CN106550056A - A kind of domain name analytic method and device - Google Patents

A kind of domain name analytic method and device Download PDF

Info

Publication number
CN106550056A
CN106550056A CN201510599652.6A CN201510599652A CN106550056A CN 106550056 A CN106550056 A CN 106550056A CN 201510599652 A CN201510599652 A CN 201510599652A CN 106550056 A CN106550056 A CN 106550056A
Authority
CN
China
Prior art keywords
dns
domain name
dns query
query request
inquiry
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510599652.6A
Other languages
Chinese (zh)
Other versions
CN106550056B (en
Inventor
巫俊峰
韩峰
沈瀚
黄钟
陈金金
杨健
俞洋
王济晟
周红林
李巍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Group Jiangsu Co Ltd
Original Assignee
China Mobile Group Jiangsu Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Jiangsu Co Ltd filed Critical China Mobile Group Jiangsu Co Ltd
Priority to CN201510599652.6A priority Critical patent/CN106550056B/en
Publication of CN106550056A publication Critical patent/CN106550056A/en
Application granted granted Critical
Publication of CN106550056B publication Critical patent/CN106550056B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of domain name analytic method and device, methods described includes the DNS query request for redirecting dns server collection network gateway devices;And, obtain the IP of the IP and purpose dns server in the DNS query request;Judge the IP of the purpose dns server whether in preset DNS white lists;If it is not, then domain name mapping is carried out according to DNS query request, and obtain the IP of the domain name of inquiry;According to the IP of the domain name of the inquiry, construct with the IP of the purpose dns server as source IP and with the source IP in DNS query request as the first DNS query response message of purpose IP, and the first DNS query response message is sent to into the network equipment corresponding with the source IP in DNS query request.The safety of user profile, or the speed for improving customer access network can be improved by the solution of the present invention.

Description

A kind of domain name analytic method and device
Technical field
The present invention relates to communication technical field, more particularly to a kind of domain name analytic method and device.
Background technology
DNS (Domain Name System, domain name system) server is the entrance of the Internet, DNS First link of the inquiry request generation in user's access the Internet, ICP (Internet Content Provider, ICP) content resource, CDN (Content Delivery Network, content delivery network Network) etc. all rely on the correct scheduling of dns server and customer flow could be directed to most suitable resource Node.The DNS that user terminal is arranged is configured by user itself, and in reality, hacker is using safety User network routing device or the DNS on terminal computer are distorted and are controlled by hacker by leak, malicious code etc. The security incident of the illegal dns server of system is frequent all the more.When unwitting user accesses illegal DNS clothes During the specific website that business device is provided the user, such as fishing website can cause user profile to reveal and heavy losses. For example, as shown in figure 1, for user acquiescence DNS distorted as illegal DNS by hacker after, by script send out Illegal dns server is given to the DNS query request transmission of legal dns server;Thus make hacker User profile is stolen by illegal dns server, the process sends the DNS query of server A with user As a example by, illustrate, comprise the following steps:
Wherein, the correct IP (Internet Protocol Address, Internet protocol address) of server A The server A that 1.1.1.1, service B are that hacker forges is assumed to be, and assumes that the IP of server B is 2.2.2.2.
Step 101:Terminal initiates the DNS query request of inquiry server A, the purpose of the inquiry request IP is the IP of illegal dns server.
Step 102:After illegal dns server receives DNS query request, the IP of server A is forged For the IP of server B.
Step 103:The IP of server B as the IP of server A, is returned by illegal dns server To terminal.
Step 104:Terminal to server B initiating business requests;
Step 105:Server B responds Client-initiated service request, steals user profile.
User profile is caused to reveal in order to prevent from accessing illegal dns server in correlation technique, often at end End is installed by fail-safe software.And fail-safe software depends on knowledge base for the identification ability of long-range illegal DNS, As the behavior characteristicss that illegal DNS is showed are totally different from conventional viral and wooden horse, fail-safe software is normal Chang Wufa is recognized according to knowledge base.Additionally, the terminal system that fail-safe software can be adapted to can only cover main flow operation System such as windows is serial, then helpless to non-windows systems.So, still deposit in correlation technique The risk that user profile is revealed.
Additionally, even if user network routing device or the DNS on terminal computer are not tampered with, if user from The DNS of body configuration is unreasonable, and the user configured of such as first network operator is the second Virtual network operator DNS, then user access network when, the mandate DNS of content supplier can be transported according to the second network The DNS attaching informations of battalion business, the server scheduling in the second intra-network operator is used to user, and Optimal service device in first network operator will not be scheduled to user, so as to affect user's online experience, Cause the speed of customer access network slow.
The content of the invention
A kind of domain name analytic method and device are embodiments provided, to solve the user that presently, there are There is security risk in information, cause to dispatch the speed that error causes access network because user configuring DNS is unreasonable The slow problem for waiting of degree.
A kind of domain name analytic method is embodiments provided, including:
Redirect the DNS query request of dns server collection network gateway devices;And,
Obtain the IP of the source IP and purpose dns server in the DNS query request;
Judge the IP of the purpose dns server whether in preset DNS white lists;The DNS White list includes the IP of at least one credible dns server;
If it is not, then domain name mapping is carried out according to DNS query request, and obtain the IP of the domain name of inquiry;
According to the IP of the domain name of the inquiry, construct with the IP of the purpose dns server as source IP and With the source IP in DNS query request as the first DNS query response message of purpose IP, and by institute State the first DNS query response message and be sent to network corresponding with the source IP in DNS query request Equipment.
Further, the embodiment of the present invention additionally provides a kind of domain name mapping device, including:
Acquisition module, the DNS query for gathering network gateway devices are asked;And,
Data obtaining module, for obtaining source IP and purpose DNS clothes in the DNS query request The IP of business device;
Judge module, for judging the IP of the purpose dns server whether in the preset white names of DNS Dan Zhong;The DNS white lists include the IP of at least one credible dns server;
Domain name mapping module, if the judged result for the judge module is no, according to the DNS Inquiry request carries out domain name mapping, and obtains the IP of the domain name of inquiry;
Responder module, for the IP of the domain name according to the inquiry, constructs with the purpose dns server IP be source IP and with the DNS query request in source IP as purpose IP the first DNS query should Message is answered, and the first DNS query response message is sent to and the source in DNS query request The corresponding network equipments of IP.
The present invention has the beneficial effect that:In the embodiment of the present invention, by the DNS using network gateway devices Inquiry request, and the DNS query request is analyzed, if purpose DNS in the DNS query request The IP of server is not in preset DNS white lists;Domain name is carried out according to DNS query request then Parsing, and with the name of the purpose dns server by analysis result be sent to the DNS query please The corresponding network equipments of source IP in asking.So, when DNS query request is destined to illegal DNS clothes During business device, carried out domain name mapping and fed back domain name analysis result by dns server is redirected, due to resetting It is legal to dns server, it is ensured that the domain name mapping result for being sent to the network equipment is user's inquiry The correct IP of domain name such that it is able to ensure user information safety.
Furthermore, it is possible to the IP of the dns server of outer net is not configured in DNS white lists, then, When DNS query request in purpose dns server IP not in preset DNS white lists when, It is probably that this network users does not have reasonable disposition DNS, so, domain name is carried out by redirecting dns server Parse and feed back domain name analysis result, it is ensured that the server of domain name of the user by Home Network access queries, carry The speed and Consumer's Experience of high customer access network.
Description of the drawings
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, below will be to institute in embodiment description The accompanying drawing that needs are used is briefly introduced, it should be apparent that, drawings in the following description are only the present invention's Some embodiments, for one of ordinary skill in the art, on the premise of not paying creative work, Can be with according to these other accompanying drawings of accompanying drawings acquisition.
Fig. 1 show the schematic flow sheet of domain name analytic method described in correlation technique;
Fig. 2 show the schematic flow sheet of domain name analytic method described in the embodiment of the present invention one;
Fig. 3 show the schematic flow sheet of domain name analytic method described in the embodiment of the present invention two;
Fig. 4 show the schematic flow sheet of domain name analytic method described in the embodiment of the present invention three;
Fig. 5 show the structural representation one of domain name mapping device described in the embodiment of the present invention four;
Fig. 6 show the structural representation two of domain name mapping device described in the embodiment of the present invention four.
Specific embodiment
A kind of domain name analytic method is embodiments provided, the method is applied to enterprise network, Metropolitan Area Network (MAN) etc. Need the network environment of domain name resolution service.In technical scheme described in the embodiment of the present invention, due to redirecting The DNS query request of dns server collection network gateway devices, and obtain in the DNS query request Source IP and purpose dns server IP;And judge that whether the IP of the purpose dns server exists In preset DNS white lists;If it is not, domain name mapping is carried out according to DNS query request then, and with Analysis result is sent to and the source IP in DNS query request by the name of the purpose dns server The corresponding network equipment.So, when DNS query request is destined to illegal dns server, by weight Orientation dns server carries out domain name mapping and feeds back domain name analysis result, due to redirecting dns server It is legal, it is ensured that the domain name mapping result for being sent to the network equipment is the correct IP of user's nslookup, So as to ensure user information safety.
Furthermore, it is possible to the IP of the dns server of outer net is not configured in DNS white lists, then, When DNS query request in purpose dns server IP not in preset DNS white lists when, It is probably that this network users does not have reasonable disposition DNS, so, domain name is carried out by redirecting dns server Parse and feed back domain name analysis result, it is ensured that the server of domain name of the user by Home Network access queries, carry The speed and Consumer's Experience of high customer access network.
In order that the object, technical solutions and advantages of the present invention are clearer, below in conjunction with accompanying drawing to this It is bright to be described in further detail, it is clear that described embodiment is only a part of embodiment of the invention, Rather than the embodiment of whole.Based on the embodiment in the present invention, those of ordinary skill in the art are not doing The all other embodiment obtained under the premise of going out creative work, belongs to the scope of protection of the invention.
Embodiment one:
As shown in Fig. 2 which is the schematic flow sheet of domain name analytic method described in the embodiment of the present invention one, institute Stating domain name analytic method may include following steps:
Step 201:Redirect the DNS query request of dns server collection network gateway devices.
Step 202:Obtain the IP of the source IP and purpose dns server in the DNS query request.
Step 203:Judge the IP of the purpose dns server whether in preset DNS white lists; The DNS white lists include the IP of at least one credible dns server.
Wherein, in one embodiment, when the IP of the purpose dns server is white in preset DNS In list, then DNS query request is transmitted to into purpose dns server.
Step 204:If the IP of the purpose dns server is not in preset DNS white lists, root Domain name mapping is carried out according to DNS query request, and obtains the IP of the domain name of inquiry.
Step 205:According to the IP of the domain name of the inquiry, construct with the IP of the purpose dns server For source IP and with the source IP in DNS query request as the first DNS query response report of purpose IP Text, and the first DNS query response message is sent to and the source IP in DNS query request The corresponding network equipment.
Wherein, in one embodiment, in order to avoid Single Point of Faliure (avoids redirecting dns server Break down and cannot reply DNS query request, cause the network equipment obtain after sending DNS query request Take Query Result), in the embodiment of the present invention, it is to be gathered by mirror image or spectroscopic modes that step 201 can perform The DNS query request of the network gateway devices, so that the purpose dns server receives the DNS The 2nd DNS response messages for DNS query request are simultaneously sent to the network and are set by inquiry request It is standby.So, if there is Single Point of Faliure, and purpose dns server is actually also legal DNS service During device, the DNS query request that the network equipment sends can also obtain response.
Wherein, in one embodiment, redirect general cache domain name pass corresponding with IP in dns server System, such step 204 (carry out domain name mapping according to DNS query request, and obtain the domain of inquiry The IP of name), can specifically perform and be:First search in domain name and the IP corresponding relations of own cache with the presence or absence of with The corresponding IP of domain name of the inquiry, if existing, according to lookup result, execution step 205.So, It is near due to redirecting dns server range network device distance, and, redirect dns server by from The domain name of body caching carries out domain name mapping and a DNS response messages is sent to network with IP corresponding relations 2nd DNS response messages are sent to the network equipment by equipment, the object defined above that compares dns server, net Network equipment can first receive a DNS response messages, after receive the 2nd DNS response messages.According to The DNS Protocol network equipment can abandon the 2nd DNS response messages.So, redirect dns server to pass through Try to be the first acknowledgement mechanism, ask earlier than purpose dns server response DNS query.So, even if purpose Dns server has carried out response to DNS query request, as the network equipment has abandoned the response, network Still service request is carried out according to the first response message after equipment, then disabled user cannot also steal user's letter Breath, so as to user information safety can be ensured.
Wherein, in one embodiment, when the domain name for redirecting dns server own cache is corresponding with IP When there is no the corresponding IP with the domain name of the inquiry in relation, redirecting dns server can be in domain name Each branch in tree carries out recursive query up and down.But carry out the speed of recursive query slowly, in order to reality Existing above-mentioned acknowledgement mechanism of trying to be the first, protects user profile, in the embodiment of the present invention, needs to improve domain name mapping Speed.So, the speed of domain name mapping in order to race against time, is improved, in order to redirect DNS The domain name mapping result of server can feed back to the network equipment as soon as possible, and step 204 is (i.e. according to the DNS Inquiry request carries out domain name mapping, and obtains the IP of the domain name of inquiry), can specifically perform and be:Inquiry itself The domain name of caching with IP corresponding relations with the presence or absence of IP corresponding with the domain name of the inquiry;If inquiry is not To IP corresponding with the domain name of the inquiry, then DNS query request is transmitted to into credible local dns Server;And, receive the IP of the domain name of the inquiry that the credible local dns server sends.Its In, credible local dns server is this network operation business local dns on network near terminal, with passing Return speed fast, buffer memory capacity is big, storage record is more, so the characteristics of having domain name resolution efficiency high.
Wherein, in one embodiment, the aforesaid network equipment (sends the network of DNS query request Equipment), can be other dns servers, or terminal in addition to dns server is redirected. In the embodiment of the present invention, to reach the purpose of the speed of protection user profile or raising customer access network, only The DNS query request that processing terminal sends is needed, without the need for looking into the DNS that dns server sends Ask request to be processed.Based on this, to avoid the DNS query request for processing dns server transmission from causing The waste of process resource, and the network traffics of redundancy are produced, in the embodiment of the present invention, in execution step 202 Before, can also first judge that the source that DNS query is asked is terminal or dns server.Specifically, There is the expectation that the source for marking DNS query request is terminal or dns server in DNS query request Recurrence field, specifically, DNS query request in flag mark in have a RD (recursion desired, Expect recurrence) field;During the field set 1, expression (now initiates DNS request using recursive query Source be terminal);When the field set is 0, expression (now initiates DNS request using iterative query Source be dns server).So, in the embodiment of the present invention, can be, before step 202, obtaining Take the expectation recurrence field for representing the DNS query request source in the DNS query request Value;According to the expectation recurrence field value, determine whether the source of the DNS query request is terminal. In this manner it is achieved that the DNS query request only to source for terminal carries out above-mentioned steps 202- step 205 Process.Certainly, " obtain next for representing the DNS query request in the DNS query request The step of expectation recurrence field value in source ", simultaneously can be performed with step 202, it is also possible to step 202 it Afterwards, and before step 203 perform, then, before step 203, determine the DNS query request Source be whether terminal, the embodiment of the present invention is not limited to this.
Wherein, in one embodiment, in order to meet the demand of special user, such as user is to realize domain The test of name parsing, then the DNS query request that special user can be sent, the mesh for transferring to user to require Dns server perform.So, in the embodiment of the present invention, in execution step 204 (i.e. according to described DNS query request carries out domain name mapping) before, can also first judge the source in the DNS query request Whether IP is in preset IP white lists, if not performing according to described in preset IP white lists DNS query request carries out the operation of domain name mapping.Wherein, the IP white lists include that at least one can Letter IP, the IP of this is credible IP the is user for having specific demand.
To sum up, in the embodiment of the present invention, asked by the DNS query for gathering network gateway devices, and it is right The DNS query request is analyzed, if the IP of the purpose dns server in the DNS query request is not In preset DNS white lists;Domain name mapping is carried out according to DNS query request then, and with described Analysis result is sent to and IP pair, source in DNS query request by the name of purpose dns server The network equipment answered.So, when DNS query request is destined to illegal dns server, by resetting Domain name mapping is carried out to dns server and domain name analysis result is fed back, due to redirecting dns server is Legal, it is ensured that the domain name mapping result for being sent to the network equipment is the correct IP of user's nslookup, from And ensure that user information safety.
Furthermore, it is possible to the IP of the dns server of outer net is not configured in DNS white lists, then, When DNS query request in purpose dns server IP not in preset DNS white lists when, It is probably that this network users does not have reasonable disposition DNS, so, domain name is carried out by redirecting dns server Parse and feed back domain name analysis result, it is ensured that the server of domain name of the user by Home Network access queries, carry The speed and Consumer's Experience of high customer access network.
Additionally, in the embodiment of the present invention, DNS query request is gathered by mirror image or light splitting acquisition mode, So that the 2nd DNS response messages for DNS query request are sent out by the purpose dns server Give the network equipment.Single Point of Faliure can not only be avoided, due also to redirecting dns server distance The network equipment is near, and a DNS response messages can be sent to the network equipment faster earlier, makes net Network equipment abandons the 2nd DNS response messages, realizes the mechanism of response of trying to be the first, user can be protected then to believe Breath safety.
Additionally, in the embodiment of the present invention, when the domain name and IP that redirect dns server inquiry own cache There is no IP corresponding with the domain name of the inquiry in corresponding relation;Then DNS query request is forwarded To credible local dns server;And, receive the inquiry that the credible local dns server sends Domain name IP.The speed for redirecting that dns server feeds back a DNS response messages can be improved, after And improve the speed that user obtains domain name mapping result, additionally it is possible to the acknowledgement mechanism that preferably ensures to try to be the first has Effect operation, and then user information safety can be protected.
Embodiment two
As shown in figure 3, which is the schematic flow sheet of domain name analytic method described in the embodiment of the present invention two, should In embodiment by taking acknowledgement mechanism protection user profile of trying to be the first as an example, to the domain name mapping side in the embodiment of the present invention Method is illustrated, and the method may include following steps:
Step 301:Redirect dns server and pass through mirror image or the spectroscopic modes collection network gateway devices DNS query request so that the purpose dns server receives DNS query request and by pin The 2nd DNS response messages that the DNS query is asked are sent in asking with the DNS query The corresponding terminals of source IP.
Step 302:Redirect dns server obtain in DNS query request for representing described The recurrence field value in DNS query request source;And, according to the recurrence field value, determine the DNS Whether the source of inquiry request is terminal, if so, then execution step 303, otherwise end operation.
Step 303:Redirect dns server and obtain source IP and purpose in the DNS query request The IP of dns server.
Step 304:Whether redirect dns server judges the IP of the purpose dns server preset DNS white lists in;If so, then end operation, if it is not, then execution step 305.
Step 305:Redirect dns server judge the DNS query ask in source IP whether pre- In the IP white lists put, if so, then end operation;If it is not, then execution step 306.
Step 306:Whether redirect in domain name and the IP corresponding relations of dns server inquiry own cache The corresponding IP of domain name for existing and inquiring about, if so, then execution step 309, if it is not, then execution step 307.
Step 307:Redirect dns server and DNS query request is transmitted to into credible local dns Server.
Step 308:Redirect dns server and receive the described of the credible local dns server transmission The IP of the domain name of inquiry.
Step 309:IP of the dns server according to the domain name of the inquiry is redirected, is constructed with the mesh The IP of dns server be source IP and with the source IP in DNS query request as the of purpose IP One DNS query response message, and the first DNS query response message is sent to and the DNS The corresponding terminals of source IP in inquiry request.
Step 310:Terminal receives the first DNS query response message for redirecting that dns server sends, And according to the first DNS query response message to inquiry domain name server initiating business request.
Step 311:Terminal receives the second DNS query response message that purpose dns server sends, and Abandon the second DNS query response message.
To sum up, in the embodiment of the present invention, by acknowledgement mechanism of trying to be the first so that terminal first receives a DNS Inquiry response message, and the second DNS query response message being subsequently received is abandoned, so as to ensure to keep away Server is forged in exempting from correlation technique and steals user profile.So, the embodiment of the present invention can ensure user profile Safety.
Embodiment three
As shown in figure 4, which is the schematic flow sheet of domain name analytic method described in the embodiment of the present invention three, should The DNS of oneself is configured to the DNS that C nets provider by the user B for netting provider in embodiment with A, is led As a example by the family A that applies accesses the slow scene of network, to the domain name analytic method in the embodiment of the present invention in the scene The lower method for improving customer access network speed is illustrated, and the method may include following steps:
Wherein, A nets are not taken including the DNS of C nets in redirecting the DNS white lists in dns server The IP of business device D.
Step 401:A nets redirect dns server and pass through mirror image or the spectroscopic modes collection network egress The DNS query request of equipment, the IP of the purpose dns server in the DNS query request is C nets Dns server D IP so that the dns server D receive the DNS query ask and incite somebody to action The 2nd DNS response messages asked for the DNS query are sent in being asked with the DNS query The corresponding terminals of source IP.
Step 402:A nets redirect dns server obtain in DNS query request for representing The recurrence field value in the DNS query request source;And, according to the recurrence field value, it is determined that described Whether the source of DNS query request is terminal, if so, then execution step 403, otherwise end operation.
Step 403:A nets redirect the source IP that dns server obtained in DNS query request and The IP of dns server D.
Step 404:Whether A nets redirect dns server and judge the IP of dns server D preset DNS white lists in;If so, then end operation, if it is not, then execution step 405.
Step 405:A nets redirect dns server judge the DNS query ask in source IP whether In preset IP white lists, if so, then end operation;If it is not, then execution step 406.
Step 406:A nets are redirected in the domain name and IP corresponding relations of dns server inquiry own cache With the presence or absence of the corresponding IP of domain name with inquiry, if so, then execution step 409, if it is not, then execution step 407。
Step 407:DNS query request is transmitted to credible local by A nets redirection dns server Dns server.
Step 408:A nets redirect dns server and receive what the credible local dns server sent The IP of the domain name of the inquiry.
Step 409:A nets redirect IP of the dns server according to the domain name of the inquiry, construct with DNS The IP of server D is source IP and with the source IP in DNS query request as the first of purpose IP DNS query response message, and the first DNS query response message is sent to and the DNS query The corresponding terminals of source IP in request.
Step 410:Terminal receives A nets and redirects the first DNS query response report that dns server sends Text, and according to the first DNS query response message to inquiry domain name server initiating business request.
Step 411:Terminal receives the second DNS query response message that dns server D sends, and loses Abandon the second DNS query response message.
To sum up, in the embodiment of the present invention, in user configuring after the DNS of outer net provider, additionally it is possible to logical The redirection dns server for crossing Home Network carries out domain name mapping for user, and feeds back domain name analysis result to use Family, so as to ensure that user, without the need for outgoing access network, improves the speed of customer access network.
Example IV
Based on identical inventive concept, the embodiment of the present invention also provides a kind of domain name mapping device, such as Fig. 5 institutes Show, the device includes:
Acquisition module 501, the DNS query for gathering network gateway devices are asked;And,
Data obtaining module 502, for obtaining the source internet protocol address in the DNS query request The IP of IP and purpose dns server;
Whether judge module 503, the IP for judging the purpose dns server are white in preset DNS In list;The DNS white lists include the IP of at least one credible dns server;
Domain name mapping module 504, if the judged result for the judge module is no, according to the DNS Inquiry request carries out domain name mapping, and obtains the IP of the domain name of inquiry;
Responder module 505, for the IP of the domain name according to the inquiry, is constructed and is taken with purpose DNS The IP of business device is source IP and with the source IP in DNS query request as a DNS of purpose IP Inquiry response message, and the first DNS query response message is sent to and DNS query request In the corresponding network equipments of source IP.
Wherein, in one embodiment, the acquisition module 501, specifically for by mirror image or light splitting side Formula gathers the DNS query request of the network gateway devices, so that the purpose dns server receives institute State DNS query request and the 2nd DNS response messages for DNS query request are sent to into institute State the network equipment.
Wherein, in one embodiment, as shown in fig. 6, domain name parsing module 504, specifically includes:
Caching query unit 506, for inquire about in the domain name of own cache and IP corresponding relations with the presence or absence of with The corresponding IP of domain name of the inquiry;
Retransmission unit 507, if inquiring about less than corresponding with the domain name of the inquiry for the caching query unit IP, then by the DNS query request be transmitted to credible local dns server;
Receiving unit 508, for receiving the domain name of the inquiry that the credible local dns server sends IP.
Wherein, in one embodiment, as shown in fig. 6, described device also includes:
First determining module 509, carries out domain according to DNS query request for domain name parsing module Before name parsing, the source IP in DNS query request is determined not in preset IP white lists, it is described IP white lists include at least one credible IP.
Wherein, in one embodiment, as shown in fig. 6, described device also includes:
Field value acquisition module 510, judges the IP of the purpose dns server for the judge module Before whether in preset DNS white lists, obtain in DNS query request for representing described The expectation recurrence field value in DNS query request source;
Second determining module 511, for according to the expectation recurrence field value, determining that the DNS query please The source asked is terminal.
Domain name mapping device provided in an embodiment of the present invention, by the DNS query using network gateway devices Request, and the DNS query request is analyzed, if the purpose DNS clothes in the DNS query request The IP of business device is not in preset DNS white lists;Domain name solution is carried out according to DNS query request then Analysis, and analysis result is sent to and DNS query request with the name of the purpose dns server In the corresponding network equipments of source IP.So, when DNS query request is destined to illegal DNS service During device, carried out domain name mapping and fed back domain name analysis result by dns server is redirected, due to redirecting Dns server is legal, it is ensured that the domain name mapping result for being sent to the network equipment is user's nslookup Correct IP such that it is able to ensure user information safety.
Furthermore, it is possible to the IP of the dns server of outer net is not configured in DNS white lists, then, When DNS query request in purpose dns server IP not in preset DNS white lists when, It is probably that this network users does not have reasonable disposition DNS, so, domain name is carried out by redirecting dns server Parse and feed back domain name analysis result, it is ensured that the server of domain name of the user by Home Network access queries, carry The speed and Consumer's Experience of high customer access network.
Additionally, in the embodiment of the present invention, DNS query request is gathered by way of mirror image or light splitting collection, So that the 2nd DNS response messages for DNS query request are sent out by the purpose dns server Give the network equipment.Single Point of Faliure can not only be avoided, due also to redirecting dns server distance The network equipment is near, and a DNS response messages can be sent to the network equipment faster earlier, makes net Network equipment abandons the 2nd DNS response messages, realizes the mechanism of response of trying to be the first, user can be protected then to believe Breath safety.
Additionally, in the embodiment of the present invention, when the domain name and IP that redirect dns server inquiry own cache There is no IP corresponding with the domain name of the inquiry in corresponding relation;Then DNS query request is forwarded To credible local dns server;And, receive the inquiry that the credible local dns server sends Domain name IP.The speed for redirecting that dns server feeds back a DNS response messages can be improved, after And improve the speed that user obtains domain name mapping result, additionally it is possible to the acknowledgement mechanism that preferably ensures to try to be the first has Effect operation, and then user information safety can be protected.
With regard to the device in above-described embodiment, wherein modules perform the concrete mode of operation relevant It has been described in detail in the embodiment of the method, explanation will be not set forth in detail herein.
Those skilled in the art it should be appreciated that embodiments of the invention can be provided as method, device, system, Or computer program.Therefore, the present invention can using complete hardware embodiment, complete software embodiment, Or with reference to the form of the embodiment in terms of software and hardware.And, the present invention can using at one or more its In include computer-usable storage medium (the including but not limited to disk storage of computer usable program code Device, CD-ROM, optical memory etc.) on the form of computer program implemented.
The present invention is with reference to method according to embodiments of the present invention, device (device) and computer program Flow chart and/or block diagram describing.It should be understood that can by computer program instructions flowchart and/or Each flow process and/or square frame and flow chart and/or flow process and/or square frame in block diagram in block diagram With reference to.These computer program instructions can be provided to general purpose computer, special-purpose computer, Embedded Processor Or the processor of other programmable data processing units is producing a machine so that by computer or other The instruction of the computing device of programmable data processing unit produce for realizing in one flow process of flow chart or The device of the function of specifying in one square frame of multiple flow processs and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in and computer or other programmable datas can be guided to process dress Put in the computer-readable memory for working in a specific way so that be stored in the computer-readable memory Instruction produce and include the manufacture of command device, command device realization is in one flow process or multiple of flow chart The function of specifying in one square frame of flow process and/or block diagram or multiple square frames.
These computer program instructions can be also loaded in computer or other programmable data processing units, made Obtain Reason, so as to the instruction for performing on the computer or other programmable apparatus is provided for realizing in flow chart one The step of function of specifying in flow process or one square frame of multiple flow processs and/or block diagram or multiple square frames.
, but those skilled in the art once know base although preferred embodiments of the present invention have been described This creative concept, then can make other change and modification to these embodiments.So, appended right will Ask and be intended to be construed to include preferred embodiment and fall into the had altered of the scope of the invention and change.
Obviously, those skilled in the art can carry out various changes and modification without deviating from this to the present invention Bright spirit and scope.So, if the present invention these modification and modification belong to the claims in the present invention and Within the scope of its equivalent technologies, then the present invention is also intended to comprising these changes and modification.

Claims (10)

1. a kind of domain name analytic method, it is characterised in that include:
Redirect the DNS query request of domain name system DNS collection of server network gateway devices;And,
Obtain the source internet protocol address ip and purpose dns server in the DNS query request IP;
Judge the IP of the purpose dns server whether in preset DNS white lists;The DNS White list includes the IP of at least one credible dns server;
If it is not, then domain name mapping is carried out according to DNS query request, and obtain the IP of the domain name of inquiry;
According to the IP of the domain name of the inquiry, construct with the IP of the purpose dns server as source IP and With the source IP in DNS query request as the first DNS query response message of purpose IP, and by institute State the first DNS query response message and be sent to network corresponding with the source IP in DNS query request Equipment.
2. method according to claim 1, it is characterised in that the collection network gateway devices DNS query is asked, and is specifically included:
The DNS query request of the network gateway devices is gathered by mirror image or spectroscopic modes, so that described Purpose dns server receives the DNS query request will ask for the DNS query second DNS response messages are sent to the network equipment.
3. method according to claim 1, it is characterised in that it is described please according to the DNS query Asking carries out domain name mapping, and obtains the IP of the domain name of inquiry, specifically includes:
Inquiry own cache domain name with IP corresponding relations with the presence or absence of corresponding with the domain name of the inquiry IP;
If inquiry corresponding IP less than with the domain name of the inquiry, DNS query request is transmitted to Credible local dns server;And,
Receive the IP of the domain name of the inquiry that the credible local dns server sends.
4. method according to claim 1, it is characterised in that it is described please according to the DNS query Ask before carrying out domain name mapping, methods described also includes:
Determine the source IP in DNS query request not in preset IP white lists, the white name of the IP List includes at least one credible IP.
5. method according to claim 1, it is characterised in that the judgement purpose DNS clothes Before whether the IP of business device is in preset DNS white lists, methods described also includes:
Obtain the expectation recurrence for representing the DNS query request source in the DNS query request Field value;
According to the expectation recurrence field value, determine that the source of the DNS query request is terminal.
6. a kind of domain name mapping device, it is characterised in that include:
Acquisition module, the DNS query for gathering network gateway devices are asked;And,
Data obtaining module, for obtain the source internet protocol address ip in DNS query request with And the IP of purpose dns server;
Judge module, for judging the IP of the purpose dns server whether in the preset white names of DNS Dan Zhong;The DNS white lists include the IP of at least one credible dns server;
Domain name mapping module, if the judged result for the judge module is no, according to the DNS Inquiry request carries out domain name mapping, and obtains the IP of the domain name of inquiry;
Responder module, for the IP of the domain name according to the inquiry, constructs with the purpose dns server IP be source IP and with the DNS query request in source IP as purpose IP the first DNS query should Message is answered, and the first DNS query response message is sent to and the source in DNS query request The corresponding network equipments of IP.
7. device according to claim 6, it is characterised in that the acquisition module, specifically for The DNS query request of the network gateway devices is gathered by mirror image or spectroscopic modes, so that the purpose Dns server receives the DNS query request the 2nd DNS that will be asked for the DNS query Response message is sent to the network equipment.
8. device according to claim 6, it is characterised in that domain name parsing module, specifically Including:
Caching query unit, for inquire about in the domain name of own cache and IP corresponding relations with the presence or absence of with institute State the corresponding IP of domain name of inquiry;
Retransmission unit, if inquiring about less than corresponding with the domain name of the inquiry for the caching query unit IP, then be transmitted to credible local dns server by DNS query request;
Receiving unit, for receiving the domain name of the inquiry that the credible local dns server sends IP。
9. device according to claim 6, it is characterised in that described device also includes:
First determining module, carries out domain name according to DNS query request for domain name parsing module Before parsing, the source IP in DNS query request is determined not in preset IP white lists, it is described IP white lists include at least one credible IP.
10. device according to claim 6, it is characterised in that described device also includes:
Field value acquisition module, whether the IP for judging the purpose dns server for the judge module Before in preset DNS white lists, obtain in DNS query request for representing the DNS The expectation recurrence field value in inquiry request source;
Second determining module, for according to the expectation recurrence field value, determining the DNS query request Source be terminal.
CN201510599652.6A 2015-09-18 2015-09-18 A kind of domain name analytic method and device Active CN106550056B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510599652.6A CN106550056B (en) 2015-09-18 2015-09-18 A kind of domain name analytic method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510599652.6A CN106550056B (en) 2015-09-18 2015-09-18 A kind of domain name analytic method and device

Publications (2)

Publication Number Publication Date
CN106550056A true CN106550056A (en) 2017-03-29
CN106550056B CN106550056B (en) 2019-09-10

Family

ID=58362590

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510599652.6A Active CN106550056B (en) 2015-09-18 2015-09-18 A kind of domain name analytic method and device

Country Status (1)

Country Link
CN (1) CN106550056B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107592374A (en) * 2017-09-04 2018-01-16 北京新流万联网络技术有限公司 The DNS correcting methods and system of DNS domain name error resolution
CN107707683A (en) * 2017-05-22 2018-02-16 贵州白山云科技有限公司 A kind of method and apparatus of reduction DNS message lengths
CN109246256A (en) * 2017-07-10 2019-01-18 中国电信股份有限公司 Domain name analytic method and system, credit domain name system server
CN111092966A (en) * 2019-12-30 2020-05-01 中国联合网络通信集团有限公司 Domain name system, domain name access method and device
CN111614783A (en) * 2020-05-29 2020-09-01 北京邮电大学 Domain name resolution emergency response method and system
CN111814043A (en) * 2020-06-29 2020-10-23 北京达佳互联信息技术有限公司 Copyright information query method and device and server
CN114301614A (en) * 2020-09-23 2022-04-08 中国电信股份有限公司 Method and system for detecting illegal monitoring of domain name in network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102301682A (en) * 2011-04-29 2011-12-28 华为技术有限公司 Method and system for network caching, domain name system redirection sub-system thereof
CN102790807A (en) * 2011-05-16 2012-11-21 奇智软件(北京)有限公司 Domain name resolution agent method and system, and domain name resolution agent server
CN103391272A (en) * 2012-05-08 2013-11-13 深圳市腾讯计算机系统有限公司 Method and system for detecting false attack sources
CN103957195A (en) * 2014-04-04 2014-07-30 上海聚流软件科技有限公司 DNS system and defense method and device for DNS attack
CN104427007A (en) * 2013-08-23 2015-03-18 政务和公益机构域名注册管理中心 A domain name searching method for a DNS

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102301682A (en) * 2011-04-29 2011-12-28 华为技术有限公司 Method and system for network caching, domain name system redirection sub-system thereof
CN102790807A (en) * 2011-05-16 2012-11-21 奇智软件(北京)有限公司 Domain name resolution agent method and system, and domain name resolution agent server
CN103391272A (en) * 2012-05-08 2013-11-13 深圳市腾讯计算机系统有限公司 Method and system for detecting false attack sources
CN104427007A (en) * 2013-08-23 2015-03-18 政务和公益机构域名注册管理中心 A domain name searching method for a DNS
CN103957195A (en) * 2014-04-04 2014-07-30 上海聚流软件科技有限公司 DNS system and defense method and device for DNS attack

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107707683A (en) * 2017-05-22 2018-02-16 贵州白山云科技有限公司 A kind of method and apparatus of reduction DNS message lengths
CN107707683B (en) * 2017-05-22 2018-06-08 贵州白山云科技有限公司 A kind of method and apparatus for reducing DNS message lengths
CN109246256A (en) * 2017-07-10 2019-01-18 中国电信股份有限公司 Domain name analytic method and system, credit domain name system server
CN107592374A (en) * 2017-09-04 2018-01-16 北京新流万联网络技术有限公司 The DNS correcting methods and system of DNS domain name error resolution
CN107592374B (en) * 2017-09-04 2021-06-04 北京新流万联网络技术有限公司 Correction method and system for domain name error resolution
CN111092966A (en) * 2019-12-30 2020-05-01 中国联合网络通信集团有限公司 Domain name system, domain name access method and device
CN111092966B (en) * 2019-12-30 2022-04-26 中国联合网络通信集团有限公司 Domain name system, domain name access method and device
CN111614783A (en) * 2020-05-29 2020-09-01 北京邮电大学 Domain name resolution emergency response method and system
CN111814043A (en) * 2020-06-29 2020-10-23 北京达佳互联信息技术有限公司 Copyright information query method and device and server
CN111814043B (en) * 2020-06-29 2024-05-31 北京达佳互联信息技术有限公司 Query method, device and server for copyright information
CN114301614A (en) * 2020-09-23 2022-04-08 中国电信股份有限公司 Method and system for detecting illegal monitoring of domain name in network

Also Published As

Publication number Publication date
CN106550056B (en) 2019-09-10

Similar Documents

Publication Publication Date Title
CN106550056A (en) A kind of domain name analytic method and device
CN109981653B (en) Web vulnerability scanning method
US9602484B2 (en) Online user account login method and a server system implementing the method
CN104184832B (en) Data submission method and device in network application
US9578040B2 (en) Packet receiving method, deep packet inspection device and system
US10250714B2 (en) Page redirection method, routing device, terminal device and system
CN103036902B (en) Log-in control method and system based on Quick Response Code
CN102783119B (en) Access control method and system, and access terminal
WO2017004947A1 (en) Method and apparatus for preventing domain name hijacking
US10958735B2 (en) Client connection method and system
JP2018536232A (en) System and method for controlling sign-on to a web application
CN104219200A (en) Device and method for protection from DNS cache attack
MX2011003223A (en) Service provider access.
CN107835155B (en) Double-authentication protection method and device
WO2021027600A1 (en) Single log-in method, apparatus and device, and computer-readable storage medium
US10951616B2 (en) Proximity-based device authentication
CN109660552A (en) A kind of Web defence method combining address jump and WAF technology
CN105991640A (en) Method for processing HTTP (hypertext transfer protocol) request and apparatus for processing HTTP (hypertext transfer protocol) request
CN106230788A (en) The reorientation method of a kind of portal certification, radio reception device, portal server
CN108009439B (en) Resource request method, device and system
WO2017097092A1 (en) Method and system for processing cache cluster service
CN102754488A (en) User access control method, apparatus and system
CN106411819A (en) Method and apparatus for recognizing proxy Internet protocol address
CN107786502A (en) A kind of authentication proxy's method, apparatus and equipment
CN103634280A (en) Website safety scanning method and apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant