CN104253796B - Quick area's recognition methods based on network address binding region layer level in domain name system - Google Patents
Quick area's recognition methods based on network address binding region layer level in domain name system Download PDFInfo
- Publication number
- CN104253796B CN104253796B CN201310263939.2A CN201310263939A CN104253796B CN 104253796 B CN104253796 B CN 104253796B CN 201310263939 A CN201310263939 A CN 201310263939A CN 104253796 B CN104253796 B CN 104253796B
- Authority
- CN
- China
- Prior art keywords
- name server
- request
- area
- domain name
- authoritative
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to domain name system technology field, specifically discloses quick area's recognition methods based on network address binding region layer level in domain name system;Improved on the basis of original dns resolution, including:On authoritative name server, NS records are respectively directed on the IP of corresponding binding by the area of different levels, after domain name mapping request is by standard dns resolution flow recurrence to authoritative name server, the region layer level that authoritative name server is bound according to request entrance IP, area's title is intercepted out from request domain name, according to the area's name intercepted out, it is judged whether in the range of authoritative name server empowered zone list, and then carries out dissection process flow.Present invention, avoiding repeatedly interception domain name and Matching band list one by one, only need once to intercept the domain name that can judge request whether under the administration of authoritative name server for receiving request, the problem of area is matched as pregnable leak is avoided, improves the security and analyzing efficiency of domain name resolution process.
Description
Technical field
The present invention relates to domain name system technology field, and region layer level is bound more particularly, to network address is based in domain name system
Quick area's recognition methods.
Background technology
DNS is domain name system in computer system (Domain Name System or Domain Name Service)
Abbreviation, it is a kernel service of internet, and it is as the distributed number that can mutually map domain name and IP address
According to storehouse, it can make one more easily to access internet, without spending, remember can be by IP number strings that machine is directly read.DNS is
It is made up of resolver and name server, name server refers to preserve in the network domain name of All hosts and correspondingly
IP address, and with the server that domain name is converted to IP address function.DNS is 53 using TCP and UDP port number, mainly
Backed up using UDP, between server and use TCP.
IP is the abbreviation of English Internet Protocol (agreement interconnected between network), and Chinese is referred to as " net association ",
Namely the agreement for being communicated and being designed is connected with each other for computer network.In the internet, it is to make connection on the net
All computer networks realize the set of rule that is in communication with each other, it is specified that should be abided by when computer is communicated on the internet
The rule kept.The computer system of any manufacturer production, as long as being interconnected in accordance with IP agreement can and internet.IP agreement
In also have a very important content, that is, all define one only to every computer on internet and miscellaneous equipment
One address, it is called " IP address ".Due to there is this unique address, calculating hands- operation of the user in networking just ensure that
When, the object needed for oneself can efficiently and be easily selected from thousands upon thousands computers and is come.
TCP is the abbreviation of English Transmission Control Protocol (transmission control protocol), and TCP is a kind of
Towards connection (connection be oriented to), reliable, transportation level (Transport layer) communication protocol based on byte stream, by
IETF RFC 793 illustrates (specified).In simplified computer network osi model, it completes the 4th layer of transport layer institute
The function of specifying, UDP are another important host-host protocols in same layer.UDP is User Datagram Protocol letter
Claim, Chinese name is UDP, is a kind of connectionless transport layer protocol in OSI Reference Model, there is provided towards affairs
Simple unreliable information transmission service.TCP/IP(Transmission Control Protocol/Internet
Protocol it is) transmission control protocol/IP(Internet Protocol), is the protocol suite of an industrial standard, it is designed for wide area network (WAN)
's.It is grown up by the research institution of Advanced Research Projects Agency Network net
Domain name (Domain Name), it is a certain on the internet (Internet) that forms of names separated by a string with point
Platform computer or the title for calculating unit, for identifying the electronic bearing of computer in data transfer.DNS distributed data bases
It is the hierarchical structure of a downtree shape, this database is using domain name as index.Each domain name is actually that this is inverse
To the path of tree.Several the superiors are roots, and extension goes down to have many branches, and the crosspoint of these branches is known as node,
Each node still can continue to divide downwards.The depth capacity entirely set must not exceed 127 layers, each node have one can be with
Up to the text label of 63 bytes.Store and be called name server on the program of name space information, name server contains
A part of complete information of certain in name space, this part are referred to as area (ZONE), the content in area be from be locally stored or other
Loaded in name server.Name server has authority to this area, and a name server can also be simultaneously to more
Individual area has authority.
NS (Name System) records are authoritative name server records, are used to specify the authoritative name server in the area,
The authoritative name server in the area is responsible for parsing the parsing of the affiliated domain name in the area.
People are accustomed to memory domain name, but machinery compartment only identifies mutually IP address, are to correspond between domain name and IP address
, the conversion work between them is referred to as domain name mapping, i.e. dns resolution;Domain name mapping is needed by special domain name resolution service
Device is completed, and whole process carries out automatically.When uploading to your fictitious host computer after the completion of your website making, you can be with
Directly in a browser input IP address browse your website, can also inputs domain name inquire about your website, although what is drawn is interior
Appearance is the same but the process of calling is different, and input IP address is that content is directly called from main frame, and inputs domain name is logical
The IP address of main frame corresponding to domain name resolution server sensing is crossed, then the content of website is called from main frame.
Dns resolution process is:Step 1: client initiates domain name analysis request, and send the requests to the domain of client
Name server;Step 2: the name server of client receives request, name server is inquired about in the local cache of client
Request;If inquiring the entry of request in the local cache of client, name server directly returns to Query Result
To client, resolving terminates;If the entry of request, domain name service are not inquired in the local cache of client
Device sends the requests to root name character server, and root name character server is by the subdomain of the root inquired, authoritative name server
Record and its IP address return to name server;Step 3: name server sends recurrence request to authoritative name server,
Carry out following step four;Step 4: authoritative name server receives recurrence request and authority is inquired about in authoritative name server
Storage;If inquiring the entry of authority's storage in authoritative name server, authoritative name server is by the inquiry of return
As a result it is saved in the local cache of client, it is allowed to which next time is used, while Query Result is returned into client, resolving knot
Beam;If not inquiring the entry of authority's storage in authoritative name server, by the record of authoritative name server and
Its IP address again returns to be sent recurrence request to authoritative name server, carries out step to name server, name server
Five;Step 5: repeat step four, the entry until finding matching.
Generally, multiple areas can share authoritative name server, i.e. authoritative name server has administered multiple areas.Appoint
After what domain name mapping inquiry is sent to authoritative name server, whether authoritative name server must match domain name corresponding to inquiry
In the area that authoritative name server is administered, if being recorded corresponding to further being searched in, authoritative server in authority's storage
And response bag return is formed, if not existing, return to corresponding error message bag.If asking the number of labels of domain name relatively more, weigh
The character string that legendary heroism character server inversely must be intercepted gradually, and check whether the character string arranges in authoritative name server administrative area
In table name list, such as request analysis domain name is aa.bb.cc.dd.ee.ff.gg.hh.com., then existing authoritative name server
Hh.com is first intercepted out, and judges hh.com whether in area's list scope of itself administration, if stopping interception and looking into
Look for, Matching band success;If not existing, gg.hh.com is further intercepted out, and judges gg.hh.com whether in itself administration
In area's list scope, if stopping interception and lookup if, Matching band is successful.Such circulation searching matching, until certain is once intercepted
When search successfully, or last time interception aa.bb.cc.dd.ee.ff.gg.hh.com. be excluded itself administration area row
In table scope.The algorithm complex of this Matching band depends on the number of interception and matching.
It is highly susceptible to attack in dns resolution in the prior art, if the domain name of malicious attacker construction request contains label
Quantity is a lot, and requested domain name is in authoritative name server administrative area under fire, then authoritative name server
System resources in computation the operand for being easy to repeatedly be intercepted domain name and Matching band list one by one is exhausted.There is presently no have
The solution of effect.
The content of the invention
Technical problem solved by the invention is to provide in a kind of domain name system based on the fast of network address binding region layer level
Fast area's recognition methods, the present invention is improved on the basis of original dns resolution, by authoritative name server,
IP corresponding to the number of plies in name space tree where area and NS records is established into binding relationship, avoids one by one repeatedly interception domain name
With Matching band list, it is only necessary to which once interception can judge whether the domain name of request is receiving the authoritative name server of request
Under administration, so as to avoid the problem of area is matched as pregnable leak.The security of domain name resolution process is improved,
The analyzing efficiency of domain name resolution process is improved, saves the time.
In order to solve the above-mentioned technical problem, the invention provides bind the fast of region layer level based on network address in domain name system
Fast area's recognition methods, including:
The area of different levels is tied in different IP address by S1, authoritative name server respectively, i.e., it is each it is described not
NS records are respectively directed in the IP address of corresponding binding by the area with level;
S2, client initiate domain name analysis request, and send the request to the local name service of the client
Device;
S3, the local name server inquire about the relative recording item of the request in own cache;
If S3.a, the entry for inquiring in the own cache of the local name server request, described
Query Result is directly returned to the client by local name server, and resolving terminates;
If S3.b, the entry for not inquiring in the own cache of the local name server request,
The local name server sends the request to root name character server, the NS of the root name server lookup TLD
The information of the corresponding IP address of the NS of record and TLD records, and Query Information is returned into the local name service
Device, the local name server initiate recurrence request, until recurrence again using the Query Information as the further recurrence of clue
To the authoritative name server corresponding to the request domain name;
S4, the request recurrence are to the authoritative name server, and the authoritative name server is according to the step S1
Described in the entrance IP address of recurrence request map out the region layer level of binding, the authoritative name server is from the recurrence
Area's title of the recurrence request is intercepted out in the domain name of request according to the region layer level;
S5:Whether area's title that the authoritative name server judges to intercept out is in the authoritative name server
In the range of empowered zone list;
If S5.a, area's title are in the range of the empowered zone list of the authoritative name server, the authoritative name
Server carries out domain name mapping handling process, the authoritative entry is inquired about in the storage of the authoritative name server whether
In the presence of Query Result group bag is returned to the local name server, the local name clothes by the authoritative name server
The Query Result is saved in own cache by business device again, it is allowed to and follow-up domain name inquiry request uses, while by the inquiry
As a result response bag returns to the client, and resolving terminates;
If S5.b, not in the range of the empowered zone list of the authoritative name server, the authoritative name server
The recurrence request is judged for invalidation request or query-attack, is abandoned the recurrence request or is returned to relevant error information to described
The relevant error information response bag is returned to the client by local name server, the local name server, solution
Analysis process terminates.
Preferably, different levels refer to three layers and more than three layers described in the step S1.
Wherein, NS (Name Server) record is name server record, is used to specify the domain name by which DNS
Server is parsed.During registered domain name, always there is the dns server of acquiescence, the domain name each registered is by a DNS domain
Name server is parsed.DNS is domain name system (Domain Name System) abbreviation, is a core of internet
Central server, it can make one more easily to visit as the distributed data base that can mutually map domain name and IP address
Internet is asked, remember can be by IP number strings that machine is directly read without spending.IP is English Internet Protocol (nets
The agreement interconnected between network) abbreviation, Chinese is referred to as " net association ", that is, be connected with each other for computer network communicated and
The agreement of design.In the internet, it is that all computer networks of connection on the net can be made to realize the socket gauge being in communication with each other
Then, it is specified that the rule that should be observed when computer is communicated on the internet.The computer system of any manufacturer production, only
IP agreement can is observed to interconnect with internet.IP address has uniqueness.
The present invention compared with prior art, has the advantages that:
The invention provides quick area's recognition methods based on network address binding region layer level in a kind of domain name system, pass through
IP corresponding to the number of plies in name space tree where area and NS records is established into binding relationship, avoids one by one repeatedly interception domain name
With Matching band list, it is only necessary to which once interception can judge whether the domain name of request is receiving the authoritative name server of request
Under administration, so as to avoid the problem of area is matched as pregnable leak.The security of domain name resolution process is improved,
The analyzing efficiency of domain name resolution process is improved, saves the time.
Brief description of the drawings
Fig. 1 schematically illustrates quick area's recognition methods flow based on network address binding region layer level in domain name system
Figure;
Fig. 2 schematically illustrates the binding IP wallchart in the area of different levels.
Embodiment
The technical problem solved for a better understanding of the present invention, the technical scheme provided, below in conjunction with accompanying drawing and
Embodiment, the present invention will be described in further detail.Specific embodiment described herein only to explain the present invention reality
Apply, but be not intended to limit the present invention.
In a preferred embodiment, Fig. 1 is schematically illustrated in domain name system based on network address binding region layer level
Quick area's recognition methods flow;
The area of different levels is tied in different IP address by S1, authoritative name server respectively, i.e., it is each it is described not
NS records are respectively directed in the IP address of corresponding binding by the area with level;
S2, client initiate domain name mapping DNS request bag, and the DNS request bag is sent to the sheet of the client
Ground name server;
S3, the local name server inquire about the relative recording item of the DNS request bag in own cache;
If S3.a, the entry for inquiring in the own cache of the local name server DNS request bag,
Query Result is directly returned to the client by the local name server, and resolving terminates;
If S3.b, the record for not inquiring in the own cache of the local name server DNS request bag
, then the DNS request bag is sent to root name character server, the root name server lookup by the local name server
The information of the corresponding IP address of NS records of the NS records and the TLD of TLD, and Query Information is returned into the local
Name server, for the local name server using the Query Information as the further recurrence of clue, initiating recurrence DNS again please
Bag is sought, until the authoritative name server corresponding to recurrence to the DNS request bag domain name;
S4, the DNS request bag recurrence to the authoritative name server, the authoritative name server is according to the step
The entrance IP address of recurrence DNS request bag maps out the region layer level of binding, the authoritative name server described in rapid S1
Area's title of the recurrence DNS request bag is intercepted out according to the region layer level from the domain name of the recurrence DNS request bag;
S5:Whether area's title that the authoritative name server judges to intercept out is in the authoritative name server
In the range of empowered zone list;
If area's title is in the range of the empowered zone list of the authoritative name server, the authoritative name server
Domain name mapping handling process is carried out, the authoritative entry is inquired about in the storage of the authoritative name server and whether there is,
Query Result response bag is returned to the local name server, the local name server by the authoritative name server
The Query Result is saved in own cache again, it is allowed to follow-up domain name inquiry request uses, while by the Query Result
Response bag returns to the client, and resolving terminates;
If not in the range of the empowered zone list of the authoritative name server, the authoritative name server judges institute
Recurrence DNS request bag is stated as invalid DNS request bag or attack DNS request bag, the recurrence DNS request bag is abandoned or returns related
The local name server is given in error message, and the local name server returns to the relevant error information response bag
The client, resolving terminate.
In more preferred embodiment, different levels refer to three layers and more than three layers described in the step S1.
Specific embodiment:
Fig. 2 schematically illustrates the binding IP wallchart in the area of different levels, on authoritative name server, by difference
The area (ZONE) of level is tied on different IP respectively.Such as three the area of level be tied on LV3-IP, the area of four levels is tied up
Determine onto LV4-IP, the area of five levels is tied on LV5-IP;Areas more than five levels is typically fewer, if having increase is corresponding to tie up
Determine IP;One level is rhizosphere name, and two levels are TLD, is domain name registration/management board's control.
This patent is not changed to the authoritative name server dns resolution process in a floor and the area of two levels, only right
The authoritative name server dns resolution process in the area of three levels and its above is changed.
After domain name mapping request is by standard dns resolution flow recurrence to authoritative name server, authoritative name server root
According to the region layer level of request entrance IP bindings, area's title is intercepted out from request domain name.Such as request domain name is
Xyz.def.abc.com., if entrance IP is LV3-IP, the entitled abc.com. in area is intercepted out from xyz.def.abc.com.;
If similarly entrance IP is LV4-IP, the entitled def.abc.com. in area intercepted out from xyz.def.abc.com.;If similarly
Entrance IP is LV5-IP, then the entitled xyz.def.abc.com. in area intercepted out from xyz.def.abc.com..
The present invention is described in detail above by specific and preferred embodiment, but those skilled in the art should be bright
In vain, the invention is not limited in embodiment described above, all any modifications within the general principle of the present invention, made, group
Conjunction and equivalent substitution etc., are all contained within protection scope of the present invention.
Claims (2)
- A kind of 1. quick area's recognition methods based on network address binding region layer level in domain name system, it is characterised in that including:The area of different levels is tied in different IP address by S1, authoritative name server respectively, i.e., each different layers NS records are respectively directed in the IP address of corresponding binding by the area of level;S2, client initiate domain name analysis request, and send the request to the local name server of the client;S3, the local name server inquire about the relative recording item of the request in own cache;If S3.a, the entry for inquiring in the own cache of the local name server request, the local Query Result is directly returned to the client by name server, and resolving terminates;If S3.b, the entry for not inquiring in the own cache of the local name server request, described Local name server sends the request to root name character server, the NS records of the root name server lookup TLD And the information of the corresponding IP address of NS records of the TLD, and Query Information is returned into the local name server, institute Local name server is stated using the Query Information as the further recurrence of clue, recurrence request is initiated again, up to recurrence to institute State the authoritative name server corresponding to request domain name;S4, the request recurrence are to the authoritative name server, and the authoritative name server is according to institute in the step S1 The entrance IP address for stating recurrence request maps out the region layer level of binding, and the authoritative name server is asked from the recurrence Domain name in area's title that the recurrence asks intercepted out according to the region layer level;S5:The authoritative name server judge area's title for intercepting out whether the authoritative name server mandate In the range of area's list;If S5.a, area's title are in the range of the empowered zone list of the authoritative name server, the authoritative name Service Device carries out domain name mapping handling process, and area's Naming Authority entry is inquired about in the storage of the authoritative name server is Query Result group bag is returned to the local name server, the local name by no presence, the authoritative name server The Query Result is saved in own cache by server again, it is allowed to which follow-up domain name inquiry request uses, while is looked into described Ask result response bag and return to the client, resolving terminates;If S5.b, not in the range of the empowered zone list of the authoritative name server, the authoritative name server judges The recurrence request is invalidation request or query-attack, abandons the recurrence request or returns to relevant error information to the local The relevant error information response bag is returned to the client by name server, the local name server, is parsed Journey terminates.
- 2. quick area's recognition methods based on network address binding region layer level in domain name system according to claim 1, its It is characterised by, different levels refer to three layers and more than three layers described in the step S1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310263939.2A CN104253796B (en) | 2013-06-27 | 2013-06-27 | Quick area's recognition methods based on network address binding region layer level in domain name system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310263939.2A CN104253796B (en) | 2013-06-27 | 2013-06-27 | Quick area's recognition methods based on network address binding region layer level in domain name system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104253796A CN104253796A (en) | 2014-12-31 |
| CN104253796B true CN104253796B (en) | 2018-01-05 |
Family
ID=52188336
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310263939.2A Expired - Fee Related CN104253796B (en) | 2013-06-27 | 2013-06-27 | Quick area's recognition methods based on network address binding region layer level in domain name system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104253796B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105704259B (en) * | 2016-01-21 | 2019-06-21 | 中国互联网络信息中心 | A kind of domain name authority services source IP recognition methods and system |
| CN107302601A (en) * | 2016-04-15 | 2017-10-27 | 北京北信源软件股份有限公司 | A kind of instant messaging DNS and analytic method |
| CN107135236A (en) * | 2017-07-06 | 2017-09-05 | 广州优视网络科技有限公司 | A kind of detection method and system of target Domain Hijacking |
| CN111131285B (en) * | 2019-12-30 | 2022-03-01 | 深圳网基科技有限公司 | Active protection method for random domain name attack |
| CN114285823B (en) * | 2021-12-30 | 2024-02-02 | 哈尔滨工业大学 | DNS system-based universal network identification analysis method and system |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101640679A (en) * | 2009-04-13 | 2010-02-03 | 山石网科通信技术(北京)有限公司 | Domain name resolution agent method and device therefor |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070118667A1 (en) * | 2005-11-21 | 2007-05-24 | Limelight Networks, Inc. | Domain name resolution based dynamic resource assignment |
-
2013
- 2013-06-27 CN CN201310263939.2A patent/CN104253796B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101640679A (en) * | 2009-04-13 | 2010-02-03 | 山石网科通信技术(北京)有限公司 | Domain name resolution agent method and device therefor |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104253796A (en) | 2014-12-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105959433B (en) | A kind of domain name analytic method and its domain name analysis system | |
| US11632353B2 (en) | Delegating DNS records to additional providers | |
| US9219705B2 (en) | Scaling network services using DNS | |
| CN104253796B (en) | Quick area's recognition methods based on network address binding region layer level in domain name system | |
| US20060218289A1 (en) | Systems and methods of registering and utilizing domain names | |
| US11816161B2 (en) | Asset search and discovery system using graph data structures | |
| US8370457B2 (en) | Network communication through a virtual domain | |
| JP2019507994A (en) | Method and apparatus for intelligent domain name system transfer | |
| US20040078368A1 (en) | Indexing virtual attributes in a directory server system | |
| CN106068639A (en) | The Transparent Proxy certification processed by DNS | |
| CN106302842A (en) | A kind of domain name analytic method, Apparatus and system | |
| EP1860519A2 (en) | Mass Generation of Individual Virtual Servers, Virtual Web Sites and Virtual Web Objects | |
| US20170118250A1 (en) | Method for minimizing the risk and exposure duration of improper or hijacked dns records | |
| CN103891247B (en) | Method and system for domain name system based discovery of devices and objects | |
| CN1842008A (en) | Method and system for providing customized content over a network | |
| CN102546854A (en) | Domain name analysis method for building hyper text transport protocol (HTTP) connection for domain name and server | |
| US8806057B2 (en) | Internet-based value-added services system and method | |
| KR100463208B1 (en) | Internal Natural Domain Service System with Local Name Servers for Flexible Top-Level Domains | |
| US20170171147A1 (en) | Method and electronic device for implementing domain name system | |
| CN104427007A (en) | A domain name searching method for a DNS | |
| CN107613039A (en) | IP address attribution inquiry method, device, system and storage medium | |
| WO2021184580A1 (en) | Intelligent domain name resolution method and apparatus, electronic device and computer-readable storage medium | |
| CN106294848A (en) | A kind of web analysis, acquisition methods and device | |
| US20210126892A1 (en) | Name server management of domain name systems using virtual name servers | |
| US10958617B2 (en) | Systems and methods for using domain name system context based response records |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180105 Termination date: 20180627 |