CN105530327B - A kind of DNS key message processing method and system - Google Patents
A kind of DNS key message processing method and system Download PDFInfo
- Publication number
- CN105530327B CN105530327B CN201410583420.7A CN201410583420A CN105530327B CN 105530327 B CN105530327 B CN 105530327B CN 201410583420 A CN201410583420 A CN 201410583420A CN 105530327 B CN105530327 B CN 105530327B
- Authority
- CN
- China
- Prior art keywords
- data
- dns
- queue
- key message
- record
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of DNS key message processing methods, are related to acquisition module, protocol identification module, DNS decoder module, output module, transmission module and convergence center node server;The following steps are included: S1, acquiring network data in real time;S2, DNS reply data is analyzed from network data;S3, data statistics is carried out to DNS reply data while being decoded and generating key message data;S4, storage key message data;S5, corresponding file is generated;S6, file is sent;S7, duplicate removal and compression are carried out to file and is stored.Corresponding key message is extracted from initial data, is stored one by one according to different DNS data types by the acquisition and analysis to DNS data, guarantees the maximum integrality of information.It is obtained more comprehensively from DNS reply data, further types of original record only stores initial data, do not analyze, and third party can according to need the data for obtaining corresponding types, and depth is excavated, and the statistics of various dimensions is carried out.
Description
Technical field
The present invention relates to field of Internet communication, more specifically to a kind of DNS key message processing method and are
System.
Background technique
DNS (domain name analysis system) is highly important the Internet infrastructure, and main function is to provide domain name and IP
Conversion between address, various web services, Email service based on internet, route service all directly or indirectly rely on
DNS.With online crowd rapid growth, the optical fiber of broadband network, internet services data explosive growth therewith,
DNS produces the data traffic log of magnanimity.
In order to ensure the online quality of client, major operation commercial city is established the DNS network of oneself by region, and DNS net
Network is made of several DNS nodes, each node it is most crucial be exactly dns server cluster, for responding the DNS query of user
Request.Currently, in order to grasp the day-to-day operation situation of DNS network, existing mode is to obtain various systems by analysis DNS flow
Meter index is sampled analysis to flow, is that DNS flow is very huge using the reason of these modes, records the complete of user
User behaviors log is extremely difficult.For statistical indicator, compare solidification, depth excavation can not be carried out again;And sampling analysis, it will lead to big
The missing of valid data is measured, analysis loses accuracy.
Summary of the invention
The technical problem to be solved in the present invention is that overcoming the drawbacks described above of the prior art, a kind of DNS key message is provided
Processing method and system are mentioned from initial data by the acquisition and analysis to DNS data according to different DNS data types
Corresponding key message is taken, is stored one by one, guarantees the maximum integrality of information.It is obtained more comprehensively from DNS reply data, more multiclass
The original record of type only stores initial data, does not analyze, and third party can according to need the number for obtaining corresponding types
According to, and depth is excavated, and the statistics of various dimensions is carried out.
The technical solution adopted by the present invention to solve the technical problems is: providing a kind of DNS key message processing method, relates to
And acquisition module, protocol identification module, DNS decoder module, output module, transmission module and convergence center node server;
The following steps are included:
S1, the acquisition module acquire network data in real time and the network data are sent to the protocol identification mould
Block;
S2, the protocol identification module analyze DNS reply data from the network data, and by the DNS response
Data are sent to the DNS decoder module;
S3, the DNS decoder module carry out data statistics to the DNS reply data, and statistics file is sent to institute
Output module is stated, while the DNS reply data is decoded, and generates the DNS response according to different query types
Corresponding key message data in data;
S4, the DNS decoder module store the key message data to right according to its corresponding described query type
In the memory queue answered;
S5, the output module read the key message data in the memory queue, and by the key message
Data file corresponding with statistics file generation, while the file being sent in memory file system catalogue;
The file in the memory file system catalogue is sent to the convergence center section by S6, the transmission module
Point server;
S7, the convergence center node server carry out duplicate removal and compression to the file by the preset time cycle, and
Duplicate removal and the compressed file are stored.
Preferably, the step S3 is further comprising the steps of:
The problems in S31, the described DNS reply data of acquisition, and described problem is parsed;
Whether S32, the quantity for judging described problem are zero, continue to solve described problem if judging result is not zero
Analysis;S33 is entered step if judging result is zero;
Answer in S33, the acquisition DNS reply data, and corresponding RDATA number is parsed according to the query type
According to;
Whether S34, the quantity for judging the answer are zero, continue to solve the answer if judging result is not zero
Analysis;S35 is entered step if judging result is zero;
S35, parsing result is generated into the key message data.
Preferably, the query type includes query type A, query type MX and query type NS;The pass generated
Key information data include A record data corresponding with the query type, MX record data and NS record data.
Preferably, the A record data include client IP, domain name, domain name CNAME and domain name IP;
The MX record data include domain name, mail server domain name, mail server IP;
The NS record data include name server title, name server IP.
Preferably, the memory queue includes queue one, queue two, queue three and queue four;
The step S4 is further comprising the steps of:
The A record data are stored into the queue one and the queue two simultaneously;
The MX record data are stored into the queue three;
The NS record number will be stored into the queue four.
Preferably, the step S5 is further comprising the steps of:
The output module reads the record data of the A in the queue one, and judges the institute in the A record data
It states domain name or whether domain name IP matches with designated domain name or designated domain name IP;If it does not match, reading the next A note
Record data;It send if it does, then A record data are generated monitoring file cocurrent into the memory file system catalogue;
The output module reads the record data of the A in the queue two, and A record data are generated A note
Record file cocurrent is sent into the memory file system catalogue;
The output module reads the record data of the MX in the queue three, and MX record data are generated MX
Record file cocurrent is sent into the memory file system catalogue;
The output module reads the record data of the NS in the queue four, and NS record data are generated NS
Record file cocurrent is sent into the memory file system catalogue.
Preferably, in the step S7 duplicate removal using HEY JUDE matrix algorithm.
The present invention also provides a kind of DNS key message processing systems, including acquisition module, protocol identification module, DNS to decode
Module, output module, transmission module and convergence center node server;It further include memory queue and memory file system catalogue;
The acquisition module, the protocol identification module, the DNS decoder module, the memory queue, the output mould
Block, the memory file system catalogue, the transmission module and the convergence center node server are sequentially connected;
The acquisition module is for acquiring network data in real time and the network data being sent to the protocol identification mould
Block;
The protocol identification module from the network data for analyzing DNS reply data, and by the DNS response
Data are sent to the DNS decoder module;
The DNS decoder module is used to carry out data statistics to the DNS reply data, and statistics file is sent to institute
Transmission module is stated, is also used to be decoded the DNS reply data, and generates the DNS according to different query types and answers
Answer corresponding key message data in;It is also used to the key message data according to its corresponding query type
It stores into corresponding memory queue;
The memory queue is used to store the key message data of the corresponding query type;
The output module is used to read key message data in the memory queue, and by the key message
Data file corresponding with statistics file generation, while the file being sent in memory file system catalogue;
The memory file system catalogue is for storing the file;
The transmission module is used to the file in the memory file system catalogue being sent to the convergence center
Node server;
The convergence center node server is used to carry out duplicate removal and pressure to the network data by the preset time cycle
Contracting, and duplicate removal and the compressed network data are stored.
Preferably, the DNS decoder module is also used to obtain the problems in described DNS reply data, and to described problem
Whether the quantity for being parsed and being judged described problem is zero;
It is also used to obtain the answer in the DNS reply data, and corresponding RDATA is parsed according to the query type
Data;And judge whether the quantity of the answer is zero;And parsing result is generated into the key message data.
Preferably, the query type includes query type A, query type MX and query type NS;The pass generated
Key information data include A record data corresponding with the query type, MX record data and NS record data;
The A record data include client IP, domain name, domain name CNAME and domain name IP;The MX record data include domain
Name, mail server domain name, mail server IP;The NS record data include name server title, name server IP;
The memory queue includes queue one, queue two, queue three and queue four;A record data store simultaneously to
In the queue one and the queue two;The MX record data are stored into the queue three;The NS record number will store
To in the queue four;
The output module is also used to read the record data of the A in the queue one, and records data according to the A
In domain name or domain name IP whether match with designated domain name or designated domain name IP, by the A record data generate monitoring
File cocurrent is sent into the memory file system catalogue;
The output module is also used to read the record data of the A in the queue two, and A record data are raw
It send at A record file cocurrent into the memory file system catalogue;
The output module is also used to read the record data of the MX in the queue three, and the MX is recorded data
MX record file cocurrent is generated to send into the memory file system catalogue;
The output module is also used to read the record data of the NS in the queue four, and the NS is recorded data
NS record file cocurrent is generated to send into the memory file system catalogue.
Implement the invention has the following advantages: by the acquisition and analysis to DNS data, according to different DNS numbers
According to type, corresponding key message is extracted from initial data, is stored one by one, guarantee the maximum integrality of information.From DNS response
More comprehensively, further types of original record only stores initial data, does not analyze data acquisition, and third party can basis
Need to obtain the data of corresponding types, and depth is excavated, and the statistics of various dimensions is carried out.
Detailed description of the invention
Present invention will be further explained below with reference to the attached drawings and examples, in attached drawing:
Fig. 1 is a kind of flow chart of one embodiment of DNS key message processing method of the present invention;
Fig. 2 is the flow chart of one embodiment of dns resolution in Fig. 1;
Fig. 3 is the block diagram that a kind of DNS key message processing system of the present invention unifies embodiment.
Specific embodiment
The present invention is directed in the prior art for statistical indicator, is compared solidification, can not be carried out depth excavation again;And it samples and divides
The problem of analysis will lead to the missing of mass efficient data, and analysis loses accuracy, provides a kind of DNS key message processing side
Method and system, the english abbreviation for the domain name analysis system that DNS often claims, by the acquisition and analysis to DNS data, according to difference
DNS data type, corresponding key message is extracted from initial data, is stored one by one, guarantees the maximum integrality of information.From
DNS reply data obtains more comprehensively, and further types of original record only stores initial data, do not analyze, third party can
To obtain the data of corresponding types as needed, and depth is excavated, and the statistics of various dimensions is carried out.
For a clearer understanding of the technical characteristics, objects and effects of the present invention, now control attached drawing is described in detail
A specific embodiment of the invention.
As shown in Figure 1, Fig. 1 is a kind of flow chart of one embodiment of DNS key message processing method of the present invention.The present invention mentions
For a kind of DNS key message processing method, it is related to acquisition module 10, protocol identification module 20, DNS decoder module 30, output mould
Block 40, transmission module 50 and convergence center node server 60;
The following steps are included:
Network data is collected to central node, the acquisition module 10 acquisition in real time simultaneously by S1, multiple DNS acquisition nodes
The network data is simultaneously sent to the protocol identification module 20 by network data therein;Acquisition side in through this embodiment
Formula can more comprehensively obtain network data, guarantee that the network information is more comprehensive, type is more abundant.
S2, the protocol identification module 20 analyze DNS reply data from the network data, and the DNS is answered
Answer evidence is sent to the DNS decoder module 30;
S3, the DNS decoder module 30 carry out data statistics to the DNS reply data, and statistics file is sent to
The output module 40, while the DNS reply data is decoded, and generate the DNS according to different query types
Corresponding key message data in reply data;
In the present embodiment, the query type includes query type A, query type MX and query type NS;The institute of generation
Stating key message data includes A record data corresponding with the query type, MX record data and NS record data;It is described
It includes client IP, domain name, domain name CNAME (domain name alias) and domain name IP etc. that A, which records data,;The MX record data include domain
Name, mail server domain name, mail server IP etc.;The NS record data include name server title, name server
IP etc.;
S4, the DNS decoder module 30 by the key message data according to its corresponding described query type store to
In corresponding memory queue;The data parsed place data into different shared drive queues according to request type,
Placing data into the reason of shared drive queue is rather than directly to file is in order to avoid the I/O of the output module 40
(input/output) operation influences the efficiency of real-time acquisition module.
In the present embodiment, the memory queue includes queue one, queue two, queue three and queue four;The A records data
It stores simultaneously into the queue one and the queue two;The MX record data are stored into the queue three;The NS note
Record number will be stored into the queue four;
S5, the output module 40 read the key message data in the memory queue, and the key is believed
Data file corresponding with statistics file generation is ceased, while the file being sent in memory file system catalogue;
In the present embodiment, the output module 40 reads the record data of the A in the queue one, and judges the A
Whether domain name or domain name IP in record data match with designated domain name or designated domain name IP;If it does not match, reading
Remove the A record data;It send if it does, then A record data are generated monitoring file cocurrent to the memory
In file system directories;
The output module 40 reads the record data of the A in the queue two, and A record data are generated A
Record file cocurrent is sent into the memory file system catalogue;
The output module 40 reads the record data of the MX in the queue three, and MX record data are generated
MX record file cocurrent is sent into the memory file system catalogue;
The output module 40 reads the record data of the NS in the queue four, and NS record data are generated
NS record file cocurrent is sent into the memory file system catalogue.
The file in the memory file system catalogue is sent to the convergence center by S6, the transmission module 50
Node server 60;
S7, the convergence center node server 60 carry out duplicate removal and compression to the file by the preset time cycle,
And duplicate removal and the compressed file are stored.
Further, as shown in Fig. 2, Fig. 2 is the flow chart of one embodiment of dns resolution in Fig. 1.The step S3 further includes
Following steps:
The problems in S31, the described DNS reply data of acquisition, and described problem is parsed;
Whether S32, the quantity for judging described problem are zero, continue to solve described problem if judging result is not zero
Analysis;S33 is entered step if judging result is zero;
Answer in S33, the acquisition DNS reply data, and corresponding RDATA number is parsed according to the query type
According to;
Whether S34, the quantity for judging the answer are zero, continue to solve the answer if judging result is not zero
Analysis;S35 is entered step if judging result is zero;
S35, described problem and the parsing result of the answer are generated into the key message data.
Further, as shown in Figure 1 to Figure 2, in the step S7 duplicate removal using HEY JUDE matrix algorithm.The algorithm is former
Manage as follows: the data of DNS divide two rank HEY JUDE Input matrix according to domain name and IP, and domain name A record etc. is keyed as first layer,
Centre is using tab as separating, and two layers of key are then IP as key, and leaf node is the result after duplicate removal.HEY JUDE matrix is a kind of
Efficient data structure belongs to one kind of variation Trie tree (word lookup tree), is one 256 fork tree in logic, and utilization is wider
Shallower number tree thereby reduces the indirect number of access particular key to optimize time efficiency, avoids potential processor slow
Filling bring time loss is deposited, the access of key-value pair is realized.Compared to other association type data structures, HEY JUDE will be according to key
Length cleverly divides subtree, so that without the concern for the balance of tree when problem scale increases, and conventional tree structure is with problem
Scale growth adjustment tree balance be it is highly difficult, in addition standard HEY JUDE has used each layer section of more than 20 kinds of different dynamic compressions
Point, maximum possible stay in node in the Cache (computer Cache) of computer, improve the hit rate of Cache, subtract
Lack the access times to memory to accelerate.Just because of it have the characteristics that operation efficiently and memory use it is few, it is widely used
In current various mass data collection processing.It is defeated in the way of lexcographical order after use HEY JUDE logm is according to duplicate removal is carried out
File is arrived out, this is perfectly in harmony with the compression thought of the library zlib (providing the function library of data compression), shows by test
It after HEY JUDE matrix duplicate removal, is compressed, is twice than using the compression ratio after common algorithm duplicate removal above using the library zlib.
As shown in figure 3, Fig. 3 is the block diagram that a kind of DNS key message processing system of the present invention unifies embodiment.The present invention mentions
For a kind of DNS key message processing system, including acquisition module 10, protocol identification module 20, DNS decoder module 30, output mould
Block 40, transmission module 50 and convergence center node server 60;It further include memory queue and memory file system catalogue;
It is the acquisition module 10, the protocol identification module 20, the DNS decoder module 30, the memory queue, described
Output module 40, the memory file system catalogue, the transmission module 50 and the convergence center node server 60 are successively
Connection;
The acquisition module 10 is for acquiring network data in real time and the network data being sent to the protocol identification
Module 20;
The protocol identification module 20 answers the DNS for analyzing DNS reply data from the network data
Answer evidence is sent to the DNS decoder module 30;
The DNS decoder module 30 is used to carry out data statistics to the DNS reply data, and statistics file is sent to
The transmission module 50 is also used to be decoded the DNS reply data, and according to described in different query type generations
Corresponding key message data in DNS reply data;It is also used to according to its corresponding described look into the key message data
Type is ask to store into corresponding memory queue;
The memory queue is used to store the key message data of the corresponding query type;
The output module 40 is used to read the key message data in the memory queue, and the key is believed
Data file corresponding with statistics file generation is ceased, while the file being sent in memory file system catalogue;
The memory file system catalogue is for storing the file;
The transmission module 50 is for the file in the memory file system catalogue to be sent in the convergence
Heart node server 60;
The convergence center node server 60 be used for by the preset time cycle to the network data carry out duplicate removal and
Compression, and duplicate removal and the compressed network data are stored.
Further, as shown in figure 3, the DNS decoder module 30 is also used to obtain asking in the DNS reply data
Topic, and parsed and judged whether the quantity of described problem is zero to described problem;
It is also used to obtain the answer in the DNS reply data, and corresponding RDATA is parsed according to the query type
Data;And judge whether the quantity of the answer is zero;And parsing result is generated into the key message data.
Further, as shown in figure 3, the query type includes query type A, query type MX and query type NS;
The key message data generated include A record data corresponding with the query type, MX record data and NS record
Data;
The A record data include client IP, domain name, domain name CNAME and domain name IP;The MX record data include domain
Name, mail server domain name, mail server IP;The NS record data include name server title, name server IP;
The memory queue includes queue one, queue two, queue three and queue four;A record data store simultaneously to
In the queue one and the queue two;The MX record data are stored into the queue three;The NS record number will store
To in the queue four;
The output module 40 is also used to read the record data of the A in the queue one, and records number according to the A
Whether domain name or domain name IP in match with designated domain name or designated domain name IP, and A record data are generated prison
Control file cocurrent is sent into the memory file system catalogue;
The output module 40 is also used to read the record data of the A in the queue two, and the A is recorded data
A record file cocurrent is generated to send into the memory file system catalogue;
The output module 40 is also used to read the record data of the MX in the queue three, and the MX is recorded number
It send according to MX record file cocurrent is generated into the memory file system catalogue;
The output module 40 is also used to read the record data of the NS in the queue four, and the NS is recorded number
It send according to NS record file cocurrent is generated into the memory file system catalogue.
The embodiment of the present invention is described with above attached drawing, but the invention is not limited to above-mentioned specific
Embodiment, the above mentioned embodiment is only schematical, rather than restrictive, those skilled in the art
Under the inspiration of the present invention, without breaking away from the scope protected by the purposes and claims of the present invention, it can also make very much
Form, all of these belong to the protection of the present invention.
Claims (10)
1. a kind of DNS key message processing method, which is characterized in that be related to acquisition module (10), protocol identification module (20),
DNS decoder module (30), output module (40), transmission module (50) and convergence center node server (60);Including following step
It is rapid:
S1, the acquisition module (10) acquire network data in real time and the network data are sent to the protocol identification module
(20);
S2, the protocol identification module (20) analyze DNS reply data from the network data, and by the DNS response
Data are sent to the DNS decoder module (30);
S3, the DNS decoder module (30) carry out data statistics to the DNS reply data, and statistics file is sent to institute
It states output module (40), while the DNS reply data is decoded, and generate the DNS according to different query types
Corresponding key message data in reply data;
S4, the DNS decoder module (30) store the key message data to right according to its corresponding described query type
In the memory queue answered;
S5, the output module (40) read the key message data in the memory queue, and by the key message
Data file corresponding with statistics file generation, while corresponding file is sent to memory file system catalogue
In;
Corresponding file in the memory file system catalogue is sent to the convergence by S6, the transmission module (50)
Central node server (60);
S7, the convergence center node server (60) carry out duplicate removal and compression to the file by the preset time cycle, and
Duplicate removal and compressed corresponding file are stored.
2. a kind of DNS key message processing method according to claim 1, which is characterized in that the step S3 further includes
Following steps:
The problems in S31, the described DNS reply data of acquisition, and described problem is parsed;
Whether S32, the quantity for judging described problem are zero, continue to parse described problem if judging result is not zero;
S33 is entered step if judging result is zero;
Answer in S33, the acquisition DNS reply data, and corresponding RDATA data are parsed according to the query type;
Whether S34, the quantity for judging the answer are zero, continue to parse the answer if judging result is not zero;
S35 is entered step if judging result is zero;
S35, parsing result is generated into the key message data.
3. according to claim 1 to a kind of 2 described in any item DNS key message processing methods, which is characterized in that the inquiry
Type includes query type A, query type MX and query type NS;Generate the key message data include and the inquiry
The corresponding A record data of type, MX record data and NS record data.
4. a kind of DNS key message processing method according to claim 3, which is characterized in that
The A record data include client IP, domain name, domain name CNAME and domain name IP;
The MX record data include domain name, mail server domain name, mail server IP;
The NS record data include name server title, name server IP.
5. a kind of DNS key message processing method according to claim 4, which is characterized in that the memory queue includes
Queue one, queue two, queue three and queue four;
The step S4 is further comprising the steps of:
The A record data are stored into the queue one and the queue two simultaneously;
The MX record data are stored into the queue three;
The NS record number will be stored into the queue four.
6. a kind of DNS key message processing method according to claim 5, which is characterized in that the step S5 further includes
Following steps:
The output module (40) reads the A in the queue one and records data, and judges the institute in the A record data
It states domain name or whether domain name IP matches with designated domain name or designated domain name IP;If it does not match, reading the next A note
Record data;It send if it does, then A record data are generated monitoring file cocurrent into the memory file system catalogue;
The output module (40) reads the A in the queue two and records data, and A record data are generated A note
Record file cocurrent is sent into the memory file system catalogue;
The output module (40) reads the MX in the queue three and records data, and MX record data are generated MX
Record file cocurrent is sent into the memory file system catalogue;
The output module (40) reads the NS in the queue four and records data, and NS record data are generated NS
Record file cocurrent is sent into the memory file system catalogue.
7. a kind of DNS key message processing method according to claim 1, which is characterized in that duplicate removal in the step S7
Using HEY JUDE matrix algorithm.
8. a kind of DNS key message processing system, which is characterized in that including acquisition module (10), protocol identification module (20),
DNS decoder module (30), output module (40), transmission module (50) and convergence center node server (60);It further include memory
Queue and memory file system catalogue;
The acquisition module (10), the protocol identification module (20), the DNS decoder module (30), the memory queue, institute
State output module (40), the memory file system catalogue, the transmission module (50) and the convergence center node server
(60) it is sequentially connected;
The acquisition module (10) is for acquiring network data in real time and the network data being sent to the protocol identification mould
Block (20);
The protocol identification module (20) from the network data for analyzing DNS reply data, and by the DNS response
Data are sent to the DNS decoder module (30);
The DNS decoder module (30) is used to carry out data statistics to the DNS reply data, and statistics file is sent to institute
Transmission module (50) are stated, are also used to be decoded the DNS reply data, and according to described in different query type generations
Corresponding key message data in DNS reply data;It is also used to according to its corresponding described look into the key message data
Type is ask to store into corresponding memory queue;
The memory queue is used to store the key message data of the corresponding query type;
The output module (40) is used to read key message data in the memory queue, and by the key message
Data file corresponding with statistics file generation, while corresponding file is sent to memory file system catalogue
In;
The memory file system catalogue is for storing corresponding file;
The transmission module (50) is used to the corresponding file in the memory file system catalogue being sent to the remittance
Poly- central node server (60);
The convergence center node server (60) is used to carry out duplicate removal and pressure to the network data by the preset time cycle
Contracting, and duplicate removal and the compressed network data are stored.
9. a kind of DNS key message processing system according to claim 8, which is characterized in that the DNS decoder module
(30) it is also used to obtain the problems in described DNS reply data, and the number of described problem is parsed and judged to described problem
Whether amount is zero;
It is also used to obtain the answer in the DNS reply data, and corresponding RDATA number is parsed according to the query type
According to;And judge whether the quantity of the answer is zero;And parsing result is generated into the key message data.
10. a kind of DNS key message processing system according to claim 8, which is characterized in that the query type includes
Query type A, query type MX and query type NS;The key message data generated include opposite with the query type
A record data, MX record data and the NS record data answered;
The A record data include client IP, domain name, domain name CNAME and domain name IP;The MX record data include domain name, postal
Part server domain name, mail server IP;The NS record data include name server title, name server IP;
The memory queue includes queue one, queue two, queue three and queue four;The A record data are stored to described simultaneously
In queue one and the queue two;The MX record data are stored into the queue three;The NS record number will be stored to institute
It states in queue four;
The output module (40) is also used to read the record data of the A in the queue one, and records data according to the A
In domain name or domain name IP whether match with designated domain name or designated domain name IP, by the A record data generate monitoring
File cocurrent is sent into the memory file system catalogue;
The output module (40) is also used to read the record data of the A in the queue two, and A record data are raw
It send at A record file cocurrent into the memory file system catalogue;
The output module (40) is also used to read the record data of the MX in the queue three, and the MX is recorded data
MX record file cocurrent is generated to send into the memory file system catalogue;
The output module (40) is also used to read the record data of the NS in the queue four, and the NS is recorded data
NS record file cocurrent is generated to send into the memory file system catalogue.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410583420.7A CN105530327B (en) | 2014-10-27 | 2014-10-27 | A kind of DNS key message processing method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410583420.7A CN105530327B (en) | 2014-10-27 | 2014-10-27 | A kind of DNS key message processing method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105530327A CN105530327A (en) | 2016-04-27 |
CN105530327B true CN105530327B (en) | 2018-12-11 |
Family
ID=55772300
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410583420.7A Active CN105530327B (en) | 2014-10-27 | 2014-10-27 | A kind of DNS key message processing method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105530327B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111917899B (en) * | 2020-07-28 | 2022-05-17 | 平安科技(深圳)有限公司 | Domain name compression method and related product thereof |
CN112019652B (en) * | 2020-08-27 | 2023-01-24 | 北京亚鸿世纪科技发展有限公司 | Method and device for judging IPV6 address field |
CN113572854B (en) * | 2021-08-10 | 2023-11-14 | 北京无线电测量研究所 | Data transmission method and system based on Kafka component |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008001021A1 (en) * | 2006-06-30 | 2008-01-03 | France Telecom | Method and device for managing the configuring of equipment of a network |
CN101739424A (en) * | 2008-11-13 | 2010-06-16 | 中国科学院计算机网络信息中心 | Method and system for converting and storing keyword and resource record of keyword |
CN102184196A (en) * | 2011-04-21 | 2011-09-14 | 中国电子信息产业集团有限公司第六研究所 | Petition integrated management information system |
CN103399908A (en) * | 2013-07-30 | 2013-11-20 | 北京北纬通信科技股份有限公司 | Method and system for fetching business data |
-
2014
- 2014-10-27 CN CN201410583420.7A patent/CN105530327B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008001021A1 (en) * | 2006-06-30 | 2008-01-03 | France Telecom | Method and device for managing the configuring of equipment of a network |
CN101739424A (en) * | 2008-11-13 | 2010-06-16 | 中国科学院计算机网络信息中心 | Method and system for converting and storing keyword and resource record of keyword |
CN102184196A (en) * | 2011-04-21 | 2011-09-14 | 中国电子信息产业集团有限公司第六研究所 | Petition integrated management information system |
CN103399908A (en) * | 2013-07-30 | 2013-11-20 | 北京北纬通信科技股份有限公司 | Method and system for fetching business data |
Also Published As
Publication number | Publication date |
---|---|
CN105530327A (en) | 2016-04-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11681678B2 (en) | Fast circular database | |
Wullink et al. | ENTRADA: A high-performance network traffic data streaming warehouse | |
US20200021506A1 (en) | Hierarchical aggregation of select network traffic statistics | |
CN109033471B (en) | Information asset identification method and device | |
JP6490059B2 (en) | Method for processing data, tangible machine readable recordable storage medium and device, and method for querying features extracted from a data record, tangible machine readable recordable storage medium and device | |
EP2240854B1 (en) | Method of resolving network address to host names in network flows for network device | |
US9608879B2 (en) | Methods and apparatus to collect call packets in a communications network | |
CN109684052B (en) | Transaction analysis method, device, equipment and storage medium | |
CA2534121A1 (en) | Network asset tracker for identifying users of networked computers | |
CN107465690B (en) | A kind of passive type abnormal real-time detection method and system based on flow analysis | |
CN107818120A (en) | Data processing method and device based on big data | |
US20090141638A1 (en) | Method for partitioning network flows based on their time information | |
CN106789242B (en) | Intelligent identification application analysis method based on mobile phone client software dynamic feature library | |
CN105530327B (en) | A kind of DNS key message processing method and system | |
CN110474994A (en) | Domain name analytic method, device, electronic equipment and storage medium | |
CN113162818A (en) | Method and system for realizing distributed flow acquisition and analysis | |
Yu et al. | Behavior Analysis based DNS Tunneling Detection and Classification with Big Data Technologies. | |
CN112632129A (en) | Code stream data management method, device and storage medium | |
Zhu et al. | Mining information on bitcoin network data | |
Song et al. | Det: Enabling efficient probing of ipv6 active addresses | |
WO2009038384A1 (en) | Query processing system and methods for a database with packet information by dividing a table and query | |
Valdez et al. | How to discover IoT devices when network traffic is encrypted | |
US11477161B1 (en) | Systems and methods for detecting DNS communications through time-to-live analyses | |
Djatmiko et al. | Federated flow-based approach for privacy preserving connectivity tracking | |
WO2017124660A1 (en) | System and method for associating multi-stage assembly transactions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |