CN105306621A - DNS (Domain Name Server) packet extension method based on DNS message segmentation of application layer - Google Patents

DNS (Domain Name Server) packet extension method based on DNS message segmentation of application layer Download PDF

Info

Publication number
CN105306621A
CN105306621A CN201510822527.7A CN201510822527A CN105306621A CN 105306621 A CN105306621 A CN 105306621A CN 201510822527 A CN201510822527 A CN 201510822527A CN 105306621 A CN105306621 A CN 105306621A
Authority
CN
China
Prior art keywords
dns
message
burst
application layer
segmentation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510822527.7A
Other languages
Chinese (zh)
Other versions
CN105306621B (en
Inventor
宋林健
刘�东
李震
李凤民
潘居臣
宋松
余冬
万润夏
龚道彪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING TIANDI INTERCONNECTION INFORMATION TECHNOLOGY Co Ltd
Petrochina Huabei Oilfield Co
Original Assignee
BEIJING TIANDI INTERCONNECTION INFORMATION TECHNOLOGY Co Ltd
Petrochina Huabei Oilfield Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING TIANDI INTERCONNECTION INFORMATION TECHNOLOGY Co Ltd, Petrochina Huabei Oilfield Co filed Critical BEIJING TIANDI INTERCONNECTION INFORMATION TECHNOLOGY Co Ltd
Priority to CN201510822527.7A priority Critical patent/CN105306621B/en
Publication of CN105306621A publication Critical patent/CN105306621A/en
Application granted granted Critical
Publication of CN105306621B publication Critical patent/CN105306621B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

This invention discloses a DNS (Domain Name Server) packet extension method based on DNS message segmentation of an application layer, and relates to the technical field of internet communication. The method comprises the following steps: specifying a DNS message segmentation standard, a representation of a fragment message of the DNS message, an identification and recognition of the DNS message segmentation function of the application layer, and a working principle of the fragment reassembly; by segmenting and reassembling the DNS message on the application layer, breaking through the limit of 512 bytes to the DNS response message; and through using UDP (User Datagram Protocol) transmission, keeping the flexibility of the DNS protocol and simultaneously realizing the expandability of the DNS message. By adopting this method, the problem of reassembly failure of an IP (Internet Protocol) fragment at a receiving terminal due to the fact that the IP fragment is discarded in middleware can be solved; without the need for a TCP (Transmission Control Protocol) connection, the response time can be reduced; the server end is unnecessary to maintain the status information of the TCP connection, and simultaneously compared with the scheme based on TCP, the method has the superiority.

Description

A kind of DNS bag extended method based on the segmentation of application layer DNS message
Technical field
The invention belongs to Internet communication technology field, particularly a kind of DNS bag extended method based on the segmentation of application layer DNS message.
Background technology
DNS provides the important service of on the Internet one, its essence is the bridge establishing the name world of people and the binary protocol address world of bottom, at every turn, before we start any affairs by the Internet, first the query script of a DNS will complete; So a lightweight, the DNS Protocol of fast response is very important, such DNS query process can complete pellucidly for user, dns resolution framework uses UDP as host-host protocol, and is realized by the recursive solution parser with caching function of geographical distribution.
Simultaneously in internet development process, traditional DNS Protocol has also highlighted some problems, and because IPv4 agreement is to the restriction of bag size, the maximal packet size that DNS Protocol uses UDP to transmit DNS message is fixing.Specify in RFC1035, the size of the UDP of DNS message bag should more than 512 bytes, and this enforceable restriction can not meet new demand along with the development of DNS Protocol; The restriction (1) of 512 bytes defines the quantity of DNS system root server, and (2) limit the deployment of the dns server based on IPv6, and (3) also counteracts that the deployment of some new Extended Protocols simultaneously; As DNSSEC, carry the information such as a large amount of keys and signature (as DNSKEY, RRSIG, NSEC resource record etc.) due to DNSSEC, the size of respond packet can easily exceed the restriction of 512 bytes.
The DNS that UDP supports by traditional DNS Protocol is as essential, and the DNS supported by TCP alternatively.In the evolution of DNS Protocol, DNS bag scaling problem was thought over, and EDNS0 is suggested very early as an extended version of DNS Protocol.EDNS0 gives and the mechanism of a back compatible, which defines some new extended fields to support the further evolution of DNS Protocol, which illustrates the expansion to bag size.In the extended message supporting EDNS0, in AdditionalData district, define a pseudo-resource record of so-called OPT.Support that the transmission message of EDNS0 agreement and receipt message all will comprise an OPT resource record.In the CLASS territory of OPT resource record, specify the length of the UDP response message understanding parser request and reception, its scope can in 512-4096 byte.After a server supporting EDNS0 receives such request message, if response message can be included within the byte length scope of resolver definition, server can return a response message being large enough to hold all kinds of Query Information be not truncated.Maximum Bao Changwei 4096 byte that EDNS0 can hold, can meet the demand of each side substantially, as supported the size of the DNS response message of DNSSEC.Result DNS system more relies on the problem that EDNS0 agreement solves bag expansion, reduces the dependence to TCP because 512 bytes limit.
EDNS0 proposes the expansion that a desirable mechanism solves bag size, maintains traditional DNS based on the flexibility of the scheme of UDP and high efficiency simultaneously.But situation is really not so.Support that the response message of EDNS0 has exceeded the MTU maximal packet size restriction in path when a server returns one, intermediate equipment will be divided into multiple sliced transmission to bag.Fire compartment wall in network or some other middleware, only allow first burst of a respond packet to pass through, and abandon remaining burst.Particularly along with the deployment of DNSSEC is more than bag very general of 2000 bytes.All bursts can not be reassembled into complete response message by result resolver.For avoiding respond packet to be fragmented, can with the little as far as possible bag size of server negotiate one.But at this moment just likely cause bag size still can not meet the demand of respond packet and be truncated.
Except UDP, Transmission Control Protocol is also used to transmission DNS message.In DNS Protocol, specify that DNS resolver and server " necessary " support UDP, " should " support TCP, for sending the inquiry request of non-AXFR.This means that many DNS realize version using UDP as an essential solution, and using the solution of TCP as a candidate, its only response message be truncated or AXFR transmission time be activated.In fact, the support TCP that a lot of resolver existed is inreal.But consider the various defects of UDP inherence, some researchers emphasize realize supporting TCP widely in version at DNS Protocol, comprehensively support TCP further.Even, some researchers are using the host-host protocol of TCP as DNS first-selection.Respectively DNS is called TCP alternative means and TCP preferred manner to two of the utilization of TCP kinds of modes.The first-selected UDP of TCP candidate scheme guarantees simplicity and the flexibility of DNS Protocol, utilizes TCP as a kind of candidate scheme simultaneously.When the failure of the DNS request based on UDP occurring to bring owing to splitting the respond packet re-assemblying failure or name server the brought problem such as to block, TCP provides last guarantee.Except the restriction of bag size, the weak secret protection of UDP, be subject to the problems such as DoS attack and make some researchers attempt to abandon udp protocol, and directly use TCP transmission DNS message, and by improving the performance of TCP to some prioritization schemes of Transmission Control Protocol.But generally speaking, the time delay longer due to Transmission Control Protocol and larger resource consumption, people still take very careful and conservative attitude to the mode adopting TCP to carry out DNS transmission of messages.
Traditional DNS Protocol and some expansion and improving countermeasure, not can solve the scalability problem of DNS Protocol.For realizing the expansion of DNS root name character server quantity, the deployment of IPv6 root node, the support of DNSSEC agreement, and following some new features based on DNS constantly occurred, ensure the simplicity of dns resolution agreement, flexibility and high efficiency simultaneously, propose the fragment that DNS message carries out in application layer being divided into intermediate equipment to split further by dns name character server, by the burst of traditional UDP transmission of messages DNS, at the resolver of DNS, the DNS message through burst is recombinated, form complete DNS response message.
Summary of the invention
The object of the invention is to propose a kind of DNS bag extended method based on the segmentation of application layer DNS message, it is characterized in that, scheme based on the segmentation of application layer DNS message can break through the restriction of DNS response message 512 byte, adopt segmentation and the restructuring of carrying out DNS message in application layer, and transmitted by udp protocol, the flexibility maintaining DNS Protocol achieves the extensibility of DNS message simultaneously; The method comprises: need the operation principle that the standard of explanation DNS message segmentation, the expression of DNS message burst information, the mark of application layer DNS message dividing function and identification, burst are reset;
The standard of described explanation DNS message segmentation, traditional DNS Protocol has not had enough fields to carry out protocol extension, and EDNS0 agreement is a back compatible and the agreement supporting DNS to further expand.So expansion scheme is based on EDNS0, and on EDNS0, increases some new fields realize;
The expression of described DNS message burst information, first a definition AF (ApplicationFragmentation in the Z territory of the pseudo-resource record of the OPT of ENDS0, application segmentation) position identifies the support that current DNS logic entity is split application layer DNS message, due in Z-shaped section first position use by DNSSEC, so second position is defined as AF position;
The mark of described application layer DNS message dividing function and identification, the information of each burst is identified at the FRAGMENT Option Field that the RDATA field extension one of OPT is new, consider that UDP does not exist ACK mechanism, the burst quantity of a 8bit position is more moderate; The data division of option comprises two bytes, and the current DNS message of first character joint definition comprises several burst, the sequence number of second byte representation current slice; Based on the workflow of application layer DNS message segmentation, need the new field expanded in DNS standard agreement, EDNS0 specifies that the size of maximum DNS message is 4096 bytes, this length can meet current each side demand substantially, if one can not be contained in be to the maximum in the DNS bag of 4096 as TXT resource record, the DNS transmission plan based on TCP can be switched to.
The workflow of described application layer DNS message segmentation, after server end receives request message, confirms that the AF position of DNS request message is 1, thinks that response message is enough large simultaneously, will carry out burst; If current server does not support application layer DNS message splitting scheme, AF position will be ignored, and be 1 by TC (conversion) position, return response message according to the flow process in agreement; If current server supports the scheme of application layer DNS message segmentation, burst will be carried out to response message; The standard of burst is that each burst of suggestion is no more than 512 bytes as far as possible, and splits according to the border of resource record, and the not of uniform size fixed of each burst must be consistent, but the size of burst can not be too little simultaneously, to prevent fragmentation; Be 1 by AF position, be 0 by TC position simultaneously.The quantity of all bursts and the sequence number of each burst is filled in FRAGMENT option.Simultaneously according to the quantity of all kinds of resource records in each DNS burst, fill in the count value of the resource record of DNS header in each burst strictly according to the facts.Filling in of other field performs according to general DNS Protocol, and the information that each burst is filled out is consistent.
The operation principle of described burst refitting illustrates with the behavior of different entities in DNS system:
Support the resolver that application layer DNS message is split for one, be 1 by the AF position in Z territory in its OPT, TotalFragmentNumber and CurrentFragmentNumber in FRAGMENT option is set to 0 respectively, owing to there is not the restriction of bag size after extending the program, so in resolver, supported maximum UDP load should be appointed as maximum 4096 byte, the DNS response message size of 4096 bytes enough can meet current various demand at present; The other parts of request message are consistent with the DNS message of common support EDNS0; Support that the resolver of application layer DNS message segmentation needs record from delivery time to the time interval in moment receiving first DNS response message burst, as the RTT value of a DNS request, receive the burst of first DNS response message when resolver and confirm that AF position is after 1, starting timer and residue burst is waited in refitting queue; The stand-by period of timer is a RTT, if having received all bursts within a RTT time interval, then abort timer, is reassembled into complete DNS response message by all bursts, and destroys queue; If RTT expires, do not receive all bursts yet, then think that the burst of part is lost or other situation exists, at this moment stop timing, and destroy waiting list; And assert DNS request failure, then adopt TCP to send DNS request;
The server of described support application layer messages segmentation, dns server supports that the enough large needs of application layer DNS message splicing mechanism confirmation response message are divided, and confirm that the resolver of request service also supports that application layer DNS message is split, then dns server is divided into the burst of the DNS response message be of moderate size according to the large young pathbreaker DNS corresponding message of resource record set, and sends with the form of UDP bag respectively; AF position in each burst is that TotalFragmentNumber and CurrentFragmentNumber in 1, FRAGMENT option is set to total burst quantity and the sequence number of current burst respectively.
The invention has the beneficial effects as follows that after adopting the present invention, DNS response message is no longer limited by the restriction of 512 bytes.In theory, current root server number can more than 13, and namely current DNS message has sufficient space to hold the information of the new root server increased.For the demand that satisfied future, IPv6 user was constantly expanded, the root server of corresponding IPv6 address can constantly be expanded in DNS message.Along with the further deployment of DNSSEC, support that the ratio shared by large response message of DNSSEC is increasing.This programme can solve the problem of the bag size expansion that DNSSEC brings, and clears away the obstacle disposing DNSSEC.
Compare with UDP scheme, this method does not exist because IP fragmentation is dropped the problem re-assemblying failure at receiving terminal IP fragmentation caused in middleware.Meanwhile, relatively have superiority based on the scheme of TCP.This programme, based on udp protocol, does not need to set up TCP and connects, thus can reduce the response time.Server end does not need the state information safeguarding that TCP connects, and resolver only needed to safeguard the queue of a DNS message burst within a RTT time.And due to response message is maximum can not more than 4096 bytes, so the length in reserve of queue also need not more than 4096 bytes.In addition the DNS message burst received is in application layer, and resolver can not consider that all bursts all reach, and namely can resolve.
Accompanying drawing explanation
Fig. 1 is the position be defined in packet format of AF position.
Fig. 2 is the form of FRAGMENT Option Field.
Fig. 3 is scheme interaction flow schematic diagram.
Fig. 4 is based on application layer DNS message splitting scheme application example.
Fig. 5 is the DNSKEY query response message of vmware.com.
Fig. 6 is the burst of response message, wherein the burst 1 of (a) response message; The burst 2 of (b) response message; The burst 3 of (c) response message.
Embodiment
The present invention proposes a kind of DNS bag extended method based on the segmentation of application layer DNS message, scheme based on the segmentation of application layer DNS message can break through the restriction of DNS response message 512 byte, adopt segmentation and the restructuring of carrying out DNS message in application layer, and transmitted by udp protocol, the flexibility maintaining DNS Protocol achieves the extensibility of DNS message simultaneously; The method comprises: need the operation principle (as Figure 1-Figure 5) that the standard of explanation DNS message segmentation, the expression of DNS message burst information, the mark of application layer DNS message dividing function and identification, burst are reset, first resolver is to the request of the name server transmission DNSKEYvmware.com of vmware.com, the complete response message obtained, the DNSKEY query response message of vmware.com as shown in Figure 5;
Support the DNS query of DNSSEC below for one, the operation principle based on application layer DNS message point steamed sandwich expansion scheme is described, the burst of response message as shown in Figure 6, wherein the burst 1 of (a) response message; The burst 2 of (b) response message; The burst 3 of (c) response message; Under normal circumstances:
The burst 1 of (a) response message
<<>>DiG9.9.5-3-Ubuntu<<>>8.8.8.8DNSKEYvmware.com+dnssec
(1serverfound)
globaloptions:+cmd
Gotanswer:
->>HEADER<<-opcode:QUERY,status:NOERROR,id:28360
flags:qrrdraad;QUERY:1,ANSWER:6,AUTHORITY:0,ADDITIONAL:1
The burst 2 of (b) response message
OPTPSEUDOSECTION:
EDNS:version:0,flags:do;udp:512
QUESTIONSECTION:
vmware.com.INDNSKEY。
The burst 3 of (c) response message.
ANSWERSECTION:
vmware.com.411INDNSKEY256310
AwEAAdq9lZI2sh65CUftTtx55uoOJ8AZ9TgLmuIcviF/wQ0S8Ibjlzwl
G3/zA6c1UOMnqakcyeW1rcs8ZhiuRmN713hePvOBeLbJ5srgo0NuStaD
4VEA0MvkiQOj84RKX/ucyUjUkNYgak/LtCx8fzUkm4DNrId/37g8sgRz4qliqvY7
vmware.com.411INDNSKEY256310
AwEAAbgeiZHrscTD1poJW4+F6qs484Q+yHTeyW7uItn3CtHJIfZ+h0Ry
EYcHjxDc6DFVzOkZk8kcX3OrIkT72OEymJIFWj+gY4ksX5BC13aNb5H/
7bBuwyTko+CgUXsgUhLk+pgQNMDY9iAd5zxVL0awck/ZVZkvKgkGMLjZTXiB+kUT
vmware.com.411INDNSKEY257310
AwEAAdtzWubiONEca4fKPB96i/3XzA0mZMSmMJfn+zznHUsAGnopcJ16
ZU9CNw9fPLrgQSqM15xDlzj/6NwL7FwMxpyWBA2PN08pU76t9B1b0Vt+
wKWlbYVl3GxLtuOGNJ/RJGeE3duhpo7wrGLBDzxsBi3rk5Aonsw1GF3V
BMc6x58t5S2qxY9bK4e+vV4HRyZrVhFyPvzK3JFtIt5KpNLtlvqKvyD+
0OzpgW4SKQD96aQmV9DaSXD40TdX5RjQ4xax1h8wuBuB9TaXp0+PMICV
1YQiiyH9FcfmdzMj9f+BKbe0zz/nfkZN4Kxgu452nXln+g0y5/Yr5/vY
1UwGaSrhoCEtJAvDB2dgLhFHLBbZx9Uj0kU/VBg4gYHfd0EBVKLC+o3G
Qomc4hzPUiVjGnNxWCtYX+0mPfBjYTddgi2Wg3TRc2tiZi1ujM/2z/jk
D8rqYic4HXETMJmmdzsCvz34SOKi47GiJWoJqTEazciPdijU87Azoszv
C29cJUVcMVR1shQIZec9QtVx89dJJ5SX0IURy9leiYMAKv318OKf1Yk7
1k/a/MVLgk8TiWRRpEKJikMAlecg0GmW925cjefrgCmtyKLOBrj2X72c
MAA0FRwpTRs6+iuHqqKdtXK0TPp/Kd0xxqyWDlavi6NKb7/GKNpEsdLl
vWc96m5ik8X3lICx
vmware.com.411INRRSIGDNSKEY1026002015021917200720150120172007842vmware.com.
Mw1/zXSXkO+ccOfaUo6hZRsrjDg0SLTTz16cSNZhspCtx7rzJkug6AUD
Te1dICGCmClY4obd6cz8GAot+hEdHiDhvHXGsODoZw3vYGINVNDdsqJ/
tc2ci8irnA3weWbepGW+xt5hh8ohj/f/S5Pfv5692IKPNZzFttY1d71/7UQ=
vmware.com.411INRRSIGDNSKEY102600201502191720072015012017200712093vmware.com.
Wz72fO/47VONqI54Vn0zNHyQAjY80ve4FBw/wKL0uoGC8AkTh66Qp+vZ
LlHf8FjAVEsUYOgYCwWeE6NRV+1u7FE2lNxCoj9Cgoc/V67tckWIaa/u
xJ6ldLwb2VlPJRFldpnninUcGL68r7gynQdpoyQn6cTcTVBjMWwLvXL+
7SQi9hPDb0vE6gnlJjmpD6N4zvMHNfgzin4KwIjLy1eMR7o6mFYmR9C8
tqgKHaFkTm3b7QX5dM7QAkvxsZbOpsbhgYQBJp5v6Iwne3CM/A6aA7xX
veYbCgh4Gwrq+a6NjsGjs4uCH0OP11kjbtCYTZcTZ3XOi6p02PXLlnE/
hfX+lYk5fgSAkXy3jOYP57vi1pbNQIZ6TDtvFQsLfAuowUGeX7zvSAeF
3gkjhnOTMkwCYkVRKuKL25AgF2ej3u6NjHVrqkH0a2nd26r0QAHbYdr+
f1SKujdaJTWb+ws8YSc5xSUF0GMFuPJ+cizWB2raSDEcuyKZ2vTenYBN
g/foxqU9fZbDIe3yjWKmNL/u45aPCxLCzdj9R3X25w7j6KLQ2pkvy4DL
62/fJIJjFtQhU0BC/OboGTbTn1zfwSS0ROZr6rZwIqsO/mm2FwGEjA12
KvAOTgkSbHLf+kOmsvNLh7EgBNxrlN5tjWuqUD3BHUFnrXejJ9P86kT/eyab6xGiVmI=
vmware.com.411INRRSIGDNSKEY102600201502191720072015012017200742203vmware.com.
OaKGhLM6cktkIvkpdm1sLypMyzYOuqE4pkaYfVfQWgH25IMAvEHXa/Mz
uZDvUqAx6iI8nwpHneG/xalAG7dvd2w3qwNQThI/g5QPXJ6oSaiBeqXy
sOc47I86CNgudoQqHQ1OXqPb8PWI5ioWHQcIEd2xf8Y8gPYz6c81bNxZYEc=;;Querytime:209msec
SERVER:8.8.8.8#53(8.8.8.8)
WHEN:WedJan2118:43:17PST2015
MSGSIZErcvd:1761
DNS response message has 1761 bytes, comprising 3 DNSKEY resource records, 3 RRSIG resource records and 1 OPT resource record.In the network environment of reality, generally can there is IP layer and split and be dropped in the response message of 1761 bytes in transmitting procedure, causes dns resolution failure.
The mode that the present invention adopts application layer DNS message to split, is divided into three bursts at server end by response message: comprise the DNSKEK resource record of two 128 bytes, the RRSIG resource record of two 128 bytes and an OPT resource record in first burst; Second fragment packets contains DNSKEY resource record and an OPT resource record of 512 bytes; 3rd fragment packets contains RRSIG resource record and an OPT resource record of 512 bytes.Total burst number 3 and current slicing sequence numbers 1,2,3 is comprised in the FRAGMENT option of each OPT resource record.
Three bursts because bag size is enough little, through can not be divided and abandon during network.Resolver receives three all bursts successively, and reassembles into complete DNS response message.Can be good at expanding the size of DNS respond packet thus by the scheme of the application layer DNS response message segmentation proposed, ensure that the smooth enforcement of some new expansion scheme in DNS system.

Claims (5)

1. the DNS bag extended method based on the segmentation of application layer DNS message, it is characterized in that, scheme based on the segmentation of application layer DNS message can break through the restriction of DNS response message 512 byte, adopt segmentation and the restructuring of carrying out DNS message in application layer, and transmitted by udp protocol, the flexibility maintaining DNS Protocol achieves the extensibility of DNS message simultaneously; The method comprises: need the operation principle that the standard of explanation DNS message segmentation, the expression of DNS message burst information, the mark of application layer DNS message dividing function and identification, burst are reset;
The standard of described explanation DNS message segmentation, traditional DNS Protocol has not had enough fields to carry out protocol extension, and EDNS0 agreement is a back compatible and the agreement supporting DNS to further expand, so expansion scheme is based on EDNS0, and on EDNS0, increases some new fields realize;
The expression of described DNS message burst information, first in the Z territory of the pseudo-resource record of the OPT of ENDS0, definition AF position identifies the support that current DNS logic entity splits application layer DNS message, due in Z-shaped section first position use by DNSSEC, so second position is defined as AF position;
The mark of described application layer DNS message dividing function and identification, the information of each burst is identified at the FRAGMENT Option Field that the RDATA field extension one of OPT is new, consider that UDP does not exist ACK mechanism, the burst quantity of a 8bit position is more moderate; The data division of option comprises two bytes, and the current DNS message of first character joint definition comprises several burst, the sequence number of second byte representation current slice; Based on the workflow of application layer DNS message segmentation, need the new field expanded in DNS standard agreement, EDNS0 specifies that the size of maximum DNS message is 4096 bytes, this length can meet current each side demand substantially, if one can not be contained in be to the maximum in the DNS bag of 4096 as TXT resource record, the DNS transmission plan based on TCP can be switched to.
2. according to claim 1 a kind of based on application layer DNS message segmentation DNS bag extended method, it is characterized in that, the workflow of described application layer DNS message segmentation, after server end receives request message, the AF position of confirmation DNS request message is 1, think that response message is enough large simultaneously, will burst be carried out; If current server does not support application layer DNS message splitting scheme, AF position will be ignored, and be 1 by TC position, return response message according to the flow process in agreement; If current server supports the scheme of application layer DNS message segmentation, burst will be carried out to response message; The standard of burst is that each burst of suggestion is no more than 512 bytes as far as possible, and splits according to the border of resource record, and the not of uniform size fixed of each burst must be consistent, but the size of burst can not be too little simultaneously, to prevent fragmentation; Be 1 by AF position simultaneously, be 0 by TC position, the quantity of all bursts and the sequence number of each burst is filled in FRAGMENT option, simultaneously according to the quantity of all kinds of resource records in each DNS burst, fill in the count value of the resource record of DNS header in each burst strictly according to the facts, filling in of other field performs according to general DNS Protocol, and the information that each burst is filled out is consistent.
3. a kind of DNS bag extended method based on the segmentation of application layer DNS message according to claim 1, it is characterized in that, the operation principle of described burst refitting illustrates with the behavior of different entities in DNS system:
Support the resolver that application layer DNS message is split for one, be 1 by the AF position in Z territory in its OPT, TotalFragmentNumber and CurrentFragmentNumber in FRAGMENT option is set to 0 respectively, owing to there is not the restriction of bag size after extending the program, so in resolver, supported maximum UDP load should be appointed as maximum 4096 byte, the DNS response message size of 4096 bytes enough can meet current various demand at present; The other parts of request message are consistent with the DNS message of common support EDNS0.
4. according to claim 3 a kind of based on application layer DNS message segmentation DNS bag extended method, it is characterized in that, the resolver of described application layer DNS message segmentation, support that the resolver of application layer DNS message segmentation needs record from delivery time to the time interval in moment receiving first DNS response message burst, as the RTT value of a DNS request, receive the burst of first DNS response message when resolver and confirm that AF position is after 1, starting timer and residue burst is waited in refitting queue; The stand-by period of timer is a RTT, if have received all bursts within a RTT time interval, then abort timer, all bursts are reassembled into complete DNS response message, and destroy queue, if RTT expires, do not receive all bursts yet, then think that the burst of part is lost or other situation exists, at this moment stop timing, and destroy waiting list; And assert DNS request failure, then adopt TCP to send DNS request.
5. according to claim 3 a kind of based on application layer DNS message segmentation DNS bag extended method, it is characterized in that, the server of described support application layer messages segmentation, dns server supports that the enough large needs of application layer DNS message splicing mechanism confirmation response message are divided, and confirm that the resolver of request service also supports that application layer DNS message is split, then dns server is divided into the burst of the DNS response message be of moderate size according to the large young pathbreaker DNS corresponding message of resource record set, and sends with the form of UDP bag respectively; AF position in each burst is that TotalFragmentNumber and CurrentFragmentNumber in 1, FRAGMENT option is set to total burst quantity and the sequence number of current burst respectively.
CN201510822527.7A 2015-11-24 2015-11-24 A kind of DNS bag extended methods based on the segmentation of application layer DNS message Active CN105306621B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510822527.7A CN105306621B (en) 2015-11-24 2015-11-24 A kind of DNS bag extended methods based on the segmentation of application layer DNS message

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510822527.7A CN105306621B (en) 2015-11-24 2015-11-24 A kind of DNS bag extended methods based on the segmentation of application layer DNS message

Publications (2)

Publication Number Publication Date
CN105306621A true CN105306621A (en) 2016-02-03
CN105306621B CN105306621B (en) 2018-05-29

Family

ID=55203359

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510822527.7A Active CN105306621B (en) 2015-11-24 2015-11-24 A kind of DNS bag extended methods based on the segmentation of application layer DNS message

Country Status (1)

Country Link
CN (1) CN105306621B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110764923A (en) * 2018-07-27 2020-02-07 北京国双科技有限公司 Task creating method and device based on message queue
WO2024152980A1 (en) * 2023-01-17 2024-07-25 北京有竹居网络技术有限公司 Data message response method and apparatus, electronic device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130031626A1 (en) * 2011-07-29 2013-01-31 Electronics And Telecommunications Research Institute Methods of detecting dns flooding attack according to characteristics of type of attack traffic
CN103166928A (en) * 2011-12-15 2013-06-19 中国移动通信集团公司 Method and system for providing information service and domain name server (DNS) authorization server
CN103957289A (en) * 2014-05-12 2014-07-30 中国科学院计算机网络信息中心 DNSSEC analytic method based on complex network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130031626A1 (en) * 2011-07-29 2013-01-31 Electronics And Telecommunications Research Institute Methods of detecting dns flooding attack according to characteristics of type of attack traffic
CN103166928A (en) * 2011-12-15 2013-06-19 中国移动通信集团公司 Method and system for providing information service and domain name server (DNS) authorization server
CN103957289A (en) * 2014-05-12 2014-07-30 中国科学院计算机网络信息中心 DNSSEC analytic method based on complex network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
冷峰 等: "域名系统对IPv6 协议支持分析", 《ZTE TECHNOLOGY JOURNAL》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110764923A (en) * 2018-07-27 2020-02-07 北京国双科技有限公司 Task creating method and device based on message queue
CN110764923B (en) * 2018-07-27 2023-02-21 北京国双科技有限公司 Task creating method and device based on message queue
WO2024152980A1 (en) * 2023-01-17 2024-07-25 北京有竹居网络技术有限公司 Data message response method and apparatus, electronic device and storage medium

Also Published As

Publication number Publication date
CN105306621B (en) 2018-05-29

Similar Documents

Publication Publication Date Title
Cheshire et al. Nat port mapping protocol (nat-pmp)
US8589582B2 (en) Broadband network access
EP3958534B1 (en) Method and apparatus for establishing end-to-end network connection, and network system
EP2922321B1 (en) 6lowpan network-based service discovery
KR100811890B1 (en) Anycast routing method and apparatus for supporting service flow in internet system
EP2869494A1 (en) Method, device, and system for quick notification of cgn exception
JP7207827B2 (en) Resource Acquisition Method and Device
CN101212393A (en) Medium independent switching message transmission method, system, and device
EP3672138A1 (en) Data distribution method and distribution server
CN105306621A (en) DNS (Domain Name Server) packet extension method based on DNS message segmentation of application layer
JP5321287B2 (en) Switch device and switch control method
WO2008011776A1 (en) An address assignment realizing method and the system, the relay agent, the server thereof
EP1759516B1 (en) Method and apparatus for updating resource records in a name-server database
EP2345230B1 (en) Method and apparatus for allocating network resources from one address realm to clients in a different address realm
US20120072513A1 (en) Method and system for obtaining host identity tag
CN105491110A (en) Root server extension method and network based on hypertext transfer protocol (HTTP) or hypertext transfer protocol over secure socket layer (HTTPS)
CN106161670B (en) Address translation processing method and address translation processing device
CN114449051B (en) Data packet transmission method and communication equipment
CN105516382A (en) Communication method and system for IPV4 network and IPV6 Internet of Things (IOT) node
CN105340247B (en) Method for network change tolerant service discovery in computer networks
CN102377829B (en) Based on the communication means of HIP, system and equipment
Cheshire et al. RFC 6886: Nat port mapping protocol (NAT-PMP)
CN106911707B (en) Bidirectional decoupling transmission control method and system
WO2017121134A1 (en) Method for node identification and service advertisement in communication networks
CN114124867B (en) Group-sending instant message transmission method under two-layer and three-layer mixed network structure

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant