CN104468244B - Domain name analysis system calamity is for constructing method and device - Google Patents
Domain name analysis system calamity is for constructing method and device Download PDFInfo
- Publication number
- CN104468244B CN104468244B CN201410852629.9A CN201410852629A CN104468244B CN 104468244 B CN104468244 B CN 104468244B CN 201410852629 A CN201410852629 A CN 201410852629A CN 104468244 B CN104468244 B CN 104468244B
- Authority
- CN
- China
- Prior art keywords
- domain name
- data
- dns
- calamity
- name mapping
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 118
- 238000004458 analytical method Methods 0.000 title claims abstract description 90
- 238000013507 mapping Methods 0.000 claims abstract description 198
- 230000004044 response Effects 0.000 claims abstract description 56
- 238000013475 authorization Methods 0.000 claims description 95
- 230000008569 process Effects 0.000 claims description 47
- 230000005540 biological transmission Effects 0.000 claims description 12
- 238000012546 transfer Methods 0.000 claims description 12
- 238000007689 inspection Methods 0.000 claims description 2
- 238000011084 recovery Methods 0.000 abstract description 83
- 206010033799 Paralysis Diseases 0.000 abstract description 10
- 230000000694 effects Effects 0.000 abstract description 10
- 238000010276 construction Methods 0.000 abstract description 7
- 238000004422 calculation algorithm Methods 0.000 description 63
- 238000013480 data collection Methods 0.000 description 44
- 230000006870 function Effects 0.000 description 25
- 238000005516 engineering process Methods 0.000 description 20
- 230000007246 mechanism Effects 0.000 description 16
- 230000002159 abnormal effect Effects 0.000 description 15
- 230000008859 change Effects 0.000 description 14
- 238000012512 characterization method Methods 0.000 description 14
- 238000007726 management method Methods 0.000 description 14
- 238000003860 storage Methods 0.000 description 14
- 230000006399 behavior Effects 0.000 description 13
- 238000004891 communication Methods 0.000 description 12
- 230000006854 communication Effects 0.000 description 12
- 238000012545 processing Methods 0.000 description 12
- 230000002123 temporal effect Effects 0.000 description 8
- 238000010801 machine learning Methods 0.000 description 7
- 230000001360 synchronised effect Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 6
- 230000004048 modification Effects 0.000 description 6
- 241001269238 Data Species 0.000 description 4
- 230000000977 initiatory effect Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013523 data management Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 238000009826 distribution Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000007418 data mining Methods 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000014759 maintenance of location Effects 0.000 description 2
- 230000000505 pernicious effect Effects 0.000 description 2
- 230000008439 repair process Effects 0.000 description 2
- 230000000717 retained effect Effects 0.000 description 2
- 230000006641 stabilisation Effects 0.000 description 2
- 238000011105 stabilization Methods 0.000 description 2
- 230000007175 bidirectional communication Effects 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 239000000700 radioactive tracer Substances 0.000 description 1
- 241000894007 species Species 0.000 description 1
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The present invention relates to a kind of domain name analysis system calamity for constructing method, it includes the following steps:The real time data synchronization of a target group of planes for DNS service will be provided to calamity standby host group, included in the data for providing the data cached of domain name mapping basis;Domain name mapping request is received, is asked in response to the domain name mapping and utilizes the data cached carry out domain name mapping;Asked with the domain name mapping described in domain name mapping result response.In addition present invention also offers a kind of domain name analysis system calamity for constructing devices.It can be suitable for the disaster recovery and backup systems of existing Domain Name Service System with construction with the constructing method of the present invention, in existing Domain Name Service System or its network paralysis relied on, can temporarily and effectively play the effect of domain name resolution service.
Description
Technical field
The present invention relates to internet security technology, is related to a kind of domain name analysis system calamity for constructing method and device.
Background technology
Disaster recovery and backup systems are to be backed up for the operation system formed to a network group of planes and the technology of disaster tolerance, extensive use
In an Internet service group of planes.In general, Internet service is provided with the operation system of normal operation, and by disaster recovery and backup systems to normal
The operation system of operation carries out backup and fault detect etc. in real time, and operation system produce failure or it is under attack it
Afterwards, just intelligently former operation system being replaced using disaster recovery and backup systems, identical service is opened to Internet user.
Disaster recovery and backup systems generally include synchronous data, fault detect and several big management logics of service switching.Wherein, data are synchronous
Logic is managed, is to ensure the integrality of data, uniformity and availability between the production center and Disaster Preparation Center two places;Failure
Detection management logic is to make assessment of failure and judgement according to certain strategy according to the data of data monitoring;Service switching management
Logic, according to failure detection result, be responsible for when significant trouble either disaster occurs for the operation system of the production center it is automatic or
It is manually switched to using disaster recovery and backup systems open service to substitute the operational mode of original operation system.
Although the principle of disaster recovery and backup systems is generally applied very much, current dns server and its phase relation
System, since DNS service agreement is relatively simple, always carries no weight, correlation technique is left to be desired.
The content of the invention
The problem of in view of above-mentioned at least one aspect, the purpose of the present invention are just to provide a kind of domain name analysis system calamity
Standby constructing method.
Correspondingly, according to modularized thoughts, another object of the present invention is to provide, a kind of domain name analysis system calamity is standby to build
Structure device.
To achieve the object of the present invention, the present invention adopts the following technical scheme that:
A kind of domain name analysis system calamity of the present invention includes the following steps for constructing method:
The real time data synchronization of a target group of planes for DNS service will be provided to calamity standby host group, include in the data and be used for
The data cached of domain name mapping basis is provided;
Domain name mapping request is received, is asked in response to the domain name mapping and utilizes the data cached carry out domain name mapping;
Asked with the domain name mapping described in domain name mapping result response.
In a kind of embodiment, each step of this method performs at least equipment of calamity standby host group.
In another embodiment, each step of this method by the calamity standby host group single device one or more processes
It is performed.
In a further embodiment, it is described by real time data synchronization to the step of calamity standby host group independently of calamity standby host group extremely
Performed in few equipment, remaining step performs in the same equipment of calamity standby host group.
In a kind of embodiment, it is described it is data cached recorded including history domain name mapping, the history domain name mapping is recorded as
The target group of planes normally performs the DNS name resolution record for carrying out dns resolution and producing during DNS service, this method into
During row domain name mapping, corresponding domain name mapping result is obtained by retrieving the history domain name mapping record.
Specifically, the history domain name mapping record includes the mapping relations from domain name to corresponding IP address.
In another embodiment, it is described it is data cached further include authorization message database, it is stored with awarding for each level of domain name
Weigh the authorization message of server;When this method carries out domain name mapping, corresponding according to authorization message data place record authorizes
Server info, performs recursive query to obtain the domain name mapping result.Preferably, the authorization message database with point
The form of cloth database is realized.
Further, domain name analysis request carries out transfer with domain name analysis result by consolidated network address.
Preferably, domain name analysis request is encrypted transmission with domain name analysis result.
A kind of domain name analysis system calamity provided by the invention for constructing devices, including:
Synchronization unit, for the real time data synchronization of a target group of planes for DNS service will to be provided to calamity standby host group, the data
In include for provide domain name mapping basis it is data cached;
Query unit, for receiving domain name mapping request, asks in response to the domain name mapping and utilizes described data cached
Carry out domain name mapping;
Response unit, is configured as asking with the domain name mapping described in domain name mapping result response.
In a kind of embodiment, each unit described in the present apparatus is configured as performing at least equipment of calamity standby host group.
In another embodiment, each unit described in the present apparatus is configured as in the single device of the calamity standby host group by one
Or multiple processes perform.
In another embodiment, the synchronization unit is configured as holding at least equipment independently of calamity standby host group
OK, the query unit and response unit are configured as performing in the same equipment of calamity standby host group.
It is disclosed according to one embodiment of present invention, it is described data cached including history domain name mapping record, it is described to go through
History domain name mapping is recorded as the target group of planes and normally performs the DNS domain name solution for carrying out dns resolution during DNS service and producing
New record, when the query unit carries out domain name mapping, corresponding domain is obtained by retrieving the history domain name mapping record
Name analysis result.
Preferably, the history domain name mapping record includes the mapping relations from domain name to corresponding IP address.
According to the present invention disclosed in another embodiment, it is described it is data cached further include authorization message database, it is stored with
The authorization message of the authorization server of each level of domain name;When the query unit carries out domain name mapping, according to authorization message data
The corresponding authorization server information of place record, performs recursive query to obtain the domain name mapping result.
Preferably, the authorization message database in a distributed manner database form realize.
Further, domain name analysis request carries out transfer with domain name analysis result by consolidated network address.
Preferably, domain name analysis request is encrypted transmission with domain name analysis result.
Compared to the prior art, the present invention at least has the following advantages that:
1st, the present invention realizes the structure of the disaster recovery and backup systems of DNS service system, passes through the phase of real-time synchronization DNS service system
Shut down the data of group, wherein more it is important that having backed up produced by those group of planes carry out normal analysis service in normal operation
History solution new record formed data cached, thus, in conventional DNS service system jam or attacked
When, you can interim and accurate dns resolution service is provided by the disaster recovery and backup systems for implementing this method, builds isolated island response mould
Formula, dns resolution service is provided using disaster recovery and backup systems for Internet user.
2nd, as disaster recovery and backup systems, directly client is not exposed usually, but using dns resolution server as front end services
Window, this disaster recovery and backup systems is transmitted to by dns resolution server by the domain name mapping request of user, and by the way that the request will be directed to
Domain name mapping result via the dns resolution transit server response request, can more effectively protect disaster recovery and backup systems, make calamity
Standby system more swimmingly can provide dns resolution service for Internet user.
Generally, existing Domain Name Service System can be suitable for construction with the disaster recovery and backup systems constructing method of the present invention
Disaster recovery and backup systems, in existing Domain Name Service System or its network paralysis relied on, can temporarily and effectively play domain
The effect of name analysis service.
The additional aspect of the present invention and advantage will be set forth in part in the description, these will become from the following description
Obtain substantially, or recognized by the practice of the present invention.
Brief description of the drawings
Of the invention above-mentioned and/or additional aspect and advantage will become from the following description of the accompanying drawings of embodiments
Substantially and it is readily appreciated that, wherein:
Fig. 1 is the domain name analysis system calamity of the present invention for the flow diagram of constructing method;
Fig. 2 is traditional dns resolution service principle schematic;
Fig. 3 is the domain name analysis system calamity of the present invention for the functional block diagram of constructing devices;
Fig. 4 is the flow diagram of the DNS disaster recovery and backup systems isolated island response automatic switching methods of the present invention;
Fig. 5 is the flow diagram of the step S22 of the DNS disaster recovery and backup systems isolated island response automatic switching methods of the present invention;
Fig. 6 is the functional block diagram of the DNS disaster recovery and backup systems isolated island response automatic switching control equipments of the present invention;
Fig. 7 is the functional block diagram of the identifying unit of the DNS disaster recovery and backup systems isolated island response automatic switching control equipments of the present invention.
Embodiment
The embodiment of the present invention is described below in detail, the example of the embodiment is shown in the drawings, wherein from beginning to end
Same or similar label represents same or similar element or has the function of same or like element.Below with reference to attached
The embodiment of figure description is exemplary, and is only used for explaining the present invention, and is not construed as limiting the claims.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singulative " one " used herein, " one
It is a ", " described " and "the" may also comprise plural form.It is to be further understood that what is used in the specification of the present invention arranges
Diction " comprising " refer to there are the feature, integer, step, operation, element and/or component, but it is not excluded that in the presence of or addition
One or more other features, integer, step, operation, element, component and/or their groups.It should be understood that when we claim member
Part is " connected " or during " coupled " to another element, it can be directly connected or coupled to other elements, or there may also be
Intermediary element.In addition, " connection " used herein or " coupling " can include wireless connection or wireless coupling.It is used herein to arrange
Taking leave "and/or" includes whole or any cell and all combinations of one or more associated list items.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art
Language and scientific terminology), there is the meaning identical with the general understanding of the those of ordinary skill in fields of the present invention.Should also
Understand, those terms such as defined in the general dictionary, it should be understood that have with the context of the prior art
The consistent meaning of meaning, and unless by specific definitions as here, idealization or the implication of overly formal otherwise will not be used
To explain.
Those skilled in the art of the present technique are appreciated that " terminal " used herein above, " terminal device " both include wireless communication
The equipment of number receiver, it only possesses the equipment of the wireless signal receiver of non-emissive ability, and including receiving and transmitting hardware
Equipment, its have on bidirectional communication link, can perform two-way communication reception and launch hardware equipment.This equipment
It can include:Honeycomb or other communication equipments, it shows with single line display or multi-line display or without multi-line
The honeycomb of device or other communication equipments;PCS (Personal Communications Service, PCS Personal Communications System), it can
With combine voice, data processing, fax and/or its communication ability;PDA (Personal Digital Assistant, it is personal
Digital assistants), it can include radio frequency receiver, pager, the Internet/intranet access, web browser, notepad, day
Go through and/or GPS (Global Positioning System, global positioning system) receiver;Conventional laptop and/or palm
Type computer or other equipment, its have and/or the conventional laptop including radio frequency receiver and/or palmtop computer or its
His equipment." terminal " used herein above, " terminal device " they can be portable, can transport, installed in the vehicles (aviation,
Sea-freight and/or land) in, or be suitable for and/or be configured in local runtime, and/or with distribution form, operate in the earth
And/or any other position operation in space." terminal " used herein above, " terminal device " can also be communication terminal, on
Network termination, music/video playback terminal, such as can be PDA, MID (Mobile Internet Device, mobile Internet
Equipment) and/or with music/video playing function mobile phone or the equipment such as smart television, set-top box.
Those skilled in the art of the present technique are appreciated that server used herein above, high in the clouds, remote network devices etc. are general
Read, there is effects equivalent, it includes but not limited to computer, network host, single network server, multiple webserver collection
Or the cloud that multiple servers are formed.Here, cloud is taken by a large amount of computers or network based on cloud computing (Cloud Computing)
Business device is formed, wherein, cloud computing is one kind of Distributed Calculation, and one be made of the computer collection of a group loose couplings is super
Virtual machine., can be by any logical between remote network devices, terminal device and WNS servers in the embodiment of the present invention
Letter mode realizes communication, includes but not limited to, mobile communication based on 3GPP, LTE, WIMAX, based on TCP/IP, udp protocol
Computer network communication and the low coverage wireless transmission method based on bluetooth, Infrared Transmission standard.
It will be appreciated by those skilled in the art that " application ", " application program ", " application software " and class alleged by the present invention
It is the same concept well known to those skilled in the art like the concept of statement, refers to be instructed by series of computation machine and related data
The computer software for being suitable for electronics operation of the organic construction of resource.Unless specified, this name is in itself from programming language
Species, rank, are also limited from the operating system or platform of its operation of relying.In the nature of things, this genus also from appoint
The terminal of what form is limited.
What will be disclosed herein is related to the related art scheme of the present invention, including two aspects, and how real first aspect is
The service of the structure of existing disaster recovery and backup systems opens, and second aspect is how to realize disaster identification so that it is guaranteed that in normal DNS service system
System and its disaster recovery and backup systems between realize effectively, in time, intelligently switch, thereby of both disclose, it will help this area skill
Art personnel more systematically understand the present invention.
The first aspect of related art scheme for the present invention, that is, provide a kind of domain name analysis system constructing method and
Device, device therein are instantiation of the foundation modularized thoughts to method therein, can be by way of programming by described in
Method and apparatus be embodied as software, be installed in computer equipment be particularly the dedicated computer with server-capabilities set
Run in standby, access internet opens its service, and with constructing playscript with stage directions dns resolution server, or constructs reality
A group of planes for existing local dns resolution server, for providing DNS name resolution service for client, so as to acknowledged client end.
Referring to Fig. 1, the domain name analysis system calamity of the present invention, for constructing method, being embodied as one or more can be installed on
Such as Windows sequence of maneuvers system (includes but not limited to Windows XP, Window 7, the family release of Windows 8
Deng) or Unix sequence of maneuvers system (include but not limited to Unix, Linux, IOS, Ubuntu etc.) software, by the software
Operation, and realize corresponding specific steps.Specifically comprise the following steps:
Step S11, it will thus provide the real time data synchronization of a target group of planes for DNS service to calamity standby host group, is wrapped in the data
Containing be useful for provide domain name mapping basis it is data cached.
Usually, there is provided the server of DNS service, similar to cloud architecture, is formed by the organic construction of multiple servers equipment
A group of planes, is mutually arranged with dns resolution server, realizes dns resolution service.Wherein, a DNS service group of planes is mainly used for realizing recurrence
System, by the recursive system into internet for parsing corresponding domain in the server recursive call of each level of domain name
Name, obtains IP address, to construct domain name analysis result, with response to external request.And dns resolution server is as front end applications
Window, is responsible for receiving the domain name mapping request for the client for initiating request, and the request is supplied to a group of planes, it is desirable to which a group of planes is made
Go out the response of domain name mapping result, then asked with the corresponding domain name mapping of corresponding domain name mapping result response.
Disaster recovery and backup systems constructed by the present invention, are both standby to the calamity of the whole domain name system in internet and based on to multiple
The calamity of a related group of planes for local dns server it is standby and realize.The realization of disaster recovery and backup systems, based on data synchronization;With failure
It is detected as the premise of its switchover operation;Using switching control as management logic.But disaster recovery and backup systems can be with Real Time Open, its fault detect
And follow-up switching control can be realized by third party, thus this first aspect of the present invention be not related to related fault detect and
The technology of switching control.
Data are synchronously that the present invention realizes the standby key foundation of the calamity of DNS service system.Realize data management by synchronization logic,
Generally use data backup means.Data backup is system, the basis of data disaster tolerance, and the realization of low side disaster tolerance, is high-end
The powerful guarantee of disaster tolerance (real time data protection).At present redundancy technique mainly have snapshot, offline backup, strange land storage it is standby
Part.Standby system is by backup policy, to the operating system of computer information system, file system, application program, data base set
The data sets such as system, realize the complete copy sometime put, and the data of copy are in non-presence, it is impossible to accessed at once,
It must such as recover mode by corresponding operating and use Backup Data.The premise of high-end disaster tolerance system is being built, is having to carry out
The backup of local system, this is the starting point of disaster tolerance technology.
When the present invention realizes data synchronization, using high-end disaster tolerance mode, to realize that the real time data to a DNS service group of planes is protected
Shield, specifically, exactly on polylith disk, multiple arrays, multiple servers, multiple data centers preserve with portion in real time
More parts of storages of data, in order to avoid physical fault.Real time data protection is needed using data backup as premise, it is not
Artificial maloperation and pernicious operation can be taken precautions against.It is emphasized that the purpose of disaster tolerance is to allow data when disaster occurs, moreover it is possible to quilt
Access, protected by real time data, ensure the integrality of data, therefore, the disaster tolerance system of institute's construction of the present invention does not ensure that
Data it is newest.
As it was previously stated, data backup is the means of disaster tolerance, it is not purpose, the purpose of disaster tolerance is the access of data, therefore should
Recovery and the recovery of network and relevant switching control, and the key of disaster tolerance.Specifically, it is exactly to occur in disaster
Afterwards, database switches, using restarting, real-time performance switching etc., the whole process at disaster recovery center adapter original production center;
It further comprises at the same time after former data center repairs, database, application, network need the whole process that switchback again comes.These
Process, can by it is manual switching, can also be completed by automation process;Also, how corresponding assessment is made accordingly,
And technical staff's problem to be solved.The present invention will subsequently be carried out detailed by the realization of another method and device to the part
Thin announcement, therefore temporarily by not table.
It follows that the data that the software of the method by being configured to the present invention will provide a target group of planes for DNS service are real
When be synchronized to calamity standby host group, become the just optimized integration of disaster tolerance system of the present invention.In order to further illustrate described in synchronization
Data, as follows please referring initially to an application example.
Incorporated by reference to Fig. 2, as follows by taking the resolving of this domain name of Netease portal address www.163.com as an example, illustrate just
The main process of dns resolution in the case of often:
Step 1:User computer sends parsing www.163.com to local dns (parsing) server set in its system
Request.So-called local dns server refers to a DNS service IP address, can be obtained automatically from operator, can also
It is manual setting.
Step 2:Local dns server can check whether the caching of this domain name in the space of oneself, if not provided,
The domain name mapping that www.163.com will be sent to root server is asked.
Step 3:After root server receives local dns server on the analysis request of domain name, the domain name of analysis request,
Return to the IP address of the server of home server .com this domain name node.
Step 4:Local dns server is sent after the server ip address of .com top level domain is connected to .com top level domain
Inquire about the analysis request of www.163.com.
Step 5:.com top domain server returns to local after receiving on the analysis request of www.163.com
IP address of the dns server on the dns server of 163 this second-level domain.
Step 6:Local dns server continues to initiate on www.163.com to the dns server of 163 this second-level domain
Analysis request.
Step 7:All subdomain names under the management server management 163.com in 163 this domain.In its name space
There is this subdomain name of www, its corresponding IP address is 111.1.53.220, therefore the dns server in 163.com domains can return
The corresponding IP address 111.1.53.220 of www.163.com are to local dns server.
Step 8:Local dns server receives 163.com this domain server on www.163.com analysis results
Afterwards, the corresponding IP address 111.1.53.220 of user is returned to, while this result can be retained a period of time, in case other are used
The inquiry at family.
Step 9:User computer is begun to after the corresponding IP address 111.1.53.220 of www.163.com domain names is obtained
To this IP requested webpage content of 111.1.53.220.So far, a full request process of analysis of DNS terminates.
In above-mentioned example, local dns server is reduced to a server, actually, it is generally the case that its backstage
The foregoing group of planes that may be collectively formed by multiple servers is realized.Dns resolution server, no matter which kind of situation, be required for
Serve as the dns server of application front end.Those skilled in the art should know this.
In above-mentioned example, step 2 can check whether domain name mapping request in the space of local dns server first
In domain name request, and then described in step 8 can translate domain names into result preserve a period of time in case other users inquire about
The fact.It is necessarily data cached comprising some in the data of a target group of planes it is possible thereby to know, these it is data cached usually with
The form of Log Types is stored, and can also be improved in the present invention in the form of database.
In one embodiment of the invention in relation to data cached realization, the normal service that DNS service is provided can be continued to use
The form of a group of planes, make it is described it is data cached recorded including history domain name mapping, the history domain name mapping is recorded as the target
A group of planes normally performs the DNS name resolution record for carrying out dns resolution during DNS service and producing, typically with journal file
Form storage.Every domain name mapping record, which includes at least, domain name, IP address corresponding with domain name, domain name here and
Correspondence between IP address, is primarily referred to as their mapping relations each other.Further, it is possible to be every in cache database
Bar domain name mapping record assigns a life cycle, and in the life cycle, the record is effective, more than the life cycle, then may be used
Deleted by the present invention or ignored.The present invention is when needing to be used to parse domain name using the cache database, preferential foundation
Domain name in request data, the cache database is retrieved from history domain name mapping record, finds corresponding effective note
Record, obtains corresponding IP address, then replys corresponding domain name mapping request.Certainly, if it exceeds the life cycle, or
There is no corresponding record during person is data cached, then still need to realize inquiry (if enable disaster recovery and backup systems by recursive system
Each level name server on public network is remained to if normally accessing).Since same terminal device is generally made by same user
With, its surf the Internet behavior expression go out certain inertia, be used to access portion specific website, therefore, by this it is data cached and its
Correlation technique, can be that user improves more efficient faster dns resolution service, and can save some mobile terminal devices
Flow consumption, for each level server of domain name paralysed lead to not recursive query in the case of for, these caching numbers
According to vital analytic function will be played.
It is described data cached including an authorization message data in another embodiment of the invention in relation to data cached realization
Storehouse, this database can be built using known Anycast (Anycast) technology distribution.The authorization message data stock
Contain the authorization message of the authorization server of each level of domain name;Can be when carrying out domain name mapping, according to authorization message database
The corresponding authorization server information recorded, performs recursive query to obtain the domain name mapping as a result, being suitable as
The scene of DNS recursive queries group of planes paralysis uses.
What the authorization message database was built based on being recorded also with the history domain name mapping.It is many
Well known, a domain name service group of planes can obtain the corresponding authorization service of each level of domain name during recursive query is performed
The authorization message of device, the authorization message database can be constructed using these authorization messages, is used for realization virtual root node,
Virtual root node service is opened to internet, realizes the standby parsing effect of calamity of more system.In this case, according to the present invention
The real standby system of institute, can be combined with virtual root node technology and provides security service, empty when dns resolution failure occurs in root node
Dns resolution function can be realized instead of root node by intending root node.Certainly, enough letters must be stored with authorization message database
Breath, i.e. all DNS requests and the corresponding authorization message specified in region, such fake root are stored in authorization message database
Node can have enough resources to carry out response to DNS request.Therefore, the realization of virtual root node is in authorization message data
Realized on the basis of storehouse.With reference to newly-increased authorization message database and virtual root node, failure can be parsed in root node
When for client provide dns resolution function, DNS Single Point of Faliures can be reduced and improve DNS defensive attack abilities, at the same time also
Access privilege control can be set to virtual root node, shield the attack data of DNS, improve the security and stabilization of dns resolution
Property.Attacked for dangerous DNS, inquiry is less than specific authorization message from authorization message database, then virtual root node will not
Analysis service etc. is provided for it.
According to foregoing announcement on realizing data cached two kinds of embodiments and its corresponding expanded function, this
Field technology personnel ought to know, be this area skill on data cached more specific implementation forms and its expansion application
What art personnel can according to the present invention need and flexibly realize.For example, described is data cached it can be appreciated that wrapping at the same time
The history domain name mapping record in both of the aforesaid embodiment and the authorization message database are included, also, not only can be by described in
History domain name mapping record be used as temporal cache, can also be using history domain name mapping record as having longer life cycle
Data be stored in the related independent data table of authorization message database, certain time length is reached in temporal cache by high frequency
Rate is converted into the history domain name mapping with longer life cycle in use, can record the history domain name mapping of temporal cache
Record storage is carried out when subsequently carrying out domain name mapping in the tables of data as query object prior to recursive system
Inquiry.
Topology and its level framework in relation to a DNS service group of planes, and the topology of disaster recovery and backup systems and level framework, Ke Yiyou
Those skilled in the art are realized according to known Principles of Network, and data and control between the two is more paid close attention in the present invention
Relation, therefore, is related to its topology and level framework relation, without repeating.
As it was previously stated, by the data on a DNS service group of planes, especially it is therein it is data cached be synchronized to calamity standby host group it
Afterwards, calamity standby host group possesses corresponding analytic ability, its analysis service can be further opened in subsequent step.
Step S12, domain name mapping request is received, is asked in response to the domain name mapping and utilizes the data cached carry out domain
Name parsing.
Disaster recovery and backup systems of the present invention, since it efficiently make use of data cached, realize the function of virtual root node, therefore
Possess independent virtual root node.It is specifically that virtual rhizosphere is played the role of by an authorization message database.When
When rhizosphere or top level domain server fail are unable to normal service, or even when exterior every other authorization server all occurs
During failure, local DNS system perhaps becomes parsing isolated island, in this case, this system should be allowed to realize in theory similar
Calamity for pattern, start calamity for emergency answering pattern, ensure internet base before root domain server or authorization server are repaired
This normal operation, time enough is left for system repairing and recovery.
By the present invention subsequently by the switching method of announcement, the related system of the related art scheme of the present invention is applied,
After disaster generation, relevant DNS service function, which will be switched to, is directed toward Disaster Preparation Center, namely the calamity standby host constructed by the present invention
Group.However, client needs to access the service of disaster tolerance node again, another question is brought, how network switches.It is specific and
Speech is exactly how the locally applied access path (network address) of dns server is changed to point in disaster tolerance by direction original production center
The heart.After disaster reparation, need to be directed toward original production center again in turn.It is most simple that method is exactly to change dns resolution service
The IP mapping relations of device, the network address of the offer DNS service of disaster recovery and backup systems is changed to by original destination address.Occur in disaster
Before, IP address is mapped as production center server;After disaster generation, IP address obtains server by being mapped as disaster recovery center;
After disaster is repaired, IP is mapped as the production center and obtains server again.
On realizing that this details intelligently switched will be described in detail in the second aspect of the invention, first party of the invention
Face premised on realizing this intelligence switching temporarily so as to illustrate.In the first aspect, client asks its domain name mapping
Dns resolution server is transmitted to, domain name mapping request is transmitted to the service of disaster recovery and backup systems by dns resolution server, standby by calamity
The service execution parsing of system, domain name analysis result is returned to dns resolution server, then by dns resolution server by the domain name
Analysis result response was asked by the domain name mapping of transfer originally.
Therefore, disaster recovery and backup systems of the invention, after it receives the domain name mapping request that the forwarding of dns resolution server comes,
It will need to it as parsing.Its parsing scheme can flexibly realize different mechanism for resolving, example with reference to foregoing a variety of variants
Such as:
In the first mechanism for resolving, corresponding to the data cached situation for only including history domain name mapping record, then calamity is standby
After system can extract domain name from the domain name mapping request, preferentially from the data cached magnanimity history domain of its storage
In name solution new record retrieval whether there is with the corresponding record of the domain name, when it is present, then to be deposited in the record with the domain name
Mapping relations IP address as domain name mapping result.It is of course also possible to consider related for history domain name mapping record setting
The factor of life cycle, does not consider further that for the history domain name mapping record more than default life cycle.But do not recommend usually
, can because if disaster recovery and backup systems are paralysed based on public network or the reason for each level servers go down of domain name using this strategy
The server that can not correspond to each level to domain name by public network carries out the actual domain name of recursive query acquisition, using this
Meaning once strategy is also little.May be also effective in view of each level server of domain name, simply a group of planes for dns server goes out
Show failure, in this case, can be further by the standby system of calamity of the present invention if IP address cannot be obtained from data cached
System performs recursive query, if it is possible to obtains effective parsing, then can similarly generate more accurate domain name mapping result.
Second of mechanism for resolving, corresponding to the data cached situation for including authorization message database.Can be first by the standby system of calamity
Unite after extracting domain name from the domain name mapping request, preferentially perform inquiry using authorization message, if can obtain effectively
IP analysis results, then with this response.If including history domain name mapping in authorization message database records corresponding data
Table, then can continue to use the first mechanism for resolving, if first attempting to obtain from the tables of data as a result, cannot obtain as a result, sharp again
Inquired about with the authorization message in authorization message database;Or conversely, being inquired about first with authorization message, inquiry must not
History domain name mapping record is recycled to be inquired about.
The third mechanism for resolving, correspond to it is existing it is data cached in existing authorization message database, and have as caching
The history domain name mapping record of data, and also have the situation of preferable history domain name mapping record in authorization message database.This
In the case of kind, can also flexibly it be used with reference to foregoing two kinds of mechanism.For example, first inquired about from caching history domain name mapping record,
Must not inquire about and inquired about again from the history domain name mapping record of tables of data, then inquire about and do not carried out when it's convenient using authorization message further
Inquiry;It is or on the contrary.
As long as built in a previous step using data cached it can be seen from the analysis of a variety of mechanism for resolving more than
Effective storage expression system, then neatly can efficiently use it, finally obtain corresponding domain in this step
Name analysis result.
Step S13, asked with the domain name mapping described in domain name mapping result response.
After back obtains domain name mapping result, this step can translate domain names into result and be asked according to domain name mapping
Forwarding side address feed back to dns resolution server carry out transfer, it is original that result response is translated domain names into by dns resolution server
Domain name mapping request originator, complete domain name resolution process.
It is pointed out that the present invention disaster recovery and backup systems, can not direct reception client end initiate domain name mapping request,
Also not directly to client response domain name analysis result, but by consolidated network address, it is primarily referred to as pointed by IP address
Dns resolution server realizes domain name mapping request and the transfer of domain name mapping result.Since disaster recovery and backup systems have the peace of higher
, can before full requirement, domain name mapping request and domain name mapping result are transmitted between dns resolution server and a disaster recovery and backup systems group of planes
To encrypt in advance, encrypted mode is varied, the mode of preferential recommendation public key encryption (asymmetric encryption).
Although content described above, is described using calamity standby host group as main body, however, according to the present invention first
The software that aspect is realized, but can flexibly be installed in multiple devices.It is contemplated that with the following several ways safety present invention
The software of first aspect, to form the system for the method and apparatus for realizing first aspect present invention:
In a kind of mode, each step of the present invention is implemented in same software, and the calamity for being installed on the present invention is standby
In an independent equipment for a group of planes, and the miscellaneous equipment of calamity standby host group then need to only be equipped with what is communicated with an independent equipment
Client modules, form pattern similar to C/S frameworks, to realize the centralized Control of a group of planes with this.Change as this mode
Change example, show operation aspect, corresponding software can run an independent service processes or multiple matched processes are come
This method is performed, an independent service processes are relatively simple to understand, as the situation of multiple processes, for example, can be by the present invention
Step S11 be embodied as a process, and step S12, S13 is embodied as a process, two processes independently work, complete
Into respective task.Two processes may be configured as system service process.
Another way, it is contemplated that step S11 and the mutual independence of other two step, it may be considered that by step S11
Data synchronizing function be implemented as an independent software installation in an autonomous device independently of calamity standby host group, it is such as described
DNS (parsing) server in, and other two step is still embodied as same software installation in the front end of calamity standby host group
In service equipment, both are sub-packed in two equipment, are not mutually exclusive and are worked in coordination, and similarly can also meet the needs of of the invention.
Therefore, it could be aware that, be related to the knowledge in terms of system building and software realization, Ke Yijie in application process of the present invention
Close techniques known and flexibly realized that those skilled in the art should not limit technology to the first aspect of the present invention with this
The understanding of scheme.
Referring to Fig. 3, the domain name analysis system calamity of the present invention is for constructing devices, on the basis of preceding method, foundation mould
Block thinking, which improves, to be realized, specifically includes synchronization unit 11, query unit 12, response unit 13 by caching number obtained by synchronization
According to:
The synchronization unit 11, for the real time data synchronization of a target group of planes for DNS service will to be provided to calamity standby host group,
Include in the data for providing the data cached of domain name mapping basis.
Usually, there is provided the server of DNS service, similar to cloud architecture, is formed by the organic construction of multiple servers equipment
A group of planes, is mutually arranged with dns resolution server, realizes dns resolution service.Wherein, a DNS service group of planes is mainly used for realizing recurrence
System, by the recursive system into internet for parsing corresponding domain in the server recursive call of each level of domain name
Name, obtains IP address, to construct domain name analysis result, with response to external request.And dns resolution server is as front end applications
Window, is responsible for receiving the domain name mapping request for the client for initiating request, and the request is supplied to a group of planes, it is desirable to which a group of planes is made
Go out the response of domain name mapping result, then asked with the corresponding domain name mapping of corresponding domain name mapping result response.
Disaster recovery and backup systems constructed by the present invention, are both standby to the calamity of the whole domain name system in internet and based on to multiple
The calamity of a related group of planes for local dns server it is standby and realize.The realization of disaster recovery and backup systems, based on data synchronization;With failure
It is detected as the premise of its switchover operation;Using switching control as management logic.But disaster recovery and backup systems can be with Real Time Open, its fault detect
And follow-up switching control can be realized by third party, thus this first aspect of the present invention be not related to related fault detect and
The technology of switching control.
Data are synchronously that the present invention realizes the standby key foundation of the calamity of DNS service system.Realize data management by synchronization logic,
Generally use data backup means.Data backup is system, the basis of data disaster tolerance, and the realization of low side disaster tolerance, is high-end
The powerful guarantee of disaster tolerance (real time data protection).At present redundancy technique mainly have snapshot, offline backup, strange land storage it is standby
Part.Standby system is by backup policy, to the operating system of computer information system, file system, application program, data base set
The data sets such as system, realize the complete copy sometime put, and the data of copy are in non-presence, it is impossible to accessed at once,
It must such as recover mode by corresponding operating and use Backup Data.The premise of high-end disaster tolerance system is being built, is having to carry out
The backup of local system, this is the starting point of disaster tolerance technology.
When the present invention realizes data synchronization, using high-end disaster tolerance mode, to realize that the real time data to a DNS service group of planes is protected
Shield, specifically, exactly on polylith disk, multiple arrays, multiple servers, multiple data centers preserve with portion in real time
More parts of storages of data, in order to avoid physical fault.Real time data protection is needed using data backup as premise, it is not
Artificial maloperation and pernicious operation can be taken precautions against.It is emphasized that the purpose of disaster tolerance is to allow data when disaster occurs, moreover it is possible to quilt
Access, protected by real time data, ensure the integrality of data, therefore, the disaster tolerance system of institute's construction of the present invention does not ensure that
Data it is newest.
As it was previously stated, data backup is the means of disaster tolerance, it is not purpose, the purpose of disaster tolerance is the access of data, therefore should
Recovery and the recovery of network and relevant switching control, and the key of disaster tolerance.Specifically, it is exactly to occur in disaster
Afterwards, database switches, using restarting, real-time performance switching etc., the whole process at disaster recovery center adapter original production center;
It further comprises at the same time after former data center repairs, database, application, network need the whole process that switchback again comes.These
Process, can by it is manual switching, can also be completed by automation process;Also, how corresponding assessment is made accordingly,
And technical staff's problem to be solved.The present invention will subsequently be carried out detailed by the realization of another method and device to the part
Thin announcement, therefore temporarily by not table.
It follows that the data for the target group of planes that will provide DNS service by being configured to the software of the device of the invention are real
When be synchronized to calamity standby host group, become the just optimized integration of disaster tolerance system of the present invention.In order to further illustrate described in synchronization
Data, as follows please referring initially to an application example.
Incorporated by reference to Fig. 2, as follows by taking the resolving of this domain name of Netease portal address www.163.com as an example, illustrate just
The main process of dns resolution in the case of often:
Step 1:User computer sends parsing www.163.com to local dns (parsing) server set in its system
Request.So-called local dns server refers to a DNS service IP address, can be obtained automatically from operator, can also
It is manual setting.
Step 2:Local dns server can check whether the caching of this domain name in the space of oneself, if not provided,
The domain name mapping that www.163.com will be sent to root server is asked.
Step 3:After root server receives local dns server on the analysis request of domain name, the domain name of analysis request,
Return to the IP address of the server of home server .com this domain name node.
Step 4:Local dns server is sent after the server ip address of .com top level domain is connected to .com top level domain
Inquire about the analysis request of www.163.com.
Step 5:.com top domain server returns to local after receiving on the analysis request of www.163.com
IP address of the dns server on the dns server of 163 this second-level domain.
Step 6:Local dns server continues to initiate on www.163.com to the dns server of 163 this second-level domain
Analysis request.
Step 7:All subdomain names under the management server management 163.com in 163 this domain.In its name space
There is this subdomain name of www, its corresponding IP address is 111.1.53.220, therefore the dns server in 163.com domains can return
The corresponding IP address 111.1.53.220 of www.163.com are to local dns server.
Step 8:Local dns server receives 163.com this domain server on www.163.com analysis results
Afterwards, the corresponding IP address 111.1.53.220 of user is returned to, while this result can be retained a period of time, in case other are used
The inquiry at family.
Step 9:User computer is begun to after the corresponding IP address 111.1.53.220 of www.163.com domain names is obtained
To this IP requested webpage content of 111.1.53.220.So far, a full request process of analysis of DNS terminates.
In above-mentioned example, local dns server is reduced to a server, actually, it is generally the case that its backstage
The foregoing group of planes that may be collectively formed by multiple servers is realized.Dns resolution server, no matter which kind of situation, be required for
Serve as the dns server of application front end.Those skilled in the art should know this.
In above-mentioned example, step 2 can check whether domain name mapping request in the space of local dns server first
In domain name request, and then described in step 8 can translate domain names into result preserve a period of time in case other users inquire about
The fact.It is necessarily data cached comprising some in the data of a target group of planes it is possible thereby to know, these it is data cached usually with
The form of Log Types is stored, and can also be improved in the present invention in the form of database.
In one embodiment of the invention in relation to data cached realization, the normal service that DNS service is provided can be continued to use
The form of a group of planes, make it is described it is data cached recorded including history domain name mapping, the history domain name mapping is recorded as the target
A group of planes normally performs the DNS name resolution record for carrying out dns resolution during DNS service and producing, typically with journal file
Form storage.Every domain name mapping record, which includes at least, domain name, IP address corresponding with domain name, domain name here and
Correspondence between IP address, is primarily referred to as their mapping relations each other.Further, it is possible to be every in cache database
Bar domain name mapping record assigns a life cycle, and in the life cycle, the record is effective, more than the life cycle, then may be used
Deleted by the present invention or ignored.The present invention is when needing to be used to parse domain name using the cache database, preferential foundation
Domain name in request data, the cache database is retrieved from history domain name mapping record, finds corresponding effective note
Record, obtains corresponding IP address, then replys corresponding domain name mapping request.Certainly, if it exceeds the life cycle, or
There is no corresponding record during person is data cached, then still need to realize inquiry (if enable disaster recovery and backup systems by recursive system
Each level name server on public network is remained to if normally accessing).Since same terminal device is generally made by same user
With, its surf the Internet behavior expression go out certain inertia, be used to access portion specific website, therefore, by this it is data cached and its
Correlation technique, can be that user improves more efficient faster dns resolution service, and can save some mobile terminal devices
Flow consumption, for each level server of domain name paralysed lead to not recursive query in the case of for, these caching numbers
According to vital analytic function will be played.
It is described data cached including an authorization message data in another embodiment of the invention in relation to data cached realization
Storehouse, this database can be built using known BGP Anycast (Anycast) technology distribution.The authorization message data
Stock contains the authorization message of the authorization server of each level of domain name;Can be when carrying out domain name mapping, according to authorization message number
The corresponding authorization server information recorded according to place, performs recursive query to obtain the domain name mapping as a result, being suitable for
Scene as the paralysis of a DNS recursive queries group of planes uses.
What the authorization message database was built based on being recorded also with the history domain name mapping.It is many
Well known, a domain name service group of planes can obtain the corresponding authorization service of each level of domain name during recursive query is performed
The authorization message of device, the authorization message database can be constructed using these authorization messages, is used for realization virtual root node,
Virtual root node service is opened to internet, realizes the standby parsing effect of calamity of more system.In this case, according to the present invention
The real standby system of institute, can be combined with virtual root node technology and provides security service, empty when dns resolution failure occurs in root node
Dns resolution function can be realized instead of root node by intending root node.Certainly, enough letters must be stored with authorization message database
Breath, i.e. all DNS requests and the corresponding authorization message specified in region, such fake root are stored in authorization message database
Node can have enough resources to carry out response to DNS request.Therefore, the realization of virtual root node is in authorization message data
Realized on the basis of storehouse.With reference to newly-increased authorization message database and virtual root node, failure can be parsed in root node
When for client provide dns resolution function, DNS Single Point of Faliures can be reduced and improve DNS defensive attack abilities, at the same time also
Access privilege control can be set to virtual root node, shield the attack data of DNS, improve the security and stabilization of dns resolution
Property.Attacked for dangerous DNS, inquiry is less than specific authorization message from authorization message database, then virtual root node will not
Analysis service etc. is provided for it.
According to foregoing announcement on realizing data cached two kinds of embodiments and its corresponding expanded function, this
Field technology personnel ought to know, be this area skill on data cached more specific implementation forms and its expansion application
What art personnel can according to the present invention need and flexibly realize.For example, described is data cached it can be appreciated that wrapping at the same time
The history domain name mapping record in both of the aforesaid embodiment and the authorization message database are included, also, not only can be by described in
History domain name mapping record be used as temporal cache, can also be using history domain name mapping record as having longer life cycle
Data be stored in the related independent data table of authorization message database, certain time length is reached in temporal cache by high frequency
Rate is converted into the history domain name mapping with longer life cycle in use, can record the history domain name mapping of temporal cache
Record storage is carried out when subsequently carrying out domain name mapping in the tables of data as query object prior to recursive system
Inquiry.
Topology and its level framework in relation to a DNS service group of planes, and the topology of disaster recovery and backup systems and level framework, Ke Yiyou
Those skilled in the art are realized according to known Principles of Network, and data and control between the two is more paid close attention in the present invention
Relation, therefore, is related to its topology and level framework relation, without repeating.
As it was previously stated, by the data on a DNS service group of planes, especially it is therein it is data cached be synchronized to calamity standby host group it
Afterwards, calamity standby host group possesses corresponding analytic ability, subsequently can further open its analysis service.
The query unit 12, for receiving domain name mapping request, in response to domain name mapping request described in utilization
Data cached carry out domain name mapping.
Disaster recovery and backup systems of the present invention, since it efficiently make use of data cached, realize the function of virtual root node, therefore
Possess independent virtual root node.It is specifically that virtual rhizosphere is played the role of by an authorization message database.When
When rhizosphere or top level domain server fail are unable to normal service, or even when exterior every other authorization server all occurs
During failure, local DNS system perhaps becomes parsing isolated island, in this case, this system should be allowed to realize in theory similar
Calamity for pattern, start calamity for emergency answering pattern, ensure internet base before root domain server or authorization server are repaired
This normal operation, time enough is left for system repairing and recovery.
By the present invention subsequently by the switching method of announcement, the related system of the related art scheme of the present invention is applied,
After disaster generation, relevant DNS service function, which will be switched to, is directed toward Disaster Preparation Center, namely the calamity standby host constructed by the present invention
Group.However, client needs to access the service of disaster tolerance node again, another question is brought, how network switches.It is specific and
Speech is exactly how the locally applied access path (network address) of dns server is changed to point in disaster tolerance by direction original production center
The heart.After disaster reparation, need to be directed toward original production center again in turn.It is most simple that method is exactly to change dns resolution service
The IP mapping relations of device, the network address of the offer DNS service of disaster recovery and backup systems is changed to by original destination address.Occur in disaster
Before, IP address is mapped as production center server;After disaster generation, IP address obtains server by being mapped as disaster recovery center;
After disaster is repaired, IP is mapped as the production center and obtains server again.
On realizing that this details intelligently switched will be described in detail in the second aspect of the invention, first party of the invention
Face premised on realizing this intelligence switching temporarily so as to illustrate.In the first aspect, client asks its domain name mapping
Dns resolution server is transmitted to, domain name mapping request is transmitted to the service of disaster recovery and backup systems by dns resolution server, standby by calamity
The service execution parsing of system, domain name analysis result is returned to dns resolution server, then by dns resolution server by the domain name
Analysis result response was asked by the domain name mapping of transfer originally.
Therefore, disaster recovery and backup systems of the invention, after it receives the domain name mapping request that the forwarding of dns resolution server comes,
It will need to it as parsing.Its parsing scheme can flexibly realize different mechanism for resolving, example with reference to foregoing a variety of variants
Such as:
In the first mechanism for resolving, corresponding to the data cached situation for only including history domain name mapping record, then calamity is standby
After system can extract domain name from the domain name mapping request, preferentially from the data cached magnanimity history domain of its storage
In name solution new record retrieval whether there is with the corresponding record of the domain name, when it is present, then to be deposited in the record with the domain name
Mapping relations IP address as domain name mapping result.It is of course also possible to consider related for history domain name mapping record setting
The factor of life cycle, does not consider further that for the history domain name mapping record more than default life cycle.But do not recommend usually
, can because if disaster recovery and backup systems are paralysed based on public network or the reason for each level servers go down of domain name using this strategy
The server that can not correspond to each level to domain name by public network carries out the actual domain name of recursive query acquisition, using this
Meaning once strategy is also little.May be also effective in view of each level server of domain name, simply a group of planes for dns server goes out
Show failure, in this case, can be further by the standby system of calamity of the present invention if IP address cannot be obtained from data cached
System performs recursive query, if it is possible to obtains effective parsing, then can similarly generate more accurate domain name mapping result.
Second of mechanism for resolving, corresponding to the data cached situation for including authorization message database.Can be first by the standby system of calamity
Unite after extracting domain name from the domain name mapping request, preferentially perform inquiry using authorization message, if can obtain effectively
IP analysis results, then with this response.If including history domain name mapping in authorization message database records corresponding data
Table, then can continue to use the first mechanism for resolving, if first attempting to obtain from the tables of data as a result, cannot obtain as a result, sharp again
Inquired about with the authorization message in authorization message database;Or conversely, being inquired about first with authorization message, inquiry must not
History domain name mapping record is recycled to be inquired about.
The third mechanism for resolving, correspond to it is existing it is data cached in existing authorization message database, and have as caching
The history domain name mapping record of data, and also have the situation of preferable history domain name mapping record in authorization message database.This
In the case of kind, can also flexibly it be used with reference to foregoing two kinds of mechanism.For example, first inquired about from caching history domain name mapping record,
Must not inquire about and inquired about again from the history domain name mapping record of tables of data, then inquire about and do not carried out when it's convenient using authorization message further
Inquiry;It is or on the contrary.
As long as built it can be seen from the analysis of a variety of mechanism for resolving more than in synchronization unit 11 using data cached
Effective storage expression system, then neatly can efficiently use it in this query unit 12, final to obtain
Corresponding domain name mapping result.
The response unit 13, is configured as asking with the domain name mapping described in domain name mapping result response.
After query unit 12 obtains domain name mapping result, this response unit 13 can translate domain names into result according to domain
The forwarding side address of name analysis request feeds back to dns resolution server and carries out transfer, and knot is translated domain names into by dns resolution server
The original domain name mapping request originator of fruit response, completes domain name resolution process.
It is pointed out that the present invention disaster recovery and backup systems, can not direct reception client end initiate domain name mapping request,
Also not directly to client response domain name analysis result, but by consolidated network address, it is primarily referred to as pointed by IP address
Dns resolution server realizes domain name mapping request and the transfer of domain name mapping result.Since disaster recovery and backup systems have the peace of higher
, can before full requirement, domain name mapping request and domain name mapping result are transmitted between dns resolution server and a disaster recovery and backup systems group of planes
To encrypt in advance, encrypted mode is varied, the mode of preferential recommendation public key encryption (asymmetric encryption).
Although content described above, is described using calamity standby host group as main body, however, according to the present invention first
The software that aspect is realized, but can flexibly be installed in multiple devices.It is contemplated that with the following several ways safety present invention
The software of first aspect, to form the system for the method and apparatus for realizing first aspect present invention:
In a kind of mode, by synchronization unit 11, query unit 12 and the response unit 13 of the present invention by same software structure
Make, and the software installation in the present invention calamity standby host group an independent equipment in, and the miscellaneous equipment of calamity standby host group then only
The client modules to communicate with an independent equipment need to be equipped with, pattern similar to C/S frameworks are formed with this, to realize
The centralized Control of a group of planes.As the variation instance of this mode, operation aspect is shown, corresponding software can run independent one
A service processes or multiple matched processes perform the unit described in this, and an independent service processes are relatively simple to understand,
As for the situation of multiple processes, for example, the synchronization unit 11 of the present invention can be embodied as a process, and by step cargo tracer
Member 12 and response unit 13 are embodied as a process, and two processes independently work, and complete respective task.Two processes are equal
It may be configured as system service process.
Another way, it is contemplated that the mutual independence of synchronization unit 11 and other two unit, it may be considered that will be synchronous
The data synchronizing function of unit 11 is constructed using an independent software, by the software installation in independently of the one of calamity standby host group
In platform autonomous device, example is as mentioned in DNS (parsing) server, and other two unit still using same software come structure
Make, by the software installation in the front end services equipment of calamity standby host group, both are sub-packed in two equipment, be not mutually exclusive and
Work in coordination, similarly can also meet the needs of of the invention.
Therefore, it could be aware that, be related to the knowledge in terms of system building and software realization, Ke Yijie in application process of the present invention
Close techniques known and flexibly realized that those skilled in the art should not limit technology to the first aspect of the present invention with this
The understanding of scheme.
Further, continuing with the technical solution for understanding second aspect of the present invention.Similarly, the technology of the second aspect of the present invention
Scheme, can also realize relevant software, be installed in the computer equipment with server-capabilities, with being taken easy to server
The operating system built is engaged, there is provided corresponding service.
The task of the second aspect of the present invention technical solution, is the fault detect and intelligence switching control for realizing disaster recovery and backup systems
Logic processed, but can be independently installed in miscellaneous equipment independently of first aspect present invention technical solution.In general, according to this
Method and apparatus involved by invention second aspect technical solution, are installed in DNS (parsing) server as business front end,
To recognize the group of planes or network of relation failure that provide DNS service at the first time, and will rapidly it provide DNS service
A group of planes navigates to the calamity standby host group of aforementioned first aspect technical solution structure.And in the fault clearance, and can be rapidly
Switchback.It is pointed out that content used by foregoing related first aspect present invention technical solution, also will be below in connection with this
It is cited in the announcement of invention second aspect technical solution, those skilled in the art should not isolate the contact in terms of the two.
Referring to Fig. 4, a kind of DNS disaster recovery and backup systems isolated island response automatic switching method of offer for this of the invention, including
Following steps:
Step S21, reception and gather provide DNS service a group of planes operation data.
As the dns server as application front end for the automatic switching method for realizing the present invention, it is provided with DNS
Correspondence is constructed between a group of planes for DNS service, the TCP or udp protocol of agreement can be included by predetermined communication port
Port etc. gathers the operation data of every equipment in these group of planes, and the type that these operation data are selected is very flexible, and
Can also flexibly it be used.It is exemplified below some operation data for reference:
1st, performance data, the throughput information of dns resolution is carried out for characterizing the group of planes each second.In general, every machine
Device in the condition of normal use, its dns resolution quantity that can be performed it is limited and relative constant, it is therefore, pre- by one
The throughput threshold of setting, can judge certain equipment, or judge whether the handling capacity of a whole group of planes is normal.It is designated herein
Handling capacity refer to receive domain name mapping ask and return the number that corresponding domain name mapping result carries out response.
2nd, machine data, for characterizing the operation information of at least one hardware of every equipment in a group of planes.Machine data master
Refer to the seizure condition of the CPU and/or memory when machine is run, for example, CPU is chronically at the operation of high usage such as 100%
State, and the long-term relatively low state of free memory might mean that certain is unnecessary busy.This can also be passed through in theory
A little machine datas judge the running quality of single device or a whole group of planes.
3rd, using data, for characterizing the log information of domain name mapping record.Log information designated herein, is primarily referred to as
Raw information for the data cached history domain name mapping record for forming first aspect present invention.These information both can be
Go out authorization message by subsequent development in disaster recovery and backup systems to be utilized, can also be only serve as in the method basis for estimation it
With.Using these log informations, at least it can be seen that whether there is parsing exception, such as a large amount of domain name analysis requests on a large scale
Corresponding normal parsing etc. cannot be obtained, therefore application data obviously can also be used as an operation data to be used.
4th, alarm data, for characterizing warning information caused by a group of planes.Alarm data designated herein, mainly a group of planes
In equipment system monitoring function produce alarm data, such as Windows systems " management " component caused by alert number
According to using these data, also can determine that single device or the operating status of a group of planes.
5th, variance data, for characterizing the different information between cache pool and database.Buffer pool designated herein, refers to
Data in the cushion space of buffer history domain name mapping record, and database designated herein, then refer to history domain
Name solution new record, which is postponed, to be rushed in space in the private file for the storage format for extracting into specification.These variance datas are recorded, it is main
It is to provide for the difference between data cached on temporal cache data and specification.
It is above-mentioned to provide various types of operation data, enumerating for data particular type is simply run, is not to running number
According to doing comprehensive restriction.After these operation data are collected, also to regard its different effect and carry out further interests, different
In the case of, the type of used operation data may be different, and flexibly change will be subsequently further described for these.
Step S22, computing is carried out to the operation data according to default configuration information, to form the DNS service machine
The operating status of group judges result.
Dns server is on the basis of it have collected the substantial amounts of operation data of the group of planes in relation to providing DNS service, Ke Yijin
The data mining of row intelligence, with reference to the principle of machine learning, makes the operating status of a normal group of planes and more intelligent accurately sentences
It is fixed.In order to reach this purpose, referring to Fig. 5, this step is realized using following specific steps:
Step S221, the achievement data collection as determinating reference is established.
The achievement data collection foundation, it is necessary to reference to it is described operation data selection depending on, and select operation number
According to then dependent on default configuration information.The achievement data collection of four kinds of situations in the corresponding form is given below for reference:
1st, performance data:1000, machine data:90%
2nd, alarm data:Danger, machine data:10%
3rd, variance data:90%, using data:file.log
4th, using data:file.log
According to above-mentioned four indices data set, the index that the present invention can be established do it is following mutually it should be understood that:
1st, when performance data reaches the handling capacity of 1000 times but machine data (CPU and/or memory accounting) just has arrived at
When 90%, the determinating reference of the present invention is just constituted.
2nd, when machine data (CPU and/or memory accounting) only used 10% alarm data for " danger " state just occur
When, just constitute determinating reference of the invention.
3rd, when application data reach 90% for the variance data in the file of file.log, sentencing for the present invention is just constituted
Determine benchmark.
4th, only with application data file.log files as real-time judgment benchmark.
On the basis of above-mentioned achievement data collection is constructed, can subsequently it done further based on these achievement data collection
Processing.It should be noted that these achievement data collection either just given before software installation, can also pass through
The user interface that software provides carries out maintenance on demand.These achievement data collection can be stored in a file for verifying this hair
Bright implementation.
Although being presented above four groups of achievement data collection,, can also be by the achievement data collection in some embodiments
Only one group of standard index is interpreted as, for characterizing the normal condition for the group of planes for providing DNS service, software programming hardly possible is simplified with this
Degree.
Step S222, according to default configuration information, select or generate corresponding algorithm.
The configuration information, in some cases, may between achievement data collection there are one-to-one relationship, but if
Achievement data collection is only one group of standard, then need to only correspond to this group of achievement data collection.Configuration information be typically observe by
The tactful configuration information that the certain format of institute's specification of the present invention is expressed.For example, in the present invention, there is multigroup finger for foregoing
The example of data set is marked, following tactful configuration information can be formulated, its implication accordingly characterized is also given in the table below:
Sequence number | The first element | Second key element | Algorithm | Symbolical meanings |
1 | Performance data | Machine data | A | Algorithm A is applicable in for performance and machine data |
2 | Alarm data | Machine data | B | Algorithm B is applicable in for alarm and machine data |
3 | Variance data | Using data | C | Algorithm C is applicable in difference and using data |
4 | Using data | It is unresponsive | D | The unresponsive part of application data is applicable in algorithm D |
Tactful configuration information above is used only for example, actually there is very flexible configuration mode, in theory, as long as
Achievement data collection can be set up with algorithm and associated, the configuration information of the present invention can be formed, regardless of whether these match somebody with somebody confidence
Breath embodies form and key element number etc..In general, a group policy configuration information should correspond to one group of achievement data collection, with
Just distinguish different situations and be applicable in different algorithms, under different group policy configuration information effects, participate in the operation number of computing
Lower involved operation data and achievement data collection are acted on according to other group policy configuration informations are different from the achievement data collection.
But achievement data collection can also be unified into a standard index data set as previously described, and each tactful configuration information corresponds to
The same standard index data set.
It can be seen from the above that by tactful configuration information, can known algorithm in selecting system, whole process is very intelligent.
Further, can also in the algorithm item of tactful configuration information, provide corresponding expression formula come dynamically provide algorithm generation according to
According to, then the corresponding algorithm of foundations generation provided by software according to treaty rule using these by tactful configuration information, using life
Into algorithm be applicable in it.As it can be seen that the present invention has associated achievement data collection and or between unknown algorithm by configuration information
Relation, gives machine learning model, has height intelligent characteristic, can the various operation conditions of Dynamic Recognition, thus follow-up
More intelligent calamity is made for switching control.
Similarly, the configuration information, tactful configuration information especially therein, and/or the algorithm of the dymamic setting, can
To be supplied to user to be inputted and safeguarded by providing a graphic user interface, corresponding data can then be stored in one
In tables of data or file, in case the software of the present invention uses.Further, for inputting or improving the user interface of achievement data collection
And for set or change the tactful configuration information and/can algorithm user interface, can be same user interface, can be with
By programming personnel's flexible design as needed.
Step S223, on the basis of achievement data collection, computing is carried out to the operation data using the algorithm, is sentenced
Whether the operating status that operation data are characterized surely is abnormal.
Achievement data collection and configuration information is determined foregoing, after referring specifically to tactful configuration information, can utilize
The Algorithm Options that tactful configuration information provides, determine corresponding algorithm, and the key element provided in configuration information is compareed using the algorithm,
By operation of the corresponding key element run in data with the progress of this benchmark of achievement data collection mathematically, such as count, compare, conclude
Etc., final operation result is obtained, makes the fortune of the equipment or a whole group of planes in the group of planes that the operation data are characterized
The whether abnormal judgement of row state.
In some cases, the configuration information can also provide an execution option, such as characterization packet discard is not
The option of response is given, in this case, after unfavorable judgement result is made with corresponding algorithm, the option can be applicable in
And response is refused follow-up domain name mapping request, direct packet loss processing.
In order to vivider understand the present invention, an above-mentioned machine learning model by the present invention is given below and identifies
The example of DNS attacks.
In this example, achievement data, which integrates, can provide the time as 100ms, same using being directed in data in 100ms
The analysis request quantity of domain name is 5000 times.The situation that tactful configuration information application data, unit interval are combined is using calculation
Method K.In this case, when the dns resolution server for being configured with the software for realizing this method recognizes gathered application number
According to, within the unit interval of 100ms scope for same domain name generate more than 5000 times domain name mapping request when, do not meet
Historical behavior is accustomed to, and in this case, triggering algorithm K is subject to further computing and verification, by algorithm K according to history domain name mapping
Request is counted and drawn in history use habit, and the number which is accessed in 100ms is far below 5000 times, such case
Under, algorithm K can be determined further, judge that network attack is occurring for the time, and it is different then to make operating status
Normal judgement.In this illustration, algorithm K realize it is relative complex, in fact, an extra statistics process can also be passed through
The historical behavior custom of each domain name is counted, the number of requests of achievement data concentration is generated with this, in this case,
Algorithm K only needs that the access number for being currently directed to the domain name is compared and can be made with the number of requests that achievement data is concentrated
Judge.
In another embodiment, it is some journal file that can be specified in achievement data concentration using data, and strategy configuration
Specified in information and algorithm X is applicable in the unresponsive situation of the journal file.When algorithm X is run, the nothing for counting the journal file should
Record is answered, when in the scheduled time, such as in 100 minutes, when caused log recording is unresponsive record, then can directly be sentenced
The fixed corresponding equipment for providing DNS service or a group of planes break down, so as to can also make the conclusion of operating status exception.
Two kinds of situations above, in narration, for simplicity, it will thus provide a group of planes for DNS service is reduced to unit and is explained
State, it will be understood by those skilled in the art that in these examples, naturally it is also possible to or it is contemplated that organic judgement of a group of planes
Situation, and these belong to the combination of mathematics and programming technique, and those skilled in the art should rationally grasp, example
Such as can be to consider that up to some equipment same type situation occur and are considered as in the overall paralysis or public network of a group of planes in the algorithm
Domain name each level dns server do not reach, further judge that operating status is abnormal accordingly.In view of similar situation is more
Become, it is impossible to exhaust, and the present invention has been discovered that the relation between a group of planes and unit therein so that those skilled in the art
It is enough flexibly to strain, therefore without repeating.
When realized with algorithm a DNS service group of planes operating status judge after, just form corresponding operating status as a result,
Final switching control can be made accordingly.
Step 23, when it is described judgement result characterization abnormal operating condition when, it will thus provide the destination address of DNS service is revised as
The network address of disaster recovery and backup systems;When the judgement result characterization normal operating condition, it will thus provide the destination address of DNS service is repaiied
It is changed to point to original destination address.
It could be aware that, the operating status judges that the essence of result is a two-value option, or characterization operating status
Normally, i.e. DNS service group of planes normal operation;Or characterization operating status is abnormal, i.e. DNS service group of planes misoperation.Therefore, it is right
Both of these case is answered to make different switchings.
When the judgement result characterization abnormal operating condition, dns resolution server knows the original machine for providing DNS service
Group or can not be difficult to continue to provide dns resolution service, no matter the reason is that attacked for DNS, or because network not
Reachable, the logic that dns resolution server is realized according to this step, is required to make corresponding handover operation so that follow-up
Dns resolution request can be transmitted to the disaster recovery and backup systems that the technical solution of the first aspect of the present invention is realized, be transported by disaster recovery and backup systems
Domain name mapping is carried out with the technology of foregoing announcement.When disaster recovery and backup systems obtain domain name mapping result and are transmitted to this dns resolution service
Device and then the client for initiating domain name mapping request with the domain name mapping result response by this dns resolution server.At this
During a, dns resolution server only plays transfer, in order to avoid security attack, suitably translates domain names into request and domain name
Analysis result is encrypted transmission, either to dns resolution server and initiates the transmission between the client of request, still
Transmission between dns resolution server and disaster recovery and backup systems, using encryption mechanism, can make DNS data safer, perfect
Traditional DNS Protocol.
When the judgement result characterization normal operating condition, dns resolution server knows the DNS service that provided originally
A group of planes has removed fault recovery normal service, and thus, the logic that dns resolution server is realized according to this step is, it is necessary to make
Switchback operates so that and follow-up dns resolution request is no longer parsed by disaster recovery and backup systems, but by providing DNS service originally
Cluster system is parsed, though and disaster recovery and backup systems are then returned to its open DNS service due to not receiving domain name mapping request and
It is standby.
Complete above two contrary switching during, dns server can also by a customer data base to
The user group push instant message of its client (such as certain type of mobile terminal safety software) is installed, user is installed
Relative client software receive the instant message after, also can automatically change and switch its dns server address makes its direction
The safer dns server that disaster recovery and backup systems provide;Or the instant message is shown to user's voluntarily decision-making.
And in dns resolution server, the action of switching is made, then is realized by changing its inner parameter.Specifically
It is a network address parameter expressed in the form of IP address, under default situations, which is the original DNS service that provides
The IP address (destination address) of opening its dns resolution service specified by a group of planes, but judge result for abnormal operating condition when,
The IP address for being used to open its dns resolution service of disaster recovery and backup systems is then revised as by this step.Conversely, DNS clothes ought be provided originally
When a group of planes for business recovers normal service, then need to change back the network address parameter from the IP address of disaster recovery and backup systems providing originally
The IP address of its dns resolution service of the opening of a group of planes for DNS service.This network parameter can be configured at a file or registration
In table, and interface, or user interface provided by the invention can be set to carry out manual modification by corresponding system.The former
Specific implementation form according to different operating system depending on.
Referring to Fig. 6, a kind of DNS disaster recovery and backup systems isolated island response automatic switching control equipment of offer for this of the invention, including
Collecting unit 21, identifying unit 22 and switch unit 23.
The collecting unit 21, for receiving and gathering the operation data for the group of planes for providing DNS service.
As the dns server as application front end for the automatic switching control equipment for realizing the present invention, it is provided with DNS
Correspondence is constructed between a group of planes for DNS service, the TCP or udp protocol of agreement can be included by predetermined communication port
Port etc. gathers the operation data of every equipment in these group of planes, and the type that these operation data are selected is very flexible, and
Can also flexibly it be used.It is exemplified below some operation data for reference:
1st, performance data, the throughput information of dns resolution is carried out for characterizing the group of planes each second.In general, every machine
Device in the condition of normal use, its dns resolution quantity that can be performed it is limited and relative constant, it is therefore, pre- by one
The throughput threshold of setting, can judge certain equipment, or judge whether the handling capacity of a whole group of planes is normal.It is designated herein
Handling capacity refer to receive domain name mapping ask and return the number that corresponding domain name mapping result carries out response.
2nd, machine data, for characterizing the operation information of at least one hardware of every equipment in a group of planes.Machine data master
Refer to the seizure condition of the CPU and/or memory when machine is run, for example, CPU is chronically at the operation of high usage such as 100%
State, and the long-term relatively low state of free memory might mean that certain is unnecessary busy.This can also be passed through in theory
A little machine datas judge the running quality of single device or a whole group of planes.
3rd, using data, for characterizing the log information of domain name mapping record.Log information designated herein, is primarily referred to as
Raw information for the data cached history domain name mapping record for forming first aspect present invention.These information both can be
Go out authorization message by subsequent development in disaster recovery and backup systems to be utilized, can also be only served as in the present apparatus basis for estimation it
With.Using these log informations, at least it can be seen that whether there is parsing exception, such as a large amount of domain name analysis requests on a large scale
Corresponding normal parsing etc. cannot be obtained, therefore application data obviously can also be used as an operation data to be used.
4th, alarm data, for characterizing warning information caused by a group of planes.Alarm data designated herein, mainly a group of planes
In equipment system monitoring function produce alarm data, such as Windows systems " management " component caused by alert number
According to using these data, also can determine that single device or the operating status of a group of planes.
5th, variance data, for characterizing the different information between cache pool and database.Buffer pool designated herein, refers to
Data in the cushion space of buffer history domain name mapping record, and database designated herein, then refer to history domain
Name solution new record, which is postponed, to be rushed in space in the private file for the storage format for extracting into specification.These variance datas are recorded, it is main
It is to provide for the difference between data cached on temporal cache data and specification.
It is above-mentioned to provide various types of operation data, enumerating for data particular type is simply run, is not to running number
According to doing comprehensive restriction.After these operation data are collected, also to regard its different effect and carry out further interests, different
In the case of, the type of used operation data may be different, and flexibly change will be subsequently further described for these.
The identifying unit 22, is configured as carrying out computing to the operation data according to default configuration information, with
The operating status for forming the DNS service group of planes judges result.
Dns server is on the basis of it have collected the substantial amounts of operation data of the group of planes in relation to providing DNS service, Ke Yijin
The data mining of row intelligence, with reference to the principle of machine learning, makes the operating status of a normal group of planes and more intelligent accurately sentences
It is fixed.In order to reach this purpose, referring to Fig. 7, this identifying unit 22 specifically includes Index Establishment module 221, algorithm generation mould
Block 222 and computing determination module 223.
The Index Establishment module 221, for establishing the achievement data collection as determinating reference.
The achievement data collection foundation, it is necessary to reference to it is described operation data selection depending on, and select operation number
According to then dependent on default configuration information.The achievement data collection of four kinds of situations in the corresponding form is given below for reference:
1st, performance data:1000, machine data:90%
2nd, alarm data:Danger, machine data:10%
3rd, variance data:90%, using data:file.log
4th, using data:file.log
According to above-mentioned four indices data set, the index that the present invention can be established do it is following mutually it should be understood that:
1st, when performance data reaches the handling capacity of 1000 times but machine data (CPU and/or memory accounting) just has arrived at
When 90%, the determinating reference of the present invention is just constituted.
2nd, when machine data (CPU and/or memory accounting) only used 10% alarm data for " danger " state just occur
When, just constitute determinating reference of the invention.
3rd, when application data reach 90% for the variance data in the file of file.log, sentencing for the present invention is just constituted
Determine benchmark.
4th, only with application data file.log files as real-time judgment benchmark.
On the basis of above-mentioned achievement data collection is constructed, can subsequently it done further based on these achievement data collection
Processing.It should be noted that these achievement data collection either just given before software installation, can also pass through
The user interface that software provides carries out maintenance on demand.These achievement data collection can be stored in a file for verifying this hair
Bright implementation.
Although being presented above four groups of achievement data collection,, can also be by the achievement data collection in some embodiments
Only one group of standard index is interpreted as, for characterizing the normal condition for the group of planes for providing DNS service, software programming hardly possible is simplified with this
Degree.
The algorithm generation module 222, for according to default configuration information, selecting or generating corresponding algorithm.
The configuration information, in some cases, may between achievement data collection there are one-to-one relationship, but if
Achievement data collection is only one group of standard, then need to only correspond to this group of achievement data collection.Configuration information be typically observe by
The tactful configuration information that the certain format of institute's specification of the present invention is expressed.For example, in the present invention, there is multigroup finger for foregoing
The example of data set is marked, following tactful configuration information can be formulated, its implication accordingly characterized is also given in the table below:
Sequence number | The first element | Second key element | Algorithm | Symbolical meanings |
1 | Performance data | Machine data | A | Algorithm A is applicable in for performance and machine data |
2 | Alarm data | Machine data | B | Algorithm B is applicable in for alarm and machine data |
3 | Variance data | Using data | C | Algorithm C is applicable in difference and using data |
4 | Using data | It is unresponsive | D | The unresponsive part of application data is applicable in algorithm D |
Tactful configuration information above is used only for example, actually there is very flexible configuration mode, in theory, as long as
Achievement data collection can be set up with algorithm and associated, the configuration information of the present invention can be formed, regardless of whether these match somebody with somebody confidence
Breath embodies form and key element number etc..In general, a group policy configuration information should correspond to one group of achievement data collection, with
Just distinguish different situations and be applicable in different algorithms, under different group policy configuration information effects, participate in the operation number of computing
Lower involved operation data and achievement data collection are acted on according to other group policy configuration informations are different from the achievement data collection.
But achievement data collection can also be unified into a standard index data set as previously described, and each tactful configuration information corresponds to
The same standard index data set.
It can be seen from the above that by tactful configuration information, can known algorithm in selecting system, whole process is very intelligent.
Further, can also in the algorithm item of tactful configuration information, provide corresponding expression formula come dynamically provide algorithm generation according to
According to, then the corresponding algorithm of foundations generation provided by software according to treaty rule using these by tactful configuration information, using life
Into algorithm be applicable in it.As it can be seen that the present invention has associated achievement data collection and or between unknown algorithm by configuration information
Relation, gives machine learning model, has height intelligent characteristic, can the various operation conditions of Dynamic Recognition, thus follow-up
More intelligent calamity is made for switching control.
Similarly, the configuration information, tactful configuration information especially therein, and/or the algorithm of the dymamic setting, can
It is supplied to user to be inputted and safeguarded with the graphic user interface provided by the setup unit of the present invention, phase
The data answered can be then stored in a tables of data or file, in case the software of the present invention uses.Further, for inputting or changing
Into achievement data collection user interface and for set or change the tactful configuration information and/can algorithm user interface,
Can be same user interface, can be by programming personnel's flexible design as needed.
The computing determination module 223, is configured as on the basis of achievement data collection, using the algorithm to described
Run data and carry out computing, judge whether the operating status that operation data are characterized is abnormal.
Achievement data collection and configuration information is determined foregoing, after referring specifically to tactful configuration information, can utilize
The Algorithm Options that tactful configuration information provides, determine corresponding algorithm, and the key element provided in configuration information is compareed using the algorithm,
By operation of the corresponding key element run in data with the progress of this benchmark of achievement data collection mathematically, such as count, compare, conclude
Etc., final operation result is obtained, makes the fortune of the equipment or a whole group of planes in the group of planes that the operation data are characterized
The whether abnormal judgement of row state.
In some cases, the configuration information can also provide an execution option, such as characterization packet discard is not
The option of response is given, in this case, after unfavorable judgement result is made with corresponding algorithm, the option can be applicable in
And response is refused follow-up domain name mapping request, direct packet loss processing.
In order to vivider understand the present invention, an above-mentioned machine learning model by the present invention is given below and identifies
The example of DNS attacks.
In this example, achievement data, which integrates, can provide the time as 100ms, same using being directed in data in 100ms
The analysis request quantity of domain name is 5000 times.The situation that tactful configuration information application data, unit interval are combined is using calculation
Method K.In this case, when the dns resolution server for being configured with the software for constructing the present apparatus recognizes gathered application
Data, when scope generates the domain name mapping request more than 5000 times for same domain name within the unit interval of 100ms, are not inconsistent
Historical behavior custom is closed, in this case, triggering algorithm K is subject to further computing and verification, by algorithm K according to history domain name solution
Analysis request is counted and drawn in history use habit, and the number which is accessed in 100ms is far below 5000 times, this feelings
Under condition, algorithm K can be determined further, judged that network attack is occurring for the time, can then be made operating status
Abnormal judgement.In this illustration, algorithm K realize it is relative complex, in fact, can also by an extra statistics into
Journey counts the historical behavior custom of each domain name, and the number of requests of achievement data concentration, such case are generated with this
Under, algorithm K only needs the access number for being currently directed to the domain name being compared with the number of requests that achievement data is concentrated
Determine.
In another embodiment, it is some journal file that can be specified in achievement data concentration using data, and strategy configuration
Specified in information and algorithm X is applicable in the unresponsive situation of the journal file.When algorithm X is run, the nothing for counting the journal file should
Record is answered, when in the scheduled time, such as in 100 minutes, when caused log recording is unresponsive record, then can directly be sentenced
The fixed corresponding equipment for providing DNS service or a group of planes break down, so as to can also make the conclusion of operating status exception.
Two kinds of situations above, in narration, for simplicity, it will thus provide a group of planes for DNS service is reduced to unit and is explained
State, it will be understood by those skilled in the art that in these examples, naturally it is also possible to or it is contemplated that organic judgement of a group of planes
Situation, and these belong to the combination of mathematics and programming technique, and those skilled in the art should rationally grasp, example
Such as can be to consider that up to some equipment same type situation occur and are considered as in the overall paralysis or public network of a group of planes in the algorithm
Domain name each level dns server do not reach, further judge that operating status is abnormal accordingly.In view of similar situation is more
Become, it is impossible to exhaust, and the present invention has been discovered that the relation between a group of planes and unit therein so that those skilled in the art
It is enough flexibly to strain, therefore without repeating.
When realized with algorithm a DNS service group of planes operating status judge after, just form corresponding operating status as a result,
Final switching control can be made accordingly.
The switch unit 23, when being configured as the judgement result characterization abnormal operating condition, it will thus provide DNS takes
The destination address of business is revised as the network address of disaster recovery and backup systems;When the judgement result characterization normal operating condition, it will thus provide
The destination address of DNS service is modified to point to original destination address.
It could be aware that, the operating status judges that the essence of result is a two-value option, or characterization operating status
Normally, i.e. DNS service group of planes normal operation;Or characterization operating status is abnormal, i.e. DNS service group of planes misoperation.Therefore, it is right
Both of these case is answered to make different switchings.
When the judgement result characterization abnormal operating condition, dns resolution server knows the original machine for providing DNS service
Group or can not be difficult to continue to provide dns resolution service, no matter the reason is that attacked for DNS, or because network not
Reachable, the logic that dns resolution server is realized according to this switch unit 23, is required to make corresponding handover operation so that
Follow-up dns resolution request can be transmitted to the disaster recovery and backup systems that the technical solution of the first aspect of the present invention is realized, standby by calamity
System carries out domain name mapping with the technology of foregoing announcement.When disaster recovery and backup systems obtain domain name mapping result and are transmitted to this DNS solutions
Analysis server and then the client for initiating domain name mapping request with the domain name mapping result response by this dns resolution server
End.In this process, dns resolution server only plays transfer, in order to avoid security attack, suitably translates domain names into request
Transmission is encrypted with domain name mapping result, either to dns resolution server and initiates the transmission between the client of request,
Or the transmission between dns resolution server and disaster recovery and backup systems, using encryption mechanism, can make DNS data safer, complete
It has been apt to traditional DNS Protocol.
When the judgement result characterization normal operating condition, dns resolution server knows the DNS service that provided originally
A group of planes has removed fault recovery normal service, and thus, the logic that dns resolution server is realized according to this switch unit 23, needs
Make switchback operation so that follow-up dns resolution request is no longer parsed by disaster recovery and backup systems, but by providing DNS originally
The cluster system of service is parsed, though and disaster recovery and backup systems are then returned to its open DNS service due to not receiving domain name mapping
Request and it is standby.
Complete above two contrary switching during, dns server can also by a customer data base to
The user group push instant message of its client (such as certain type of mobile terminal safety software) is installed, user is installed
Relative client software receive the instant message after, also can automatically change and switch its dns server address makes its direction
The safer dns server that disaster recovery and backup systems provide;Or the instant message is shown to user's voluntarily decision-making.
And in dns resolution server, the action of switching is made, then is realized by changing its inner parameter.Specifically
It is a network address parameter expressed in the form of IP address, under default situations, which is the original DNS service that provides
The IP address (destination address) of opening its dns resolution service specified by a group of planes, but judge result for abnormal operating condition when,
The IP address for being used to open its dns resolution service of disaster recovery and backup systems is then revised as by this switch unit 23.Once network address quilt
Modification, just completes the switching between different system.Conversely, when the group of planes for providing DNS service originally recovers normal service, then
Need to change back the network address parameter from the IP address of disaster recovery and backup systems provided the opening of a group of planes of DNS service its DNS originally
The IP address of analysis service.This network parameter can be configured in a file or registration table, and can be by corresponding
System sets interface, or the user interface for the setup unit offer for passing through the present invention to carry out manual modification.The former tool
Depending on body way of realization is according to different operating system.
The announcement of above-mentioned multiple embodiments of method and apparatus involved by technical solution according to a second aspect of the present invention can be with
To find out, one of essence of the invention is the function by realizing intelligent attack judgement with reference to machine learning techniques,
Although only providing section Example herein, according to the identical principle with the present invention, those skilled in the art can be herein
On the basis of continue change and dissolve a variety of decision methods.This behavior decision-making function, in conjunction with bottom layer realization, it is possible to achieve DNS takes
The safer protection effect of business device.
For example, in an embodiment of the present invention, corresponding network number is asked in each domain name mapping for reception
According to bag, the corresponding DNS behavior types of the network packet can be judged in a manner of similar aforementioned machines study, and according to true
Fixed DNS behavior types determine the processing main body handled the network packet, and then the network packet is gone to really
Fixed processing main body is handled.In embodiments of the present invention, processing main body can be formed by two layers, be inner nuclear layer respectively, answered
With layer.Inner nuclear layer includes network layer, driving layer etc., it is possible to achieve the function such as cache, attack protection, and application layer can be right
Acquisition of address, address data memory after network packet progress basic analytical, including domain name mapping etc..With in the prior art
The processing methods of DNS behaviors compare, network packet is respectively divided to inner nuclear layer and application layer process, can be by DNS
Request is handled according to actual request, can also be stronger interior by disposal ability if running into the attack of the DNS request of millions of times in one second
Check it to be handled, and meet timeliness and require relatively low DNS request, then can be by application layer process.Using kernel
DNS request is handled respectively with application layer, it is contemplated that the huge disposal ability of kernel, can realize the DNS query of big flow.And
And when the modification caused by DNS request or startup cause loading, because kernel and application layer are handled respectively, therefore can be with
Using one of them current DNS request of processing, another continuation externally provides service.Therefore, the embodiment of the present invention improves unit
Traffic handing capacity, while greatly improving the disposal ability and security protection ability of system, moreover it is possible to realize that quick domain name is moved
State management and configuration, and then realize the sophisticated functions demand much customized.
When DNS behavior types are determined as attack, then, it may be determined that processing main body is kernel, and works as DNS behaviors
When type is domain name mapping behavior, it may be determined that processing main body is application layer.In order to lifted the response speed of domain name resolution service,
Process performance and security protection ability, according to the Analytic principle of DNS, can realize that cache and safety are anti-in kernel module
Shield, normal condition kernel module can efficiently, stably handle the attack protection of 98% analysis request and the overwhelming majority.And handle
Logic is relative complex, is not that so high basis parses and management function is placed on application layer realization to performance requirement.
Therefore, when processing main body is kernel, the network packet is detected by kernel, filtering will carry in network packet
DNS attacks;And the network packet after filtering is forwarded to application layer and is handled.Kernel detects network data
Bao Shi, can start the strategies such as anti-DDOS attack strategy, IP speed limits strategy, domain name speed limit strategy, correspondingly, can be in kernel
For the internal module of each strategy setting independence, Different Strategies are used for realization.
Herein it should be noted that each network packet possesses a condition code, and each condition code is an only nothing
Two, therefore, the attribute of the DNS request of network packet can be judged according to condition code, penetrates the normal data packet that disguises oneself as
DNS attack operations.Now judge DNS attacks whether are carried in the network packet according to following steps:
Step A, the condition code of calculating network data packet;
Step B, whether judging characteristic code is the condition code of DNS attacks, if so, step C is performed, if it is not, performing step
Rapid D;
If step C, it is determined that carry DNS attacks in network packet;
Step D, if not, it is determined that do not carry DNS attacks in network packet.
Wherein, the set of the condition code of known DNS attacks is typically stored with database, will when needing verification
The condition code calculated in step A is matched with the set of database, if there are the set for the condition codes that calculate of step A
In, then it is DNS attacks, it is on the contrary then be not.
Wherein, condition code can be determined according to domain-name informations such as IP or domain names, for example, calculating coming for specified time interior reception
Condition code is obtained from the network packet number of same IP, and/or calculates the network from same domain name received in specified time
Number-of-packet.If the network packet number received in 1 second from same IP or same domain names is far longer than the bag number that receive, just
Prove that the IP address or domain name have been changed into attack source.This is also IP speed limits strategy, the basic principle of domain name speed limit strategy.Demonstrate,proved
The bright IP address or domain name for being changed into attack source, receives the network packet from this source, can directly give up again afterwards
Or filter out, avoid being attacked by it, improve security of system energy and treatment effeciency.
After kernel filters attack, network packet is sent to application layer and is handled.Application layer can be with
Network packet is parsed, the corresponding address information of domain name is obtained, so that obtaining related data feeds back to client.With
And application layer can be managed the data such as domain-name information, realize data management function.
With reference to the explanation of full text of the present invention, it can be seen that method involved by the technical solution of the first aspect of the present invention and
Device, has constructed disaster recovery and backup systems so that disaster recovery and backup systems are capable of providing the domain name resolution service of isolated island formula;And the second of the present invention
Method and apparatus involved by the technical solution of aspect, then can make intelligent failure inspection between calamity standby host group and a common group of planes
Survey and switching control, therefore, by the DNS service system that constructs of the present invention, the DNS service of internet is made that safely more aobvious
The contribution of work.
In conclusion the implementation of the present invention, is conducive to build disaster recovery and backup systems, and it is traditional to serve disaster recovery and backup systems
The security management and control of a DNS service group of planes.
It should be noted that provided herein algorithm and formula not with any certain computer, virtual system or miscellaneous equipment
It is intrinsic related.Various general-purpose systems can also be used together with example based on this.As described above, this kind of system is constructed
The required structure of system is obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that can be with
Realize the content of invention described herein using various programming languages, and the description done above to language-specific be in order to
Disclose the preferred forms of the present invention.
In the specification that this place provides, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the present invention and help to understand one or more of various aspects of the present invention,
In the description to the exemplary embodiment of the present invention above, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method and apparatus of the disclosure should be construed to reflect following intention:That is institute
Claimed invention requires features more more than the feature being expressly recited in each claim.More precisely,
As claims reflect, inventive aspect is all features less than single embodiment disclosed above.Therefore, it then follows tool
Thus claims of body embodiment are expressly incorporated in the embodiment, wherein the conduct of each claim in itself
The separate embodiments of the present invention.
Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and attached drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power
Profit requires, summary and attached drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation
Replace.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included some features rather than further feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments..
The all parts embodiment of the present invention can be with hardware realization, or to be run on one or more processor
Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that it can use in practice
Microprocessor or digital signal processor (DSP) realize one in web portal security detection device according to embodiments of the present invention
The some or all functions of a little or whole components.The present invention is also implemented as performing method as described herein
Some or all equipment or program of device (for example, computer program and computer program product).Such realization
The program of the present invention can store on a computer-readable medium, or can have the form of one or more signal.This
The signal of sample can be downloaded from internet website and obtained, and either provided on carrier signal or carried in the form of any other
For.
The above is only some embodiments of the present invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications also should
It is considered as protection scope of the present invention.
Claims (18)
1. a kind of domain name analysis system calamity is for constructing method, it is characterised in that includes the following steps:
By the authorization message database real-time synchronization for the target group of planes for providing DNS service to the calamity standby host for being configured with virtual root node
Group, the authorization message database purchase have the authorization message of the authorization server of each level of domain name;
Domain name mapping request is received, is asked in response to the domain name mapping and utilizes the authorization message data of the calamity standby host group
Storehouse and the virtual root node, according to the corresponding authorization server information of authorization message data place record, perform recurrence and look into
Ask to obtain the domain name mapping result;
Asked with the domain name mapping described in domain name mapping result response.
2. domain name analysis system calamity according to claim 1 is for constructing method, it is characterised in that:Each step of this method is in calamity
Performed at least equipment of standby host group.
3. domain name analysis system calamity according to claim 1 is for constructing method, it is characterised in that:Each step of this method by
Performed by one or more processes of the single device of the calamity standby host group.
4. domain name analysis system calamity according to claim 1 is for constructing method, it is characterised in that:It is described by authorization message number
According to storehouse real-time synchronization to the step of the calamity standby host group for being configured with virtual root node independently of at least one of the calamity standby host group
Performed in equipment, remaining step performs in the same equipment of the calamity standby host group.
5. domain name analysis system calamity according to claim 1 is for constructing method, it is characterised in that:The authorization message data
Storehouse is also stored with history domain name mapping record, and the history domain name mapping is recorded as the target group of planes and normally performs DNS service
During carry out dns resolution and produce DNS name resolution record, this method carry out domain name mapping when, by being gone through described in retrieval
History domain name mapping records and obtains corresponding domain name mapping result.
6. domain name analysis system calamity according to claim 5 is for constructing method, it is characterised in that:The history domain name mapping
Record includes the mapping relations from domain name to corresponding IP address.
7. the domain name analysis system calamity according to right wants 1 is for constructing method, it is characterised in that:The authorization message database
The form of database is realized in a distributed manner.
8. domain name analysis system calamity according to claim 1 is for constructing method, it is characterised in that:Domain name analysis request
With domain name analysis result transfer is carried out by consolidated network address.
9. domain name analysis system calamity according to claim 1 is for constructing method, it is characterised in that:Domain name analysis request
Transmission is encrypted with domain name analysis result.
10. a kind of domain name analysis system calamity is for constructing devices, it is characterised in that including:
Synchronization unit, the authorization message database real-time synchronization for will provide a target group of planes for DNS service are virtual to being configured with
The calamity standby host group of root node, the authorization message database purchase have the authorization message of the authorization server of each level of domain name;
Query unit, for receiving domain name mapping request, asks in response to the domain name mapping and utilizes the institute of the calamity standby host group
Authorization message database and the virtual root node are stated, the corresponding authorization server letter according to authorization message data place record
Breath, performs recursive query to obtain the domain name mapping result;
Response unit, is configured as asking with the domain name mapping described in domain name mapping result response.
11. domain name analysis system calamity according to claim 10 is for constructing devices, it is characterised in that:Each list described in the present apparatus
Member is configured as performing at least equipment of calamity standby host group.
12. domain name analysis system calamity according to claim 10 is for constructing devices, it is characterised in that:The calamity standby host group's
One or more processes of single device, are configured as performing in each unit described in the present apparatus.
13. domain name analysis system calamity according to claim 10 is for constructing devices, it is characterised in that:The synchronization unit quilt
It is configured to perform at least equipment independently of calamity standby host group, the query unit and response unit are configured as in calamity
Performed in the same equipment of standby host group.
14. domain name analysis system calamity according to claim 10 is for constructing devices, it is characterised in that:The authorization message number
History domain name mapping record is also stored with according to storehouse, the history domain name mapping is recorded as the target group of planes and normally performs DNS clothes
The DNS name resolution record for carrying out dns resolution during business and producing, when the query unit carries out domain name mapping, passes through inspection
The domain name mapping of Suo Suoshu history records and obtains corresponding domain name mapping result.
15. domain name analysis system calamity according to claim 14 is for constructing devices, it is characterised in that:The history domain name solution
New record includes the mapping relations from domain name to corresponding IP address.
16. the domain name analysis system calamity according to right wants 10 is for constructing devices, it is characterised in that:The authorization message data
Storehouse in a distributed manner database form realize.
17. domain name analysis system calamity according to claim 10 is for constructing devices, it is characterised in that:Domain name parsing please
Ask and carry out transfer by consolidated network address with domain name analysis result.
18. domain name analysis system calamity according to claim 10 is for constructing devices, it is characterised in that:Domain name parsing please
Ask and be encrypted transmission with domain name analysis result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410852629.9A CN104468244B (en) | 2014-12-31 | 2014-12-31 | Domain name analysis system calamity is for constructing method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410852629.9A CN104468244B (en) | 2014-12-31 | 2014-12-31 | Domain name analysis system calamity is for constructing method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104468244A CN104468244A (en) | 2015-03-25 |
CN104468244B true CN104468244B (en) | 2018-04-20 |
Family
ID=52913653
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410852629.9A Active CN104468244B (en) | 2014-12-31 | 2014-12-31 | Domain name analysis system calamity is for constructing method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104468244B (en) |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105282269B (en) * | 2015-11-03 | 2018-07-06 | 中国互联网络信息中心 | A kind of configuration method and method of servicing of local dns root server |
CN105472056B (en) * | 2015-11-23 | 2019-04-16 | 中国互联网络信息中心 | DNS recursion server is layered caching method and system |
CN106973122A (en) * | 2016-01-14 | 2017-07-21 | 中国移动通信集团浙江有限公司 | A kind of domain name system and its emergent solution based on cloud storage |
CN108345500B (en) * | 2017-01-22 | 2022-04-26 | 腾讯科技(深圳)有限公司 | Event processing method and device |
CN107920140A (en) * | 2018-01-05 | 2018-04-17 | 中国矿业大学(北京) | One kind combats a natural disaster to become campus network DNS devices |
CN107995107A (en) * | 2018-01-05 | 2018-05-04 | 中国矿业大学(北京) | One kind combats a natural disaster to become campus network DNS systems and its combats a natural disaster change method |
CN108076168A (en) * | 2018-01-05 | 2018-05-25 | 中国矿业大学(北京) | One kind combats a natural disaster to become campus network DNS gateways |
CN108900655A (en) * | 2018-08-08 | 2018-11-27 | 北京谷安天下科技有限公司 | A kind of domain name viability recognition methods, device and electronic equipment |
CN109308223A (en) * | 2018-09-17 | 2019-02-05 | 平安科技(深圳)有限公司 | A kind of response method and equipment of service request |
CN109922120B (en) * | 2018-12-10 | 2022-04-05 | 网宿科技股份有限公司 | Method and terminal for improving DNS availability |
CN111475740B (en) * | 2019-01-24 | 2023-04-14 | 阿里巴巴集团控股有限公司 | Disaster tolerance processing method and equipment for service cluster |
WO2020206660A1 (en) * | 2019-04-11 | 2020-10-15 | 深圳市欢太科技有限公司 | Network resource request method and apparatus, electronic device and storage medium |
CN110290173A (en) * | 2019-05-23 | 2019-09-27 | 网宿科技股份有限公司 | A kind of active and standby DNS synchronous method and device |
CN111711542A (en) * | 2020-06-22 | 2020-09-25 | 北京思特奇信息技术股份有限公司 | Disaster recovery switching method and device based on DNS (Domain name System), electronic equipment and storage medium |
CN111741375A (en) * | 2020-06-23 | 2020-10-02 | 海看网络科技(山东)股份有限公司 | Method and system for disaster tolerance between platforms in IPTV |
CN112260853B (en) * | 2020-09-17 | 2023-07-21 | 北京大米科技有限公司 | Disaster recovery switching method and device, storage medium and electronic equipment |
CN112866436A (en) * | 2021-02-25 | 2021-05-28 | 中国电子信息产业集团有限公司第六研究所 | Domain name backup method and device and readable storage medium |
CN114780301B (en) * | 2022-06-22 | 2022-09-13 | 深圳市木浪云科技有限公司 | Disaster recovery method and system supporting multi-cloud production environment |
CN117675248A (en) * | 2022-08-31 | 2024-03-08 | 华为云计算技术有限公司 | Method and device for preventing false killing of distributed denial of service attack DDOS |
CN116450417B (en) * | 2023-06-05 | 2023-08-25 | 梅州客商银行股份有限公司 | Bank payment system disaster backup switching platform and method based on DevOps |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101426227A (en) * | 2008-11-21 | 2009-05-06 | 中国移动通信集团广东有限公司 | PDP context activation method using GGSN resource pool having priority in packet domain |
CN101465768A (en) * | 2009-01-12 | 2009-06-24 | 上海及第熊软件科技有限公司 | Method and system for implementing website disaster-tolerating and error-tolerating operation |
CN102132255A (en) * | 2008-05-29 | 2011-07-20 | 思杰系统有限公司 | Systems and methods for load balancing via a plurality of virtual servers upon failover using metrics from a backup virtual server |
CN102831038A (en) * | 2011-06-17 | 2012-12-19 | 中兴通讯股份有限公司 | Disaster tolerance method for ENUM-DNS (Telephone Number Mapping-Domain Name System) and ENUM-DNS |
CN103957239A (en) * | 2014-04-04 | 2014-07-30 | 上海聚流软件科技有限公司 | DNS cache information processing method, device and system |
CN103957285A (en) * | 2014-04-18 | 2014-07-30 | 上海聚流软件科技有限公司 | Method and system for providing root domain name analysis services |
CN103957195A (en) * | 2014-04-04 | 2014-07-30 | 上海聚流软件科技有限公司 | DNS system and defense method and device for DNS attack |
CN103957201A (en) * | 2014-04-18 | 2014-07-30 | 上海聚流软件科技有限公司 | Method, device and system for processing domain name information based on DNS |
CN103957284A (en) * | 2014-04-04 | 2014-07-30 | 上海聚流软件科技有限公司 | DNS behavior processing method, device and system |
CN103973704A (en) * | 2014-05-23 | 2014-08-06 | 北京奇虎科技有限公司 | Domain name resolution method, device and system based on WIFI device |
-
2014
- 2014-12-31 CN CN201410852629.9A patent/CN104468244B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102132255A (en) * | 2008-05-29 | 2011-07-20 | 思杰系统有限公司 | Systems and methods for load balancing via a plurality of virtual servers upon failover using metrics from a backup virtual server |
CN101426227A (en) * | 2008-11-21 | 2009-05-06 | 中国移动通信集团广东有限公司 | PDP context activation method using GGSN resource pool having priority in packet domain |
CN101465768A (en) * | 2009-01-12 | 2009-06-24 | 上海及第熊软件科技有限公司 | Method and system for implementing website disaster-tolerating and error-tolerating operation |
CN102831038A (en) * | 2011-06-17 | 2012-12-19 | 中兴通讯股份有限公司 | Disaster tolerance method for ENUM-DNS (Telephone Number Mapping-Domain Name System) and ENUM-DNS |
CN103957239A (en) * | 2014-04-04 | 2014-07-30 | 上海聚流软件科技有限公司 | DNS cache information processing method, device and system |
CN103957195A (en) * | 2014-04-04 | 2014-07-30 | 上海聚流软件科技有限公司 | DNS system and defense method and device for DNS attack |
CN103957284A (en) * | 2014-04-04 | 2014-07-30 | 上海聚流软件科技有限公司 | DNS behavior processing method, device and system |
CN103957285A (en) * | 2014-04-18 | 2014-07-30 | 上海聚流软件科技有限公司 | Method and system for providing root domain name analysis services |
CN103957201A (en) * | 2014-04-18 | 2014-07-30 | 上海聚流软件科技有限公司 | Method, device and system for processing domain name information based on DNS |
CN103973704A (en) * | 2014-05-23 | 2014-08-06 | 北京奇虎科技有限公司 | Domain name resolution method, device and system based on WIFI device |
Also Published As
Publication number | Publication date |
---|---|
CN104468244A (en) | 2015-03-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104468244B (en) | Domain name analysis system calamity is for constructing method and device | |
CN104639366B (en) | DNS disaster recovery and backup systems isolated island response automatic switching method and device | |
Khare et al. | Big data in IoT | |
JP6490059B2 (en) | Method for processing data, tangible machine readable recordable storage medium and device, and method for querying features extracted from a data record, tangible machine readable recordable storage medium and device | |
TWI519975B (en) | Secure caching method, system and computer-readable medium thereof | |
CN103942639B (en) | Policy management system and its method for policy consultation service system | |
CN112398860A (en) | Safety control method and device | |
CN107273267A (en) | Log analysis method based on elastic components | |
CN103258027B (en) | Context-aware services platform based on intelligent terminal | |
CN101610190A (en) | Data network and system | |
CN101212338A (en) | Detecting probe interlock based network security event tracking system and method | |
CN107800722A (en) | Isolate the method and device of industrial control equipment and external network server | |
CN112291264B (en) | Security control method, device, server and storage medium | |
CN112463892A (en) | Early warning method and system based on risk situation | |
CN112734057A (en) | Comprehensive automatic comprehensive operation and maintenance monitoring system for railway marshalling station | |
CN112256498A (en) | Fault processing method and device | |
CN107295086A (en) | Collect group session anti-loss method and system | |
US11558242B2 (en) | Generation of synthetic alerts and unified dashboard for viewing multiple layers of data center simultaneously | |
CN110061854A (en) | A kind of non-boundary network intelligence operation management method and system | |
CN113364758B (en) | Network security operation and maintenance management system based on fort machine | |
CN112269690B (en) | Data backup method and device | |
CN104539449B (en) | A kind of failure information processing method and relevant apparatus | |
CN117579651A (en) | Internet of things system | |
CN104123217A (en) | Capture method and system of execution instruction of service server | |
CN117194338A (en) | Processing method, device, equipment and storage medium for distributed log data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20220718 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |