CN104104689A - Safe DNS (Domain Name Resolution) method in internet browser - Google Patents
Safe DNS (Domain Name Resolution) method in internet browser Download PDFInfo
- Publication number
- CN104104689A CN104104689A CN201410371984.4A CN201410371984A CN104104689A CN 104104689 A CN104104689 A CN 104104689A CN 201410371984 A CN201410371984 A CN 201410371984A CN 104104689 A CN104104689 A CN 104104689A
- Authority
- CN
- China
- Prior art keywords
- domain name
- browser
- address
- dns
- name resolution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a safe DNS (Domain Name Resolution) method in an internet browser. The method comprises the steps: 1) preparing N DNS servers; b) transmitting a resolution request; c) performing domain name resolution; d) recording a received return packet, and recording the quantity to be M; e) judging whether the formula M=0 is established, indicating that a browsing behavior is not completed if the formula is established; indicating that there is the return packet if the formula is not established; f) when a user is used for refreshing, executing the step c); if other web pages are changed to browse, executing the step b); g) taking an IP (Internet Protocol) with most repeating times, and taking the times as X at the same time; and h) judging whether the formula that X is more than N/2 is established, if the formula is established, indicating the IP to be a safe address; if the formula is not established, indicating this browsing to be attacked by the DNS. According to the DNS method in the internet browser provided by the invention, the domain name input by the user can be guaranteed to point to a corresponding web site or a service, therefore, the attacking problem in the DNS process can be solved; furthermore, the forged IP address can be filtrated to retain a correct IP address.
Description
Technical field
The present invention relates in a kind of Internet-browser the domain name analytic method of safety, in particular, relate in particular to and a kind ofly adopt multiple domain name resolution servers to vote to ensure that the IP address parsing has the domain name analytic method of higher-security.
Background technology
DNS (Domain Name System) is the english abbreviation of " domain name system ", it is a kind of cyber-net service naming system of hierarchy, its major function is to be the character string of regulation by IP address transition, or the character string of regulation is converted to IP address, and the character string of regulation is referred to as domain name.Domain name mapping refers to people close friend and holds catchy domain name and replaces the IP address of uninteresting and difficult note to come corresponding computer or service accordingly in fixer network.Because any service in the Internet or computer have own corresponding IP, address is distinguished mutually, when these computers of client access or service, is more difficult and not too easily if remember respectively and use corresponding IP address.Therefore, the process of domain name mapping is just equivalent to the process of translation,, the domain name of convenient memory is translated into the corresponding IP address of the Internet identification that is.And set up relation table between these domain names and IP address, and how to identify and to translate, be to complete by DNS system.So the network address of inputting in the time that user surfs the Net, resolves and find the corresponding IP of this network address (namely domain name) address by domain name analysis system, then user is connected to this IP address and could surfs the Net.Certainly, the process of domain name mapping is transparent for Internet user, and what the domain name of user's access was finally pointed in fact is IP address.
Along with DNS name resolution becomes the most basic service in the Internet, the safety problem of himself also more and more receives hackers' concern, and they have grasped the some means that DNS name resolution process caused to security threat.The more common security attack to domain name mapping process mainly contains following several:
DNS ID spoofing attack.This attack pattern is the net environment of building at switch, first tricker implements ARP deception to target of attack, monitor object DNS request bag by related scans instrument, obtain corresponding ID and port numbers, then send to target of attack the DNS response packet of forging immediately.User receives after the DNS response packet of forgery and thinks and completed DNS name resolution process, and correct DNS response packet is abandoned by user owing to being later than the DNS response packet of forgery.Then user continues internet behavior by the IP address returned of DNS response packet of forging, thereby and the IP address here probably directed the website of malice user is produced to further security threat.
The attack of poisoning of DNS buffer memory.In above-mentioned attack process, in the situation of ID and port numbers, can not complete DNS spoofing attack if can not get, but at present a lot of dns server port numbers are all fixed, therefore only need a DNS request, just can from feedback, obtain port numbers, then carry out the true ID of guessing attack target by the DNS response packet that sends No. D, a large amount of different I, thereby DNS buffer memory being poisoned attack becomes possibility.Attack process and preceding method are similar, and just the DNS response packet of No. D, a large amount of different I of forging of feedback in return course, attacks by probability, makes the IP address that user returns by the DNS response packet of forging continue internet behavior.
Can find out from above attack, the basic reason that user is threatened is owing to having returned to the IP address of forging, thus make user originally the correct domain name of input pointed to the malicious websites that assailant forges, user's further safety is threatened.Therefore, adopt in Internet-browser user, whether forge the IP address that how can interpretation goes out to return,, the user whether domain name of input is correctly pointed to originally corresponding website or service, become and solve the key issue of attacking in DNS name resolution process.
Summary of the invention
The present invention, in order to overcome the shortcoming of above-mentioned technical problem, provides the domain name analytic method of safety in a kind of Internet-browser.
The domain name analytic method of safety in Internet-browser of the present invention, its special feature is, realize by following steps: a). configure multiple domain name resolution servers, in traditional original browser, increase domain name resolution server configuration module, utilize configuration module for N domain name resolution server address of browser configuration; B). send analysis request, user inputs website domain name and also clicks after search, to a) N domain name resolution server transmission domain name mapping request of middle configuration of step, starts timer R simultaneously and starts timing; C). domain name mapping, N domain name resolution server resolved the domain name receiving, and by resolve after result feedback to browser; D). receive and return to bag, start to triggered time T from timer R timing, the N a receiving domain name resolution server is returned to quantity and the content of bag and carry out record, establishing the quantity of returning to bag receiving is M; If exceed triggered time T, browser no longer receives and returns to bag, returns to bag even if received, and also the bag that returns that exceedes triggered time T reception can be abandoned; E). network environment judgement, judge whether M=0 sets up, if set up, show to browse specifically behavior and do not complete because of network environment factor, eject " this is browsed because of network environment and ends, and please again refreshes the page ", perform step f); If be false, show to exist the bag that returns of domain name resolution server, execution step is g); F). in the time of refreshing in user's click browser, again send request to domain name resolution server, execution step is c); Change into and browse other webpages if user does not want to browse former webpage, perform step b); G) .IP address resolution parses the corresponding IP of domain name address from M packet, and recycle ratio is carried out in M IP address, records the number of times that all IP repeat; Get the IP that number of repetition is maximum, the number of times that note repeats maximum IP is simultaneously X; Execution step h); H). judge whether to exist can secure access address, judge whether X > N/2 sets up, if establishment, the IP that shows to have maximum numbers of repetition is secure address, browser points to this IP, user continues browsing page; If be false, show X≤N/2, this is browsed and has been subject to DNS attack, and execution step is i); I). stop browser access, eject " this is browsed because DNS attacks and ends, and please again refreshes the page ", stop the access of browser to any server on network; In the time that user's click refreshes, again send request to domain name resolution server, execution step is c); Change into and browse other webpages if user does not want to browse former webpage, perform step b).
The domain name analytic method of safety in Internet-browser of the present invention, the number N of the domain name resolution server of step described in a) is got and is more than or equal to 3 and be less than or equal to 10 integer.
The domain name analytic method of safety in Internet-browser of the present invention, step a) N domain name resolution server of middle configuration should comprise at least one external dns server, at least one dns server outside the province and the dns server that at least one is local.
In Internet-browser of the present invention safety domain name analytic method, steps d) in triggered time T span meet: 100ms≤T≤3000ms.
The invention has the beneficial effects as follows: browser domain name analytic method of the present invention, first for browser configures multiple domain name resolution servers address, multiple domain name resolution servers are simultaneously to resolving for the domain name of inputting, by the bag that returns receiving in triggered time T is processed, while only having the quantity of the IP address maximum when the number of repetition parsing to exceed the server count object half of all participation address resolution, just think that the maximum IP address of number of repetition is secure address, can carry out secure access; Otherwise, think be subject to DNS attack and can not secure access.
N domain name resolution server should comprise at least one external dns server, at least one dns server outside the province and the dns server that at least one is local, effectively reduce configured multiple domain name resolution servers possibility simultaneously under attack, even if wherein one or more are under attack, also can utilize other server parses to go out safe IP address, complete online operation.The triggered time T of timer meets: 100ms≤T≤3000ms, can carry out Adaptive selection according to network environment.
Domain name analytic method of the present invention, the domain name analytic method of a safety can in the time that using browser browsing page, user be provided, can judge whether receiving in DNS name resolution process to attack by the method for the invention, the domain name that has ensured the input of user's script can correctly be pointed to corresponding website or service, solves the problem of attacking in DNS name resolution process.Meanwhile, the method can be filtered the IP address of forging in part situation, retains correct IP address, thereby makes user obtain correct website IP.Cannot judge in correct IP address situation in the method, also can point out user, and end user network and browse behavior, can prevent that user related information from further being revealed, ensure the fail safe that user surfs the web.
Brief description of the drawings
Fig. 1 is the flow chart of the domain name analytic method of safety in Internet-browser of the present invention.
Embodiment
Below in conjunction with accompanying drawing and embodiment, the invention will be further described.
As shown in Figure 1, provided the flow chart of the domain name analytic method of safety in Internet-browser of the present invention, it is realized by following steps:
A). configure multiple domain name resolution servers, in traditional original browser, increase domain name resolution server configuration module, utilize configuration module for N domain name resolution server address of browser configuration;
In this step, dns server address that originally can only referencing operation system itself due to Openbrowser browser carries out domain name mapping, and windows operating system itself can only be once with a dns server address; Therefore should, by increasing domain name resolution server configuration module, make browser itself can configure the dns server of oneself.
The number N of the domain name resolution server of described configuration is got and is more than or equal to 3 and be less than or equal to 10 integer, as comprises at least one external dns server, at least one dns server outside the province and the dns server that at least one is local.
B). send analysis request, user inputs website domain name and also clicks after search, to a) N domain name resolution server transmission domain name mapping request of middle configuration of step, starts timer R simultaneously and starts timing;
C). domain name mapping, N domain name resolution server resolved the domain name receiving, and by resolve after result feedback to browser;
D). receive and return to bag, start to triggered time T from timer R timing, the N a receiving domain name resolution server is returned to quantity and the content of bag and carry out record, establishing the quantity of returning to bag receiving is M; If exceed triggered time T, browser no longer receives and returns to bag, returns to bag even if received, and also the bag that returns that exceedes triggered time T reception can be abandoned;
In this step, the span of triggered time T meets: 100ms≤T≤3000ms; Time T is chosen according to network condition difference, and network environment is poorer, and the value of T should be larger.
E). network environment judgement, judge whether M=0 sets up, if set up, show to browse specifically behavior and do not complete because of network environment factor, eject " this is browsed because of network environment and ends, and please again refreshes the page ", perform step f); If be false, show to exist the bag that returns of domain name resolution server, execution step is g);
F). in the time of refreshing in user's click browser, again send request to domain name resolution server, execution step is c); Change into and browse other webpages if user does not want to browse former webpage, perform step b);
G) .IP address resolution parses the corresponding IP of domain name address from M packet, and recycle ratio is carried out in M IP address, records the number of times that all IP repeat; Get the IP that number of repetition is maximum, the number of times that note repeats maximum IP is simultaneously X; Execution step h);
H). judge whether to exist can secure access address, judge whether X > N/2 sets up, if establishment, the IP that shows to have maximum numbers of repetition is secure address, browser points to this IP, user continues browsing page; If be false, show X≤N/2, this is browsed and has been subject to DNS attack, and execution step is i);
I). stop browser access, eject " this is browsed because DNS attacks and ends, and please again refreshes the page ", stop the access of browser to any server on network; In the time that user's click refreshes, again send request to domain name resolution server, execution step is c); Change into and browse other webpages if user does not want to browse former webpage, perform step b).
As a specific embodiment: step a) in 5 dns server address of configuration, the dns address of configuration has: 202.102.154.3,202.102.152.3,202.96.128.86,202.103.224.68,8.8.8.8.In these 5 dns server address, 202.102.154.3 be two domain name resolution server addresses that are positioned at Jinan with 202.102.152.3,202.96.128.86 and 202.103.224.68 be two outside the province but for domestic dns server address, lay respectively at Guangdong and Guangxi, 8.8.8.8 is the dns server address that is positioned at external (U.S.).After the network address that user wants to browse in input, for example input " www.baidu.com ", domain name resolution server configuration module sends domain name mapping request to 5 DNS that configured respectively.Steps d) in triggered time T be set to 800ms.In 10 DNS of simulation attack, the browser of the present embodiment can both judge attacking, and has and can successfully filter the IP address of forging for 7 times, retains correct IP address, thereby makes user obtain correct website IP.Cannot judge at the present embodiment under 3 attack condition of correct IP address situation, all point out user, and stop the further network browsing behavior of user, thereby prevent that user related information from further being revealed, protect user's the safety surfing the web.
Method described in the application of the invention, the domain name analytic method of a safety can in the time that using this browser browsing page, user be provided, whether obtain browser by the present embodiment can judge for receiving in DNS name resolution process to attack, thereby ensure the user domain name of input can correctly be pointed to originally corresponding website or service, solve the key issue of attacking in DNS name resolution process.
Claims (4)
1. a domain name analytic method for safety in Internet-browser, is characterized in that, realizes by following steps:
A). configure multiple domain name resolution servers, in traditional original browser, increase domain name resolution server configuration module, utilize configuration module for N domain name resolution server address of browser configuration;
B). send analysis request, user inputs website domain name and also clicks after search, to a) N domain name resolution server transmission domain name mapping request of middle configuration of step, starts timer R simultaneously and starts timing;
C). domain name mapping, N domain name resolution server resolved the domain name receiving, and by resolve after result feedback to browser;
D). receive and return to bag, start to triggered time T from timer R timing, the N a receiving domain name resolution server is returned to quantity and the content of bag and carry out record, establishing the quantity of returning to bag receiving is M; If exceed triggered time T, browser no longer receives and returns to bag, returns to bag even if received, and also the bag that returns that exceedes triggered time T reception can be abandoned;
E). network environment judgement, judge whether M=0 sets up, if set up, show to browse specifically behavior and do not complete because of network environment factor, eject " this is browsed because of network environment and ends, and please again refreshes the page ", perform step f); If be false, show to exist the bag that returns of domain name resolution server, execution step is g);
F). in the time of refreshing in user's click browser, again send request to domain name resolution server, execution step is c); Change into and browse other webpages if user does not want to browse former webpage, perform step b);
G) .IP address resolution parses the corresponding IP of domain name address from M packet, and recycle ratio is carried out in M IP address, records the number of times that all IP repeat; Get the IP that number of repetition is maximum, the number of times that note repeats maximum IP is simultaneously X; Execution step h);
H). judge whether to exist can secure access address, judge whether X > N/2 sets up, if establishment, the IP that shows to have maximum numbers of repetition is secure address, browser points to this IP, user continues browsing page; If be false, show X≤N/2, this is browsed and has been subject to DNS attack, and execution step is i);
I). stop browser access, eject " this is browsed because DNS attacks and ends, and please again refreshes the page ", stop the access of browser to any server on network; In the time that user's click refreshes, again send request to domain name resolution server, execution step is c); Change into and browse other webpages if user does not want to browse former webpage, perform step b).
2. the domain name analytic method of safety in Internet-browser according to claim 1, is characterized in that: the number N of the domain name resolution server of step described in a) is got and is more than or equal to 3 and be less than or equal to 10 integer.
3. the domain name analytic method of safety in Internet-browser according to claim 1 and 2, is characterized in that: step a) N domain name resolution server of middle configuration should comprise at least one external dns server, at least one dns server outside the province and the dns server that at least one is local.
In Internet-browser according to claim 1 and 2 safety domain name analytic method, it is characterized in that: steps d) in triggered time T span meet: 100ms≤T≤3000ms.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410371984.4A CN104104689A (en) | 2014-07-31 | 2014-07-31 | Safe DNS (Domain Name Resolution) method in internet browser |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410371984.4A CN104104689A (en) | 2014-07-31 | 2014-07-31 | Safe DNS (Domain Name Resolution) method in internet browser |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104104689A true CN104104689A (en) | 2014-10-15 |
Family
ID=51672490
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410371984.4A Pending CN104104689A (en) | 2014-07-31 | 2014-07-31 | Safe DNS (Domain Name Resolution) method in internet browser |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104104689A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106331216A (en) * | 2016-09-13 | 2017-01-11 | 腾讯科技(深圳)有限公司 | Domain name parsing method and domain name parsing device |
| CN106878254A (en) * | 2016-11-16 | 2017-06-20 | 国家数字交换系统工程技术研究中心 | Improve the method and device of DNS securities of system |
| CN108418803A (en) * | 2018-02-02 | 2018-08-17 | 广东安创信息科技开发有限公司 | The method and apparatus that defence DNS binds attack again |
| CN110166581A (en) * | 2019-04-30 | 2019-08-23 | 大唐软件技术股份有限公司 | A kind of domain name resolution server visitation frequency accounting acquisition methods and device |
| CN114024937A (en) * | 2021-11-16 | 2022-02-08 | 北京天融信网络安全技术有限公司 | DNS cache poisoning detection method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101640679A (en) * | 2009-04-13 | 2010-02-03 | 山石网科通信技术(北京)有限公司 | Domain name resolution agent method and device therefor |
| CN101827136A (en) * | 2010-03-30 | 2010-09-08 | 联想网御科技(北京)有限公司 | Defense method for domain name system server buffer infection and network outlet equipment |
-
2014
- 2014-07-31 CN CN201410371984.4A patent/CN104104689A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101640679A (en) * | 2009-04-13 | 2010-02-03 | 山石网科通信技术(北京)有限公司 | Domain name resolution agent method and device therefor |
| CN101827136A (en) * | 2010-03-30 | 2010-09-08 | 联想网御科技(北京)有限公司 | Defense method for domain name system server buffer infection and network outlet equipment |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106331216A (en) * | 2016-09-13 | 2017-01-11 | 腾讯科技(深圳)有限公司 | Domain name parsing method and domain name parsing device |
| CN106878254A (en) * | 2016-11-16 | 2017-06-20 | 国家数字交换系统工程技术研究中心 | Improve the method and device of DNS securities of system |
| CN106878254B (en) * | 2016-11-16 | 2020-09-25 | 国家数字交换系统工程技术研究中心 | Method and device for improving safety of DNS (Domain name System) |
| CN108418803A (en) * | 2018-02-02 | 2018-08-17 | 广东安创信息科技开发有限公司 | The method and apparatus that defence DNS binds attack again |
| CN110166581A (en) * | 2019-04-30 | 2019-08-23 | 大唐软件技术股份有限公司 | A kind of domain name resolution server visitation frequency accounting acquisition methods and device |
| CN114024937A (en) * | 2021-11-16 | 2022-02-08 | 北京天融信网络安全技术有限公司 | DNS cache poisoning detection method and device |
| CN114024937B (en) * | 2021-11-16 | 2023-11-10 | 北京天融信网络安全技术有限公司 | DNS cache poisoning detection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103825895B (en) | A kind of information processing method and electronic equipment | |
| CN104104689A (en) | Safe DNS (Domain Name Resolution) method in internet browser | |
| CN112929390B (en) | Network intelligent monitoring method based on multi-strategy fusion | |
| CN109413050B (en) | Access rate self-adaptive internet vulnerability information acquisition method and system | |
| CN107295116B (en) | Domain name resolution method, device and system | |
| CN107612926B (en) | One-sentence speech WebShell interception method based on client recognition | |
| CN103810268B (en) | Search result recommendation information loading method, device and system and URL detection method, device and system | |
| CN106453216A (en) | Malicious website interception method, malicious website interception device and client | |
| CN108270778B (en) | DNS domain name abnormal access detection method and device | |
| CN105959371A (en) | Webpage sharing system | |
| JP5415390B2 (en) | Filtering method, filtering system, and filtering program | |
| WO2016188029A1 (en) | Method and device for parsing two-dimensional code, computer readable storage medium, computer program product and terminal device | |
| US20100030876A1 (en) | Method, system and apparatus for discovering user agent dns settings | |
| CN106657035B (en) | A kind of network message transmission method and device | |
| CN103152354A (en) | Method and system for promoting dangerous website and client device | |
| CN105635064A (en) | CSRF attack detection method and device | |
| CN103793508B (en) | A kind of loading recommendation information, the methods, devices and systems of network address detection | |
| CN105337776B (en) | Method and device for generating website fingerprint and electronic equipment | |
| WO2015003556A1 (en) | Device and method for acquiring second-level domain name information associated with main domain name | |
| CN103685606A (en) | Associated domain name acquisition method, associated domain name acquisition system and web administrator permission validation method | |
| CN105530251A (en) | Method and device for identifying phishing website | |
| CN104158799A (en) | HTTP DDOS defense method based on URL dynamic mapping | |
| CN105939320A (en) | Message processing method and device | |
| CN103944901B (en) | Social Botnet controls detection method and the device of node | |
| CN111225038B (en) | Server access method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20141015 |
|
| RJ01 | Rejection of invention patent application after publication |