CN105530327A - DNS (domain name system) key information processing method and system - Google Patents
DNS (domain name system) key information processing method and system Download PDFInfo
- Publication number
- CN105530327A CN105530327A CN201410583420.7A CN201410583420A CN105530327A CN 105530327 A CN105530327 A CN 105530327A CN 201410583420 A CN201410583420 A CN 201410583420A CN 105530327 A CN105530327 A CN 105530327A
- Authority
- CN
- China
- Prior art keywords
- data
- dns
- queue
- record data
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a DNS key information processing method and system relating to a collection module, a protocol identifying module, a DNS decoding module, an outputting module, a transmitting module and a converging center node server. The method comprises following steps: S1, collecting network data in real time; S2, analyzing DNS response data from the network data; S3, carrying out data statistics to the DNS response data, simultaneously decoding and generating key information data; S4, storing the key information data; S5, generating corresponding files; S6, sending the files; S7, carrying out duplication elimination and compression to the files, and storing the files. According to the invention, the DNS data are collected and analyzed, corresponding key information is extracted from the original data according to different DNS data types, the key information is stored one by one; the maximum completeness of the information is ensured. More complete and more types of original records are obtained from the DNS response data; the original data are only stored without analysis; a third party can obtain data of corresponding types according to the demand so as to carry out deep mining and multiple-dimensional statistics.
Description
Technical field
The present invention relates to field of Internet communication, more particularly, relate to a kind of DNS key message processing method and system.
Background technology
DNS (domain name analysis system) is very important the Internet infrastructure, its Main Function is to provide the conversion between domain name and IP address, based on internet various web services, Email service, route service all directly or indirectly relies on DNS.Along with the quick growth of online crowd, the fiberize of broadband network, internet services data is explosive growth thereupon, and DNS creates the data traffic daily record of magnanimity.
In order to ensure the online quality of client, each large operation commercial city establishes oneself DNS network by region, and DNS network is made up of several DNS nodes, and what each node was most crucial is exactly dns server cluster, for responding the DNS query request of user.At present, in order to grasp the day-to-day operation situation of DNS network, existing mode obtains various statistical indicator by analyzing DNS flow or carry out sampling analysis to flow, and adopt the reason of these modes to be that DNS flow is very huge, the full user behaviors log of recording user is very difficult.For statistical indicator, compare solidification, degree of depth excavation cannot be carried out again; And sampling analysis, the disappearance of mass efficient data can be caused, analyze and lose accuracy.
Summary of the invention
The technical problem to be solved in the present invention is, overcome the above-mentioned defect of prior art, a kind of DNS key message processing method and system are provided, by to the collection of DNS data and analysis, according to different DNS data types, from initial data, extract corresponding key message, store one by one, the maximum integrality of guarantee information.Obtain more comprehensively from DNS reply data, more eurypalynous original record, only stores initial data, does not analyze, and third party can obtain the data of corresponding types as required, and the degree of depth is excavated, and carries out the statistics of various dimensions.
The technical solution adopted for the present invention to solve the technical problems is: provide a kind of DNS key message processing method, relate to acquisition module, protocol identification module, DNS decoder module, output module, transport module and convergence center node server;
Comprise the following steps:
S1, described acquisition module Real-time Collection network data described network data is sent to described protocol identification module;
S2, described protocol identification module analyze DNS reply data from described network data, and described DNS reply data is sent to described DNS decoder module;
S3, described DNS decoder module carry out data statistics to described DNS reply data, and statistics file is sent to described output module, described DNS reply data is decoded simultaneously, and generate corresponding key message data in described DNS reply data according to different query types;
Described key message data are stored in corresponding memory queue according to the described query type of its correspondence by S4, described DNS decoder module;
S5, described output module read the described key message data in described memory queue, and described key message data are generated corresponding file to described statistics file, are sent in memory file system catalogue by described file simultaneously;
Described file in described memory file system catalogue is sent to described convergence center node server by S6, described transport module;
S7, described convergence center node server carry out duplicate removal and compression by the time cycle of presetting to described file, and store the described file after duplicate removal and compression.
Preferably, described step S3 is further comprising the steps of:
S31, the problem obtained in described DNS reply data, and described problem is resolved;
Whether S32, the quantity judging described problem are zero, if judged result is non-vanishing, continue to resolve described problem; If judged result is zero, enter step S33;
S33, the answer obtained in described DNS reply data, and resolve corresponding RDATA data according to described query type;
Whether S34, the quantity judging described answer are zero, if judged result is non-vanishing, continue to resolve described answer; If judged result is zero, enter step S35;
S35, analysis result is generated described key message data.
Preferably, described query type comprises query type A, query type MX and query type NS; The described key message data generated comprise the A record data corresponding with described query type, MX record data and NS record data.
Preferably, described A record data comprise client IP, domain name, domain name CNAME and domain name IP;
Described MX record data comprise domain name, mail server domain name, mail server IP;
Described NS record data comprise name server title, name server IP.
Preferably, described memory queue comprises queue one, queue two, queue three and queue four;
Described step S4 is further comprising the steps of:
Described A record data are stored in described queue one and described queue two simultaneously;
Described MX record data are stored in described queue three;
Described NS records number and will be stored in described queue four.
Preferably, described step S5 is further comprising the steps of:
Described output module reads the described A record data in described queue one, and judges whether domain name in described A record data or domain name IP match with designated domain name or designated domain name IP; If do not mated, then read next described A record data; If coupling, then described A record data are generated monitoring file cocurrent and deliver in described memory file system catalogue;
Described output module reads the described A record data in described queue two, and described A record data is generated A log file and is sent in described memory file system catalogue;
Described output module reads the described MX record data in described queue three, and described MX record data is generated MX log file and is sent in described memory file system catalogue;
Described output module reads the described NS record data in described queue four, and described NS record data is generated NS log file and is sent in described memory file system catalogue.
Preferably, in described step S7 duplicate removal adopt be HEY JUDE matrix algorithm.
The present invention also provides a kind of DNS key message treatment system, comprises acquisition module, protocol identification module, DNS decoder module, output module, transport module and convergence center node server; Also comprise memory queue and memory file system catalogue;
Described acquisition module, described protocol identification module, described DNS decoder module, described memory queue, described output module, described memory file system catalogue, described transport module are connected successively with described convergence center node server;
Described acquisition module is used for Real-time Collection network data and described network data is sent to described protocol identification module;
Described protocol identification module is used for analyzing DNS reply data from described network data, and described DNS reply data is sent to described DNS decoder module;
Described DNS decoder module is used for carrying out data statistics to described DNS reply data, and statistics file is sent to described transport module, also for decoding to described DNS reply data, and generate corresponding key message data in described DNS reply data according to different query types; Also for described key message data are stored in corresponding memory queue according to the described query type of its correspondence;
Described memory queue is for storing the described key message data of corresponding described query type;
Described key message data for reading the described key message data in described memory queue, and are generated corresponding file to described statistics file by described output module, are sent in memory file system catalogue by described file simultaneously;
Described memory file system catalogue is for storing described file;
Described transport module is used for the described file in described memory file system catalogue to be sent to described convergence center node server;
The time cycle that described convergence center node server is used for by presetting carries out duplicate removal and compression to described network data, and stores the described network data after duplicate removal and compression.
Preferably, described DNS decoder module also for obtaining the problem in described DNS reply data, and to be resolved described problem and whether the quantity judging described problem is zero;
Also for obtaining the answer in described DNS reply data, and resolve corresponding RDATA data according to described query type; And whether the quantity judging described answer is zero; And analysis result is generated described key message data.
Preferably, described query type comprises query type A, query type MX and query type NS; The described key message data generated comprise the A record data corresponding with described query type, MX record data and NS record data;
Described A record data comprise client IP, domain name, domain name CNAME and domain name IP; Described MX record data comprise domain name, mail server domain name, mail server IP; Described NS record data comprise name server title, name server IP;
Described memory queue comprises queue one, queue two, queue three and queue four; Described A record data are stored in described queue one and described queue two simultaneously; Described MX record data are stored in described queue three; Described NS records number and will be stored in described queue four;
Described output module is also for reading the described A record data in described queue one, and whether match with designated domain name or designated domain name IP according to the domain name in described A record data or domain name IP, described A record data are generated monitoring file cocurrent and deliver in described memory file system catalogue;
Described A record data also for reading the described A record data in described queue two, and are generated A log file and are sent in described memory file system catalogue by described output module;
Described MX record data also for reading the described MX record data in described queue three, and are generated MX log file and are sent in described memory file system catalogue by described output module;
Described NS record data also for reading the described NS record data in described queue four, and are generated NS log file and are sent in described memory file system catalogue by described output module.
Implement the present invention and there is following beneficial effect: by the collection of DNS data and analysis, according to different DNS data types, from initial data, extract corresponding key message, store one by one, the maximum integrality of guarantee information.Obtain more comprehensively from DNS reply data, more eurypalynous original record, only stores initial data, does not analyze, and third party can obtain the data of corresponding types as required, and the degree of depth is excavated, and carries out the statistics of various dimensions.
Accompanying drawing explanation
Below in conjunction with drawings and Examples, the invention will be further described, in accompanying drawing:
Fig. 1 is the flow chart of a kind of DNS key message of the present invention processing method one embodiment;
Fig. 2 is the flow chart of dns resolution one embodiment in Fig. 1;
Fig. 3 is the block diagram of a kind of DNS key message of the present invention treatment system one embodiment.
Embodiment
The present invention is directed to for statistical indicator in prior art, compare solidification, degree of depth excavation cannot be carried out again; And sampling analysis, the disappearance of mass efficient data can be caused, analyze the problem losing accuracy, provide a kind of DNS key message processing method and system, the DNS i.e. english abbreviation of the normal domain name analysis system claimed, by the collection of DNS data and analysis, according to different DNS data types, from initial data, extract corresponding key message, store one by one, the maximum integrality of guarantee information.Obtain more comprehensively from DNS reply data, more eurypalynous original record, only stores initial data, does not analyze, and third party can obtain the data of corresponding types as required, and the degree of depth is excavated, and carries out the statistics of various dimensions.
In order to there be understanding clearly to technical characteristic of the present invention, object and effect, now contrast accompanying drawing and describe the specific embodiment of the present invention in detail.
As shown in Figure 1, Fig. 1 is the flow chart of a kind of DNS key message of the present invention processing method one embodiment.The invention provides a kind of DNS key message processing method, relate to acquisition module 10, protocol identification module 20, DNS decoder module 30, output module 40, transport module 50 and convergence center node server 60;
Comprise the following steps:
Network data is collected to Centroid by S1, multiple DNS acquisition node, described acquisition module 10 Real-time Collection network data wherein described network data is sent to described protocol identification module 20 simultaneously; By the acquisition mode in the present embodiment, more comprehensively can obtain network data, ensure that the network information is more comprehensive, type is abundanter.
S2, described protocol identification module 20 analyze DNS reply data from described network data, and described DNS reply data is sent to described DNS decoder module 30;
S3, described DNS decoder module 30 carry out data statistics to described DNS reply data, and statistics file is sent to described output module 40, described DNS reply data is decoded simultaneously, and generate corresponding key message data in described DNS reply data according to different query types;
In the present embodiment, described query type comprises query type A, query type MX and query type NS; The described key message data generated comprise the A record data corresponding with described query type, MX record data and NS record data; Described A record data comprise client IP, domain name, domain name CNAME (domain name another name) and domain name IP etc.; Described MX record data comprise domain name, mail server domain name, mail server IP etc.; Described NS record data comprise name server title, name server IP etc.;
Described key message data are stored in corresponding memory queue according to the described query type of its correspondence by S4, described DNS decoder module 30; The data parsed, according to request type, data are put into different shared drive queues, reason data put into shared drive queue instead of directly output to file is the efficiency of I/O (I/O) the operating influence Real-time Collection module in order to avoid described output module 40.
In the present embodiment, described memory queue comprises queue one, queue two, queue three and queue four; Described A record data are stored in described queue one and described queue two simultaneously; Described MX record data are stored in described queue three; Described NS records number and will be stored in described queue four;
S5, described output module 40 read the described key message data in described memory queue, and described key message data are generated corresponding file to described statistics file, are sent in memory file system catalogue by described file simultaneously;
In the present embodiment, described output module 40 reads the described A record data in described queue one, and judges whether domain name in described A record data or domain name IP match with designated domain name or designated domain name IP; If do not mated, then read next described A record data; If coupling, then described A record data are generated monitoring file cocurrent and deliver in described memory file system catalogue;
Described output module 40 reads the described A record data in described queue two, and described A record data is generated A log file and is sent in described memory file system catalogue;
Described output module 40 reads the described MX record data in described queue three, and described MX record data is generated MX log file and is sent in described memory file system catalogue;
Described output module 40 reads the described NS record data in described queue four, and described NS record data is generated NS log file and is sent in described memory file system catalogue.
Described file in described memory file system catalogue is sent to described convergence center node server 60 by S6, described transport module 50;
S7, described convergence center node server 60 carry out duplicate removal and compression by the time cycle of presetting to described file, and store the described file after duplicate removal and compression.
Further, as shown in Figure 2, Fig. 2 is the flow chart of dns resolution one embodiment in Fig. 1.Described step S3 is further comprising the steps of:
S31, the problem obtained in described DNS reply data, and described problem is resolved;
Whether S32, the quantity judging described problem are zero, if judged result is non-vanishing, continue to resolve described problem; If judged result is zero, enter step S33;
S33, the answer obtained in described DNS reply data, and resolve corresponding RDATA data according to described query type;
Whether S34, the quantity judging described answer are zero, if judged result is non-vanishing, continue to resolve described answer; If judged result is zero, enter step S35;
S35, the analysis result of described problem and described answer is generated described key message data.
Further, as shown in Figure 1 to Figure 2, in described step S7 duplicate removal adopt be HEY JUDE matrix algorithm.This algorithm principle is as follows: the data of DNS divide two rank HEY JUDE Input matrix according to domain name and IP, and domain name A record waits and connects as ground floor key, middle using tab as separation, two layers of key be then IP as key, leaf node is the result after duplicate removal.HEY JUDE matrix is a kind of data structure efficiently, belong to the one of variation Trie tree (word lookup tree), one 256 fork tree in logic, use wider more shallow numeral to set and optimize time efficiency, thereby reduce the indirect number of times of access particular key, avoid potential processor cache to fill the time loss brought, achieve the access of key-value pair.Compare other association type data structure, HEY JUDE will divide subtree cleverly according to key length, the balance considering tree is not needed when problem scale is increased, and conventional tree structure along with problem scale growth adjustment tree balance be very difficult, standard HEY JUDE employs each node layer of the different dynamic compression of kind more than 20 in addition, maximum possible makes node stay in the Cache (computer Cache) of computer, improve the hit rate of Cache, reduce and the access times of internal memory are accelerated.Just because of it has and runs efficient and internal memory and use few feature, it is widely used in current various massive data sets process.After use HEY JUDE logm certificate carries out duplicate removal, file is outputted to according to the mode of lexcographical order, the compression thought of this and zlib storehouse (providing the function storehouse of data compression) is perfectly in harmony, show through test, after use HEY JUDE matrix duplicate removal, use the compression of zlib storehouse, will be twice above than the compression ratio after using common algorithm duplicate removal.
As shown in Figure 3, Fig. 3 is the block diagram of a kind of DNS key message of the present invention treatment system one embodiment.The invention provides a kind of DNS key message treatment system, comprise acquisition module 10, protocol identification module 20, DNS decoder module 30, output module 40, transport module 50 and convergence center node server 60; Also comprise memory queue and memory file system catalogue;
Described acquisition module 10, described protocol identification module 20, described DNS decoder module 30, described memory queue, described output module 40, described memory file system catalogue, described transport module 50 are connected successively with described convergence center node server 60;
Described acquisition module 10 is for Real-time Collection network data and described network data is sent to described protocol identification module 20;
Described DNS reply data for analyzing DNS reply data from described network data, and is sent to described DNS decoder module 30 by described protocol identification module 20;
Described DNS decoder module 30 is for carrying out data statistics to described DNS reply data, and statistics file is sent to described transport module 50, also for decoding to described DNS reply data, and generate corresponding key message data in described DNS reply data according to different query types; Also for described key message data are stored in corresponding memory queue according to the described query type of its correspondence;
Described memory queue is for storing the described key message data of corresponding described query type;
Described key message data for reading the described key message data in described memory queue, and are generated corresponding file to described statistics file by described output module 40, are sent in memory file system catalogue by described file simultaneously;
Described memory file system catalogue is for storing described file;
Described transport module 50 is for being sent to described convergence center node server 60 by the described file in described memory file system catalogue;
Described convergence center node server 60 for carrying out duplicate removal and compression by the time cycle of presetting to described network data, and stores the described network data after duplicate removal and compression.
Further, as shown in Figure 3, described DNS decoder module 30 also for obtaining the problem in described DNS reply data, and to be resolved described problem and whether the quantity judging described problem is zero;
Also for obtaining the answer in described DNS reply data, and resolve corresponding RDATA data according to described query type; And whether the quantity judging described answer is zero; And analysis result is generated described key message data.
Further, as shown in Figure 3, described query type comprises query type A, query type MX and query type NS; The described key message data generated comprise the A record data corresponding with described query type, MX record data and NS record data;
Described A record data comprise client IP, domain name, domain name CNAME and domain name IP; Described MX record data comprise domain name, mail server domain name, mail server IP; Described NS record data comprise name server title, name server IP;
Described memory queue comprises queue one, queue two, queue three and queue four; Described A record data are stored in described queue one and described queue two simultaneously; Described MX record data are stored in described queue three; Described NS records number and will be stored in described queue four;
Described output module 40 is also for reading the described A record data in described queue one, and whether match with designated domain name or designated domain name IP according to the domain name in described A record data or domain name IP, described A record data are generated monitoring file cocurrent and deliver in described memory file system catalogue;
Described A record data also for reading the described A record data in described queue two, and are generated A log file and are sent in described memory file system catalogue by described output module 40;
Described MX record data also for reading the described MX record data in described queue three, and are generated MX log file and are sent in described memory file system catalogue by described output module 40;
Described NS record data also for reading the described NS record data in described queue four, and are generated NS log file and are sent in described memory file system catalogue by described output module 40.
By reference to the accompanying drawings embodiments of the invention are described above; but the present invention is not limited to above-mentioned embodiment; above-mentioned embodiment is only schematic; instead of it is restrictive; those of ordinary skill in the art is under enlightenment of the present invention; do not departing under the ambit that present inventive concept and claim protect, also can make a lot of form, these all belong within protection of the present invention.
Claims (10)
1. a DNS key message processing method, it is characterized in that, relate to acquisition module (10), protocol identification module (20), DNS decoder module (30), output module (40), transport module (50) and convergence center node server (60);
Comprise the following steps:
S1, described acquisition module (10) Real-time Collection network data described network data is sent to described protocol identification module (20);
S2, described protocol identification module (20) analyze DNS reply data from described network data, and described DNS reply data is sent to described DNS decoder module (30);
S3, described DNS decoder module (30) carry out data statistics to described DNS reply data, and statistics file is sent to described output module (40), described DNS reply data is decoded simultaneously, and generate corresponding key message data in described DNS reply data according to different query types;
Described key message data are stored in corresponding memory queue according to the described query type of its correspondence by S4, described DNS decoder module (30);
S5, described output module (40) read the described key message data in described memory queue, and described key message data are generated corresponding file to described statistics file, are sent in memory file system catalogue by described file simultaneously;
Described file in described memory file system catalogue is sent to described convergence center node server (60) by S6, described transport module (50);
S7, described convergence center node server (60) carry out duplicate removal and compression by the time cycle of presetting to described file, and store the described file after duplicate removal and compression.
2. a kind of DNS key message processing method according to claim 1, is characterized in that,
Described step S3 is further comprising the steps of:
S31, the problem obtained in described DNS reply data, and described problem is resolved;
Whether S32, the quantity judging described problem are zero, if judged result is non-vanishing, continue to resolve described problem; If judged result is zero, enter step S33;
S33, the answer obtained in described DNS reply data, and resolve corresponding RDATA data according to described query type;
Whether S34, the quantity judging described answer are zero, if judged result is non-vanishing, continue to resolve described answer; If judged result is zero, enter step S35;
S35, analysis result is generated described key message data.
3. a kind of DNS key message processing method according to any one of claim 1 to 2, it is characterized in that, described query type comprises query type A, query type MX and query type NS; The described key message data generated comprise the A record data corresponding with described query type, MX record data and NS record data.
4. a kind of DNS key message processing method according to claim 3, is characterized in that,
Described A record data comprise client IP, domain name, domain name CNAME and domain name IP;
Described MX record data comprise domain name, mail server domain name, mail server IP;
Described NS record data comprise name server title, name server IP.
5. a kind of DNS key message processing method according to claim 4, it is characterized in that, described memory queue comprises queue one, queue two, queue three and queue four;
Described step S4 is further comprising the steps of:
Described A record data are stored in described queue one and described queue two simultaneously;
Described MX record data are stored in described queue three;
Described NS records number and will be stored in described queue four.
6. a kind of DNS key message processing method according to claim 5, is characterized in that,
Described step S5 is further comprising the steps of:
Described output module (40) reads the described A record data in described queue one, and judges whether domain name in described A record data or domain name IP match with designated domain name or designated domain name IP; If do not mated, then read next described A record data; If coupling, then described A record data are generated monitoring file cocurrent and deliver in described memory file system catalogue;
Described output module (40) reads the described A record data in described queue two, and described A record data is generated A log file and is sent in described memory file system catalogue;
Described output module (40) reads the described MX record data in described queue three, and described MX record data is generated MX log file and is sent in described memory file system catalogue;
Described output module (40) reads the described NS record data in described queue four, and described NS record data is generated NS log file and is sent in described memory file system catalogue.
7. a kind of DNS key message processing method according to claim 1, is characterized in that, what in described step S7, duplicate removal adopted is HEY JUDE matrix algorithm.
8. a DNS key message treatment system, it is characterized in that, comprise acquisition module (10), protocol identification module (20), DNS decoder module (30), output module (40), transport module (50) and convergence center node server (60); Also comprise memory queue and memory file system catalogue;
Described acquisition module (10), described protocol identification module (20), described DNS decoder module (30), described memory queue, described output module (40), described memory file system catalogue, described transport module (50) are connected successively with described convergence center node server (60);
Described acquisition module (10) is sent to described protocol identification module (20) for Real-time Collection network data and by described network data;
Described DNS reply data for analyzing DNS reply data from described network data, and is sent to described DNS decoder module (30) by described protocol identification module (20);
Described DNS decoder module (30) is for carrying out data statistics to described DNS reply data, and statistics file is sent to described transport module (50), also for decoding to described DNS reply data, and generate corresponding key message data in described DNS reply data according to different query types; Also for described key message data are stored in corresponding memory queue according to the described query type of its correspondence;
Described memory queue is for storing the described key message data of corresponding described query type;
Described key message data for reading the described key message data in described memory queue, and are generated corresponding file to described statistics file by described output module (40), are sent in memory file system catalogue by described file simultaneously;
Described memory file system catalogue is for storing described file;
Described transport module (50) is for being sent to described convergence center node server (60) by the described file in described memory file system catalogue;
Described convergence center node server (60) for carrying out duplicate removal and compression by the time cycle of presetting to described network data, and stores the described network data after duplicate removal and compression.
9. a kind of DNS key message treatment system according to claim 8, it is characterized in that, described DNS decoder module (30) also for obtaining the problem in described DNS reply data, and to be resolved described problem and whether the quantity judging described problem is zero;
Also for obtaining the answer in described DNS reply data, and resolve corresponding RDATA data according to described query type; And whether the quantity judging described answer is zero; And analysis result is generated described key message data.
10. a kind of DNS key message treatment system according to claim 8, it is characterized in that, described query type comprises query type A, query type MX and query type NS; The described key message data generated comprise the A record data corresponding with described query type, MX record data and NS record data;
Described A record data comprise client IP, domain name, domain name CNAME and domain name IP; Described MX record data comprise domain name, mail server domain name, mail server IP; Described NS record data comprise name server title, name server IP;
Described memory queue comprises queue one, queue two, queue three and queue four; Described A record data are stored in described queue one and described queue two simultaneously; Described MX record data are stored in described queue three; Described NS records number and will be stored in described queue four;
Described output module (40) is also for reading the described A record data in described queue one, and whether match with designated domain name or designated domain name IP according to the domain name in described A record data or domain name IP, described A record data are generated monitoring file cocurrent and deliver in described memory file system catalogue;
Described A record data also for reading the described A record data in described queue two, and are generated A log file and are sent in described memory file system catalogue by described output module (40);
Described MX record data also for reading the described MX record data in described queue three, and are generated MX log file and are sent in described memory file system catalogue by described output module (40);
Described NS record data also for reading the described NS record data in described queue four, and are generated NS log file and are sent in described memory file system catalogue by described output module (40).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410583420.7A CN105530327B (en) | 2014-10-27 | 2014-10-27 | A kind of DNS key message processing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410583420.7A CN105530327B (en) | 2014-10-27 | 2014-10-27 | A kind of DNS key message processing method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105530327A true CN105530327A (en) | 2016-04-27 |
| CN105530327B CN105530327B (en) | 2018-12-11 |
Family
ID=55772300
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410583420.7A Active CN105530327B (en) | 2014-10-27 | 2014-10-27 | A kind of DNS key message processing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105530327B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111917899A (en) * | 2020-07-28 | 2020-11-10 | 平安科技(深圳)有限公司 | Domain name compression method and related product thereof |
| CN112019652A (en) * | 2020-08-27 | 2020-12-01 | 北京亚鸿世纪科技发展有限公司 | Method and device for judging IPV6 address field |
| CN113572854A (en) * | 2021-08-10 | 2021-10-29 | 北京无线电测量研究所 | Kafka component-based data transmission method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008001021A1 (en) * | 2006-06-30 | 2008-01-03 | France Telecom | Method and device for managing the configuring of equipment of a network |
| CN101739424A (en) * | 2008-11-13 | 2010-06-16 | 中国科学院计算机网络信息中心 | Method and system for converting and storing keyword and resource record of keyword |
| CN102184196A (en) * | 2011-04-21 | 2011-09-14 | 中国电子信息产业集团有限公司第六研究所 | Petition integrated management information system |
| CN103399908A (en) * | 2013-07-30 | 2013-11-20 | 北京北纬通信科技股份有限公司 | Method and system for fetching business data |
-
2014
- 2014-10-27 CN CN201410583420.7A patent/CN105530327B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008001021A1 (en) * | 2006-06-30 | 2008-01-03 | France Telecom | Method and device for managing the configuring of equipment of a network |
| CN101739424A (en) * | 2008-11-13 | 2010-06-16 | 中国科学院计算机网络信息中心 | Method and system for converting and storing keyword and resource record of keyword |
| CN102184196A (en) * | 2011-04-21 | 2011-09-14 | 中国电子信息产业集团有限公司第六研究所 | Petition integrated management information system |
| CN103399908A (en) * | 2013-07-30 | 2013-11-20 | 北京北纬通信科技股份有限公司 | Method and system for fetching business data |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111917899A (en) * | 2020-07-28 | 2020-11-10 | 平安科技(深圳)有限公司 | Domain name compression method and related product thereof |
| WO2021139240A1 (en) * | 2020-07-28 | 2021-07-15 | 平安科技(深圳)有限公司 | Domain name compression method and product related thereto |
| CN112019652A (en) * | 2020-08-27 | 2020-12-01 | 北京亚鸿世纪科技发展有限公司 | Method and device for judging IPV6 address field |
| CN112019652B (en) * | 2020-08-27 | 2023-01-24 | 北京亚鸿世纪科技发展有限公司 | Method and device for judging IPV6 address field |
| CN113572854A (en) * | 2021-08-10 | 2021-10-29 | 北京无线电测量研究所 | Kafka component-based data transmission method and system |
| CN113572854B (en) * | 2021-08-10 | 2023-11-14 | 北京无线电测量研究所 | Data transmission method and system based on Kafka component |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105530327B (en) | 2018-12-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6490059B2 (en) | Method for processing data, tangible machine readable recordable storage medium and device, and method for querying features extracted from a data record, tangible machine readable recordable storage medium and device | |
| CN110650128B (en) | System and method for detecting digital currency stealing attack of Etheng | |
| US8069210B2 (en) | Graph based bot-user detection | |
| CN105490854B (en) | Real-time logs collection method, system and application server cluster | |
| CN109684052B (en) | Transaction analysis method, device, equipment and storage medium | |
| CN107818120A (en) | Data processing method and device based on big data | |
| CN106789242B (en) | Intelligent identification application analysis method based on mobile phone client software dynamic feature library | |
| CN110198248B (en) | Method and device for detecting IP address | |
| EP2460066A1 (en) | Method and system for data logging and analysis | |
| CN110868409A (en) | Passive operating system identification method and system based on TCP/IP protocol stack fingerprint | |
| CN112347165B (en) | Log processing method and device, server and computer readable storage medium | |
| CN114189347B (en) | Data safety transmission method combining data granulation and gatekeeper | |
| CN105069113A (en) | Data flow real-time visualization method and data flow real-time visualization system | |
| Yu et al. | Behavior Analysis based DNS Tunneling Detection and Classification with Big Data Technologies. | |
| JPWO2015141665A1 (en) | Website information extraction apparatus, system, website information extraction method, and website information extraction program | |
| CN105530327A (en) | DNS (domain name system) key information processing method and system | |
| Han et al. | Edge sample and discard: A new algorithm for counting triangles in large dynamic graphs | |
| Djatmiko et al. | Federated flow-based approach for privacy preserving connectivity tracking | |
| Oudah et al. | Using burstiness for network applications classification | |
| Elsen et al. | goProbe: a scalable distributed network monitoring solution | |
| CN112347066B (en) | Log processing method and device, server and computer readable storage medium | |
| TWI742808B (en) | Method and device for detecting a hidden channel | |
| Li et al. | Modeling for traffic replay in virtual network | |
| Goldman et al. | Evaluating and mapping Internet connectivity in the United States | |
| CN111782620B (en) | Credit link automatic tracking platform and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |