffer memory.
Alternatively, said Denial of Service attack detection module is built in the said dns server.
Alternatively, said Denial of Service attack detection module is arranged at the outside of said dns server.
Beneficial effect of the present invention is: through to the DNS query requests amount of dns server, the operating position of the network bandwidth and the operating position of CPU processor; The detection of the DNS query requests amount that perhaps receives through dns server and the operating position of dns server recursive solution parser judges whether dns server receives Denial of Service attack; And when dns server receives Denial of Service attack through the buffer memory of control dns server, the resource record in the buffer memory do not deleted it when its TTL is expired carry out the defence of Denial of Service attack from the buffer memory of dns server.Utilize the defence method and the device of DNS Denial of Service attack of the present invention; When dns server receives Denial of Service attack; The resource record of domain name commonly used does not continue on for the parsing of domain name commonly used from the buffer memory deletion of dns server when its TTL is expired; Thereby avoided to the request of these domain names commonly used can't from the buffer memory of dns server, obtain and must with the limited recursive solution parser resource of puppet request competition of a large amount of Denial of Service attack; Improve the power that resolves to of domain name commonly used significantly, reduce Denial of Service attack, strengthen the DNS reliability of service the normal influence of resolving of dns server.
Below will combine accompanying drawing that the technique effect of design of the present invention, concrete structure and generation is described further, to understand the object of the invention, characteristic and effect fully.
Description of drawings
Fig. 1 is the flow chart of the defence method of DNS Denial of Service attack of the present invention;
Fig. 2 is the process chart that the dns server under the usual condition writes down institute's stored resource in its buffer memory;
Fig. 3 be in the defence method of DNS Denial of Service attack of the present invention dns server to the process chart of institute's stored resource record in its buffer memory.
Fig. 4 is the structural representation of first embodiment of the defence installation of DNS Denial of Service attack of the present invention;
Fig. 5 is the structural representation of second embodiment of the defence installation of DNS Denial of Service attack of the present invention;
Embodiment
Specify embodiments of the invention below in conjunction with accompanying drawing.
As shown in Figure 1, a kind of defence method of DNS Denial of Service attack comprises that the server Denial of Service attack detects step and refusal service attack defending step.At first; Start Denial of Service attack and detect step; Detect dns server and whether be in the state that receives Denial of Service attack,, then send the signal that starts refusal service attack defending and give said dns server if detecting said dns server is in the state that receives Denial of Service attack; If detecting said dns server is not to be in the state that receives Denial of Service attack, then sends the signal of closing refusal service attack defending and give said dns server.After said dns server receives said startup or closes the signal of refusal service attack defending, activate or close buffer memory and solidify function and defend or stop to defend said Denial of Service attack.
Detect in the step at above-mentioned Denial of Service attack; Detect dns server and whether be in that to receive the Denial of Service attack state be the DNS query requests amount that receives through dns server, the operating position and the dns server CPU processor operating position of the network bandwidth, the DNS query requests amount that perhaps receives through dns server and the operating position of dns server recursive solution parser detect.Because the Denial of Service attack to dns server can send a large amount of forgery DNS inquiry of the domain name requests to dns server usually; Cause increasing unusually of DNS query requests amount; And occupy the unusual network bandwidth; And cause use resource exhaustion or the resource exhaustion of recursive solution parser of the CPU processor of dns server; So the resource operating position of the operating position through detecting DNS query requests amount, the network bandwidth and the CPU processor of dns server or just can when Denial of Service attack take place, in time detect and notify dns server through the operating position that detects DNS query requests amount and dns server recursive solution parser is so that startup refusal service attack defending step.
It is the key in the refusal service attack defending step that the buffer memory that in above-mentioned refusal service attack defending step, adopts solidifies function; Dns server solidifies the resource record in its buffer memory of function control through buffer memory; Make and solidify under the situation of function activation at buffer memory; The expired resource record of the TTL that stores in the buffer memory of dns server is not deleted from buffer memory; Can also be continued to be used in the parsing of DNS inquiry of the domain name request, not have to activate under the situation of just closing and solidify function at buffer memory, the expired resource record of the TTL that stores in the buffer memory of dns server is deleted from buffer memory.Fig. 2 has represented that dns server is for the handling process of the resource record in the buffer memory under the usual condition; As can be seen from the figure; Counting along with the buffer memory counter of dns server; The ttl value of the resource record in the dns server buffer memory successively decreases, and explains that when the TTL of a resource record is decremented to 0 this resource record is expired, and the expired resource record of TTL is deleted from buffer memory by dns server.And after using refusal service attack defending method of the present invention; Use buffer memory to solidify function in the dns server as the key point in the refusal service attack defending step of the present invention; Dns server as shown in Figure 3 is for the handling process of the resource record in the buffer memory; When the TTL of a resource record is expired, judge that at first buffer memory solidifies function and whether is activated, if buffer memory solidifies function activation; Then from buffer memory, do not delete the expired resource record of TTL, still this resource record is used for the parsing of DNS domain name request; If solidifying function, buffer memory do not activate; Then that TTL is expired resource record is deleted from the buffer memory of dns server; When dns server receives the relevant DNS inquiry of the domain name request of this resource record again; Owing to do not have relevant resource record in the buffer memory, so dns server will obtain the needed domain-name information of this DNS inquiry of the domain name request through the recursive solution parser.
The defence method of DNS Denial of Service attack of the present invention; When detecting dns server and receive Denial of Service attack; The signal that sends the startup refusal service attack defending after dns server receives the signal that starts refusal service attack defending, starts the refusal service attack defending step to dns server; In this refusal service attack defending step; Buffer memory through activating in the dns server solidifies function, makes that the expired resource record of TTL is not deleted in the buffer memory of dns server from the buffer memory of dns server, and continues on for the parsing of DNS domain name request.Because stored resource is recorded as the frequent resource record of request in the buffer memory of dns server; Under the usual condition; Inquiry of the domain name request to these domain names exists in the buffer memory of dns server because of its resource record, so directly obtain from buffer memory, need not utilize recursive solution parser resource; But when the TTL of a resource record was expired, dns server can be deleted this resource record from its buffer memory.And under the situation that Denial of Service attack takes place; Because a large amount of forgery domain name request sends to dns server; The resource record continuation that the TTL in the dns server buffer memory is expired this moment keeps and from buffer memory, does not delete; The domain name request that can prevent the domain name commonly used that these requests are frequent can not directly be obtained its domain-name information because the TTL of its resource record is expired from buffer memory; Thereby need and a large amount of limited recursive solution parser resources of domain name request competition of forging; Therefore refusal service attack defending method of the present invention has reduced the resource consumption of the recursive solution parser of dns server significantly when dns server receives Denial of Service attack, has improved the power that resolves to of domain name commonly used.
Fig. 4 and shown in Figure 5 be the defence installation of DNS Denial of Service attack of the present invention; Comprise interconnectively being used to detect dns server and whether being in the Denial of Service attack detection module that receives the Denial of Service attack state and the refusal service attack defending module that is used to defend said Denial of Service attack, wherein the refusal service attack defending module also be connected in dns server buffer memory with institute's stored resource record in the control buffer memory.
Shown in Figure 4 is the structural representation of first embodiment of DNS refusal service attack defending device of the present invention; As can be seen from the figure; The Denial of Service attack detection module of this DNS refusal service attack defending device is arranged at the outside of dns server; The Denial of Service attack detection module is connected in the refusal service attack defending module; The network interface that also is connected in dns server is with the detection Denial of Service attack, and the refusal service attack defending module is connected in the Denial of Service attack detection module, and the buffer memory that also is connected in dns server is with institute's stored resource record in the control buffer memory.
The operation principle of this device is following: the Denial of Service attack detection module is analyzed DNS domain name request queries, network bandwidth operating position and the CPU processor operating position that dns server receives; Judge whether dns server receives Denial of Service attack, and according to the Denial of Service attack testing result send to start or the signal of closing refusal service attack defending to dns server.After dns server receives the startup refusal service attack defending signal of Denial of Service attack detection module transmission; The buffer memory that activates in the refusal service attack defending module solidifies function; Through stored resource record in the buffer memory of buffer memory curing function control dns server; Make the expired resource record of TTL do not continued to be retained in the buffer memory domain name mapping of the inquiry of the domain name request that is used to be correlated with by deletion from buffer memory; Dns server receives that the denial of service detection module sends close the refusal service attack defending signal after; The buffer memory of closing in the refusal service attack defending module solidifies function; Release promptly returns to the expired resource record of deletion TTL under the normal condition to the control of stored resource record in the buffer memory of dns server.The flow process that wherein stored resource writes down in the buffer memory of buffer memory curing function control dns server is referring to Fig. 3.
Shown in Figure 5 is second embodiment of DNS refusal service attack defending device of the present invention; In this DNS refusal service attack defending device; The Denial of Service attack detection module is built in the inside of dns server; Be connected in the refusal service attack defending module; The refusal service attack defending module is connected in the Denial of Service attack detection module to receive the Denial of Service attack testing result that the Denial of Service attack detection module sends, and the buffer memory that also is connected in dns server is with institute's stored resource record in the control buffer memory.
The operation principle of this device is following: the operating position of the DNS domain name request queries that Denial of Service attack detection module analysis dns server receives and the recursive solution parser of dns server; Judge whether dns server receives Denial of Service attack, and send startup or close the refusal service attack defending signal to dns server according to the Denial of Service attack testing result.After dns server receives the startup refusal service attack defending signal of Denial of Service attack detection module transmission; The buffer memory that activates in the refusal service attack defending module solidifies function; Through stored resource record in the buffer memory of buffer memory curing function control dns server; Make the expired resource record of TTL do not continued to be retained in the buffer memory domain name mapping of the domain name request that is used to be correlated with by deletion from buffer memory; And dns server receive that the Denial of Service attack detection module sends close the refusal service attack defending signal after; The buffer memory of closing in the refusal service attack defending module solidifies function; Release promptly returns to the expired resource record of deletion TTL under the normal condition to the control of stored resource record in the buffer memory of dns server.The flow process that wherein stored resource writes down in the buffer memory of buffer memory curing function control dns server is referring to Fig. 3.
Utilize the defence installation of DNS Denial of Service attack of the present invention; Under the situation that Denial of Service attack takes place; Because a large amount of forgery domain name request sends to dns server; The resource record continuation that the TTL in the dns server buffer memory is expired this moment keeps and from buffer memory, does not delete; The domain name request that can prevent the domain name commonly used that these requests are frequent can not directly be obtained its domain-name information because the TTL of its resource record is expired from buffer memory; Thereby need and a large amount of limited recursive solution parser resources of domain name request competition of forging, therefore DNS refusal service attack defending device of the present invention has reduced the resource consumption of the recursive solution parser of dns server significantly when dns server receives Denial of Service attack, has improved the power that resolves to of domain name commonly used.
More than describe preferred embodiment of the present invention in detail.Should be appreciated that those of ordinary skill in the art need not creative work and just can design according to the present invention make many modifications and variation.Therefore, the technical staff in all present technique field all should be in the determined protection range by claims under this invention's idea on the basis of existing technology through the available technical scheme of logical analysis, reasoning, or a limited experiment.
Claims (10)
1. the defence method of a DNS Denial of Service attack is characterized in that, comprises the steps:
Step 1 detects dns server and whether is in the state that receives Denial of Service attack, if detecting said dns server is in the state that receives Denial of Service attack, then sends the signal that starts refusal service attack defending and gives said dns server; If detecting said dns server is not to be in the state that receives Denial of Service attack, then sends the signal of closing refusal service attack defending and give said dns server;
After step 2, said dns server receive said startup or close the signal of refusal service attack defending, start or close the refusal service attack defending step and defend or stop to defend said Denial of Service attack.
2. the defence method of DNS Denial of Service attack as claimed in claim 1; Wherein, Detecting dns server described in the said step 1, whether to be in the state that receives Denial of Service attack be DNS query requests amount, the operating position of the network bandwidth and the operating position of dns server CPU processor that receives through said dns server, and the DNS query requests amount that perhaps receives through said dns server and the operating position of dns server recursive solution parser are carried out the Denial of Service attack detection.
3. the defence method of DNS Denial of Service attack as claimed in claim 2; Wherein, Said startup refusal service attack defending step further is to solidify the function realization through the buffer memory that activates in the said dns server; Said buffer memory solidifies function is said resource record not to be deleted from buffer memory when expired through the TTL of the resource record in the buffer memory of said dns server, realizes in the buffer memory and continue said resource record is retained in.
4. the defence method of DNS Denial of Service attack as claimed in claim 3; Wherein, The said refusal service attack defending step of closing further is to solidify function and realize through closing buffer memory in the said dns server, and closing said buffer memory, to solidify function be said resource record to be deleted when expired through the TTL of the resource record in the buffer memory of said dns server to realize from buffer memory.
5. the defence installation of a DNS Denial of Service attack; It is characterized in that; Comprise the interconnective Denial of Service attack detection module and the refusal service attack defending module that is used for defending against denial-of-service attacks whether dns server is in the state that receives Denial of Service attack that be used to detect; Wherein the refusal service attack defending module also is connected in the buffer memory of said dns server, thereby so that the defence that realizes Denial of Service attack controlled in stored resource record in the buffer memory of said dns server.
6. the defence installation of DNS Denial of Service attack as claimed in claim 5; Wherein, Said Denial of Service attack detection module is the DNS query requests amount that receives through dns server, the operating position and the dns server CPU processor operating position of the network bandwidth, and the DNS query requests amount that perhaps receives through said dns server and the operating position of dns server recursive solution parser carry out that Denial of Service attack detects.
7. the defence installation of DNS Denial of Service attack as claimed in claim 6; Wherein, Said refusal service attack defending module is to realize thereby refusal service attack defending is carried out in the control of institute's stored resource record in the buffer memory of said dns server through activating buffer memory curing function; It is said resource record not to be deleted from buffer memory when expired through the TTL of the resource record in the buffer memory of said dns server that said buffer memory solidifies function, and continues to use this resource record to realize.
8. the defence installation of DNS Denial of Service attack as claimed in claim 7; Wherein, Thereby said refusal service attack defending module is to solidify function and discharge control to institute's stored resource record in the buffer memory of said dns server and stop refusal service attack defending through closing said buffer memory, and closing said buffer memory, to solidify function be said resource record to be deleted when expired through the TTL of the resource record in the buffer memory of said dns server to realize from buffer memory.
9. the defence installation of DNS Denial of Service attack as claimed in claim 8, wherein, said Denial of Service attack detection module is built in the said dns server.
10. the defence installation of DNS Denial of Service attack as claimed in claim 8, wherein, said Denial of Service attack detection module is arranged at the outside of said dns server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210051749.XA CN102624716B (en) | 2012-03-01 | 2012-03-01 | Prevention method and device for domain name system (DNS) denial of service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210051749.XA CN102624716B (en) | 2012-03-01 | 2012-03-01 | Prevention method and device for domain name system (DNS) denial of service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102624716A true CN102624716A (en) | 2012-08-01 |
| CN102624716B CN102624716B (en) | 2014-08-06 |
Family
ID=46564401
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210051749.XA Expired - Fee Related CN102624716B (en) | 2012-03-01 | 2012-03-01 | Prevention method and device for domain name system (DNS) denial of service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102624716B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104125238A (en) * | 2014-08-14 | 2014-10-29 | 互联网域名系统北京市工程研究中心有限公司 | DoS (Denial of Service) and DDoS (Distributed Denial of service) attack resisting method of DNS recursive server |
| CN106331212A (en) * | 2016-08-25 | 2017-01-11 | 北京润通丰华科技有限公司 | Domain name server (DNS) cache camping-based domain name resolution method and system |
| CN106470193A (en) * | 2015-08-19 | 2017-03-01 | 互联网域名系统北京市工程研究中心有限公司 | A kind of anti-DoS of DNS recursion server, the method and device of ddos attack |
| US20170118250A1 (en) * | 2015-10-21 | 2017-04-27 | Verisign, Inc. | Method for minimizing the risk and exposure duration of improper or hijacked dns records |
| CN107222588A (en) * | 2017-07-14 | 2017-09-29 | 中国互联网络信息中心 | A kind of method and system of raising DNS availabilities |
| CN107404496A (en) * | 2017-09-05 | 2017-11-28 | 成都知道创宇信息技术有限公司 | A kind of ddos attack defence and source tracing method based on HTTP DNS |
| CN108418803A (en) * | 2018-02-02 | 2018-08-17 | 广东安创信息科技开发有限公司 | The method and apparatus that defence DNS binds attack again |
| CN108494805A (en) * | 2018-05-25 | 2018-09-04 | 何林明 | A kind of processing method and processing device of CC attacks |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101841533A (en) * | 2010-03-19 | 2010-09-22 | 中国科学院计算机网络信息中心 | Method and device for detecting distributed denial-of-service attack |
| CN102045331A (en) * | 2009-10-22 | 2011-05-04 | 成都市华为赛门铁克科技有限公司 | Method, device and system for processing inquiry request message |
-
2012
- 2012-03-01 CN CN201210051749.XA patent/CN102624716B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102045331A (en) * | 2009-10-22 | 2011-05-04 | 成都市华为赛门铁克科技有限公司 | Method, device and system for processing inquiry request message |
| CN101841533A (en) * | 2010-03-19 | 2010-09-22 | 中国科学院计算机网络信息中心 | Method and device for detecting distributed denial-of-service attack |
Non-Patent Citations (2)
| Title |
|---|
| 李军利等: "恶意DNS流量攻击研究", 《计算机应用与软件》 * |
| 潘鹤元: ""一种DNS DDoS攻击行为的分析及其应对措施"", 《广西通信技术》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104125238A (en) * | 2014-08-14 | 2014-10-29 | 互联网域名系统北京市工程研究中心有限公司 | DoS (Denial of Service) and DDoS (Distributed Denial of service) attack resisting method of DNS recursive server |
| CN106470193A (en) * | 2015-08-19 | 2017-03-01 | 互联网域名系统北京市工程研究中心有限公司 | A kind of anti-DoS of DNS recursion server, the method and device of ddos attack |
| US20170118250A1 (en) * | 2015-10-21 | 2017-04-27 | Verisign, Inc. | Method for minimizing the risk and exposure duration of improper or hijacked dns records |
| US10735461B2 (en) * | 2015-10-21 | 2020-08-04 | Verisign, Inc. | Method for minimizing the risk and exposure duration of improper or hijacked DNS records |
| US11606388B2 (en) | 2015-10-21 | 2023-03-14 | Verisign, Inc. | Method for minimizing the risk and exposure duration of improper or hijacked DNS records |
| CN106331212A (en) * | 2016-08-25 | 2017-01-11 | 北京润通丰华科技有限公司 | Domain name server (DNS) cache camping-based domain name resolution method and system |
| CN106331212B (en) * | 2016-08-25 | 2019-05-07 | 北京润通丰华科技有限公司 | A kind of domain name analytic method and system resident based on DNS cache |
| CN107222588A (en) * | 2017-07-14 | 2017-09-29 | 中国互联网络信息中心 | A kind of method and system of raising DNS availabilities |
| CN107404496A (en) * | 2017-09-05 | 2017-11-28 | 成都知道创宇信息技术有限公司 | A kind of ddos attack defence and source tracing method based on HTTP DNS |
| CN108418803A (en) * | 2018-02-02 | 2018-08-17 | 广东安创信息科技开发有限公司 | The method and apparatus that defence DNS binds attack again |
| CN108494805A (en) * | 2018-05-25 | 2018-09-04 | 何林明 | A kind of processing method and processing device of CC attacks |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102624716B (en) | 2014-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102624716B (en) | Prevention method and device for domain name system (DNS) denial of service | |
| WO2018113594A1 (en) | Method and device for defending dns attack and storage medium | |
| US8347394B1 (en) | Detection of downloaded malware using DNS information | |
| CN109474575B (en) | DNS tunnel detection method and device | |
| CN102624706B (en) | Method for detecting DNS (domain name system) covert channels | |
| US8943586B2 (en) | Methods of detecting DNS flooding attack according to characteristics of type of attack traffic | |
| CN106331212B (en) | A kind of domain name analytic method and system resident based on DNS cache | |
| US11290485B2 (en) | Method and system for detecting and blocking data transfer using DNS protocol | |
| CN101460983A (en) | Malicious attack detection system and an associated method of use | |
| CN102137111A (en) | Method and device for preventing CC (Challenge Collapsar) attack and content delivery network server | |
| JP2017534198A (en) | Apparatus and method for identifying tunneling, outflow and intrusion of domain name system | |
| CN103581363A (en) | Method and device for controlling baleful domain name and illegal access | |
| CN101789940A (en) | Method for preventing flood attack of DNS request message and device thereof | |
| CN109587122B (en) | System and method for realizing self-guarantee of Web subsystem security based on WAF system function | |
| CN103916379B (en) | A kind of CC attack recognition method and system based on high frequency statistics | |
| CN104506525A (en) | Method for preventing malicious grabbing and protection device | |
| CN102624750B (en) | Resist the method and system that DNS recurrence is attacked | |
| CN101895591B (en) | Method and domain name server for increasing robustness of credible Internet domain name service | |
| CN103916387A (en) | DDOS attack protection method and system | |
| CN112995354B (en) | Domain name resolution record reconstruction method and domain name resolution method | |
| WO2014048746A1 (en) | Device, system and method for reducing attacks on dns | |
| CN112019533A (en) | Method and system for relieving DDoS attack on CDN system | |
| US10587649B2 (en) | Recursive domain name service (DNS) prefetching | |
| CN103425930B (en) | A kind of online script detection method and system in real time | |
| CN103957289A (en) | DNSSEC analytic method based on complex network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140806 Termination date: 20170301 |