CN107222588A - A kind of method and system of raising DNS availabilities - Google Patents
A kind of method and system of raising DNS availabilities Download PDFInfo
- Publication number
- CN107222588A CN107222588A CN201710576523.4A CN201710576523A CN107222588A CN 107222588 A CN107222588 A CN 107222588A CN 201710576523 A CN201710576523 A CN 201710576523A CN 107222588 A CN107222588 A CN 107222588A
- Authority
- CN
- China
- Prior art keywords
- dns
- data
- ttl
- caching
- inquiry
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0654—Management of faults, events, alarms or notifications using network fault recovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
Abstract
The invention discloses a kind of method and system of raising DNS availabilities, methods described comprises the following steps:Receive DNS query request;If the inquiry data of the DNS query request are in the caching of DNS recursion servers and the TTL for inquiring about data is not out of date, the Query Result of return cache;If the inquiry data are not in the caching of the DNS recursion servers or the TTL for inquiring about data is out of date, iterative query is initiated to corresponding DNS authority server.The present invention can allow recursion server to provide availability higher dns resolution service in the case of authoritative server is inaccessible:The Authoritative DNS server of concentration cause when being attacked the system resources such as bandwidth seriously taken or service delay machine when, the availability of own services can be effectively improved, it is to avoid large-scale DNS service failure and internet paralysis.Authoritative DNS server causes the system resources such as bandwidth seriously to be taken when being attacked when, recursion server will reduce the load that DNS request is brought to authoritative server in the case where keeping normal service.
Description
Technical field
The present invention relates to a kind of technical field of domain name resolution, and in particular to a kind of raising DNS based on caching multiplex strategy
The method and system of availability.
Background technology
DNS (Domain Name System, domain name system), one mutually mapped as domain name and IP address on internet
Individual distributed data base, can make user more easily access internet, remember what can be directly read by machine without spending
IP number strings.By host name, the process for finally giving the corresponding IP address of the host name is called domain name mapping (or host name solution
Analysis).
Different according to function, two important service providers are authoritative DNS service and recurrence DNS clothes in dns resolution service
Business.Authoritative DNS is the server parsed by mandate to domain name, and the original DNS information of all domain names is all stored in authority
On server.The dns server of actual access when recurrence DNS is most Internet user's nslookups, it is responsible for receiving
User sends iteration request to any inquiry of the domain name, and to corresponding authoritative server, final result is returned into user, simultaneously
With caching query results iteration can be avoided to inquire about.
DNS is the infrastructure of network application, and its security has very important influence for the safety of internet.
All the time, the fragility of Internet basic framework is obvious to all, and the safety problem of domain name system is always domestic and international internet
The short slab of service operation.With continuing to develop for internet cloud platform technology, DNS authority server becomes increasingly to concentrate, and leads to
DNS service provider all can provide service to multiple websites or user in the case of often.In this case, once the DNS concentrated is weighed
Prestige server, which is attacked, to be caused to service unreachable, and the influence caused will be that large-scale DNS service is unavailable, so as to cause interconnection
The paralysis of net.
The content of the invention
To solve problem above, the present invention in order in authoritative server because delay machine, network of self reason service is attacked and made
Into Bandwidth-Constrained, or other unpredictable network failures occur, and when causing DNS authority server unreachable, DNS recurrence clothes
Device be engaged in by the record being multiplexed in caching, the availability of client computer side DNS service is improved as much as possible, is reduced due to concentrating
DNS authority server attacked and cause influenceing for extensive DNS service failure.Meanwhile, by reducing to authority's service
Device sends request, reduces authoritative server by further increased load when attacking.
Specifically, the invention provides a kind of method of raising DNS availabilities, for DNS recursion servers, including it is as follows
Step:
Receive DNS query request;
If the inquiry data of DNS query request are in the caching of DNS recursion servers and the data of inquiring about
TTL is not out of date, then the Query Result of return cache;If the inquiry data are not in the caching of the DNS recursion servers
Or the TTL of the inquiry data is out of date, then initiates iterative query to corresponding DNS authority server.
It is preferred that, the method as described above for improving DNS availabilities, the iterative query includes, and receives the DNS authority
The response of server, by record buffer memory to the DNS recursion servers, resets caching multiplexing counter, the DNS recursion services
Device judge the response whether be this DNS query response result;If it is, by the Query Result of return cache, terminating this
Inquiry;Made iterative queries into if it is not, then being continued up according to the response received and stating the transmission request of DNS authority server.
It is preferred that, the method as described above for improving DNS availabilities, if during the iterative query, if
Certain one-level authoritative server is not replied, then whether the DNS recursion servers inquire about the data of the inquiry in caching
In, if not in the buffer if return to serv-fail, if in the buffer, judging whether caching multiplexing counter exceedes and being configured
Cache multiplexing number;If it is, serv-fail is returned, if it is not, then the TTL of the data of the inquiry is reset, caching multiplexing
Counter subtracts one, is then back to the record of the data of the inquiry.
It is preferred that, the method as described above for improving DNS availabilities, the process for resetting the TTL of above-mentioned data is as follows:
The TTL that every resource record in the data of the inquiry and its signing messages are recorded removes the minimum in columns value
Value:
(1) TTL in the DNS authority server response received;
(2) TTL of the signing messages record in the DNS authority server response received;
(3) the original TTL in the signing messages record of the data;
(4) expired time in the signing messages record of the data subtracts the difference of current time.
It is preferred that, the method as described above for improving DNS availabilities, when the caching multiplexing Counter Value is reduced to zero
Afterwards, DNS recursion servers delete the caching of the data inquired about, and to returning to serv-fail.
According to another aspect of the present invention, a kind of system of raising DNS availabilities, including following module are additionally provided:
Request receiving module, for receiving DNS query request;
Multiplexing module is cached, for inquiry data ask in the DNS query in the buffer and the data of inquiring about
When TTL is not out of date, the Query Result of return cache;Or the inquiry data are not in the buffer or the inquiry data
When TTL is out of date, iterative query is initiated to corresponding DNS authority server.
It is preferred that, the system as described above for improving DNS availabilities, the caching Multiplexing module includes judging unit, uses
During the iterative query, receive the response of the DNS authority server, by record buffer memory to the DNS recurrence
Server, reset caching multiplexing counter, judge the response whether be this DNS query response result;If it is, will return
The Query Result of caching, terminates this inquiry;DNS authority server is stated if it is not, then being continued up according to the response received
Request is sent to make iterative queries into.
It is preferred that, the system as described above for improving DNS availabilities, the caching Multiplexing module also includes query unit,
For during the iterative query, if certain one-level authoritative server is not replied, inquiring about the data of the inquiry
Whether in the buffer, if not in the buffer if return to serv-fail, if in the buffer, judging that caching multiplexing counter is
It is no to exceed configured caching multiplexing number;If it is, serv-fail is returned to, if it is not, then resetting the data of the inquiry
TTL, caching multiplexing counter subtract one, be then back to the record of the data of the inquiry.
It is preferred that, the system as described above for improving DNS availabilities, the query unit further comprises reset apparatus,
TTL for resetting above-mentioned data according to following rule:By the every resource record and its signing messages in the data of the inquiry
The TTL of record removes the minimum value in columns value:
(1) TTL in the DNS authority server response received;
(2) TTL of the signing messages record in the DNS authority server response received;
(3) the original TTL in the signing messages record of the data;
(4) expired time in the signing messages record of the data subtracts the difference of current time.
It is preferred that, the system as described above for improving DNS availabilities, the caching Multiplexing module also includes deleting unit,
Lost for after the value of the caching multiplexing counter is reduced to zero, deleting the caching of the data inquired about, and returning to service
Lose.
Beneficial effects of the present invention are as follows:" caching multiplexing mechanism " in the present invention, can be unreachable in authoritative server
In the case of, allow recursion server to provide availability higher dns resolution service:First, the Authoritative DNS server of concentration is attacked
Cause when hitting the system resources such as bandwidth seriously taken or service delay machine when, the availability of own services can be effectively improved,
Avoid large-scale DNS service failure and internet paralysis.Secondly, Authoritative DNS server causes the systems such as bandwidth when being attacked
When resource is seriously taken, recursion server will reduce DNS request in the case where keeping normal service and give authoritative server band
The load come.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit is common for this area
Technical staff will be clear understanding.Accompanying drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention
Limitation.And in whole accompanying drawing, identical part is denoted by the same reference numerals.In the accompanying drawings:
Accompanying drawing 1 shows the data extraction method FB(flow block) of raising DNS availabilities according to embodiments of the present invention;
Accompanying drawing 2 shows the DNS query schematic flow sheet according to embodiments of the present invention based on caching multiplex strategy;
Accompanying drawing 3 shows the DNS record data structural representations according to embodiments of the present invention based on caching multiplex strategy.
Accompanying drawing 4 shows the data extraction system structure chart of raising DNS availabilities according to embodiments of the present invention.
Embodiment
The illustrative embodiments of the disclosure are more fully described below with reference to accompanying drawings.Although showing this public affairs in accompanying drawing
The illustrative embodiments opened, it being understood, however, that may be realized in various forms the disclosure without the reality that should be illustrated here
The mode of applying is limited.Conversely it is able to be best understood from the disclosure there is provided these embodiments, and can be by this public affairs
The scope opened completely convey to those skilled in the art.
" caching multiplex strategy " in the present invention is operated on recursion server, as the master being queried on recursion server
Machine record it is expired and according to normal querying flow fail from authoritative server meet with a response result when recursion server follow
Behavioral strategy.The essence of " caching multiplex strategy " is, during outgoing recursive query because authoritative server is unreachable and
During parsing failure, recursion server will take the method described in the present invention to be multiplexed the caching record in internal memory, with this
Reach the purpose for improving client computer side DNS service availability.TTL first below used in the introduction present invention, authoritative domain
Name server, the operation principle of recurrence name server.
TTL is Time To Live abbreviation, and the field specifies IP coating routers to allow the maximum passed through before abandoning
Network segment quantity.TTL is a 8bit field in IPv4 packet header.
TTL effect is the time for limiting the presence of IP packets in a computer network.TTL maximum is 255,
A TTL recommendation is 64.
It it is the time that can be survived although TTL is from literal upper translation, actually TTL is IP packets in computer network
The maximum hop count that can be forwarded in network.Ttl field is set by the sender of IP packets, whole from source to purpose in IP packets
On individual forward-path, often by a router, router can all change this ttl field value, and specific way is the TTL
Value subtract 1, then IP bags are forwarded again.If before IP bags reach purpose IP, TTL is reduced to 0, and router will be lost
Abandon the TTL=0 received IP bags and send ICMP time exceeded message to the sender of IP bags.
TTL main function is to avoid IP bags Infinite Cyclic in a network and transmitting-receiving, saves Internet resources, and can make
The sender of IP bags can receive alarm information.
TTL is set by transmission main frame, to prevent packet from constantly being circulated with never terminating on IP internet.Turn
When sending out IP packets, it is desirable to which TTL is at least reduced 1 by router.
There are individual DefaultTTL DWORD values in the registry-location of ttl value, its data is exactly the ttl value of acquiescence, can
To change, but metric 255 can not be more than.Windows systems are restarted after setting just to come into force.
Life span, is exactly the RT of a domain name mapping record in the dns server.When the DNS service of various regions
When device receives analysis request, the NS servers (authoritative name server) that will be specified to domain name send analysis request to obtain
New record must be solved;After this record is obtained, record can (caching server of various regions be also recurrence domain name in dns server
Server) middle preservation a period of time, if being connected to the analysis request of this domain name in this period again, dns server will no longer
Request is sent to NS servers, but directly returns to the record obtained just now;And this record retain on a dns when
Between, it is exactly ttl value.
Implication expired TTL refers to that the life cycle of the data (that is, the parsing is noted down) terminates, and the network equipment is no longer transmitted
The data but be directly discarded.
As shown in figure 1, the invention provides a kind of data extraction method of raising DNS availabilities, for DNS recursion services
Device, comprises the following steps:S110, request receiving step, receive DNS query request;S120, caching de-multiplexing steps, if inquiry
Data in the buffer and the not out of date then return caches of TTL of the data Query Result;If the data of inquiry are not in caching
In or the data TTL it is out of date, then will to corresponding DNS authority server initiate iterative query.
As shown in Fig. 2 showing the flow chart of DNS recursion servers caching multiplexing mechanism in the present invention, it is described as follows:
When receiving a DNS query request, recursion server has searched whether corresponding inquiry note from caching first
Record.If having found corresponding record in the buffer, and the TTL of the record is not out of date, recursion server then using the record as
Response returns to client.If out of date without corresponding inquiry record, or the record ttl value of caching in current cache, recurrence clothes
Being engaged in device will be to the initiation iterative query of corresponding DNS authority server.During the iterative query, if received described
The response of DNS authority server, by record buffer memory to DNS recursion servers, resets caching multiplexing counter, the DNS recurrence
Server judge the response whether be this DNS query response result;If it is, by the Query Result of return cache, terminating
This inquiry;It is iterated and looks into if it is not, then is continued up to state DNS authority server and send request according to the response received
Ask.During the iterative query, if certain one-level authoritative server is not replied, (such as response timeout, network is unreachable
Etc. reason), then whether in the buffer the DNS recursion servers inquire about the data of the inquiry, if not in the buffer if
Serv-fail is returned to, if in the buffer, judging whether caching multiplexing counter exceedes configured caching multiplexing number;If
It is then to return to serv-fail, if it is not, then resetting the TTL of the data of the inquiry, caching multiplexing counter subtracts one, then returns
Return the record of the data of the inquiry.
Because the TTL of reply data is out of date, caching server is when using the data answering, it is necessary to reset the data
Ttl value, specific algorithm is as follows:
By the every resource record and signing messages of the data, (RRSIG, resource record signature, are used for
Storing the signing messages of DNS resource records) TTL of record removes minimum value in columns value:
TTL in the DNS authority server response received;
The TTL of corresponding RRSIG records in the DNS authority server response received;
Original TTL in the RRSIG records of the data;
Expired time in the RRSIG records of the data subtracts the difference of current time.
For security consideration, recursion server should not unrestrictedly be multiplexed stale data and reset its TTL, but should take
From a restriction rule that can be controlled by parameter:In " caching multiplex strategy " related configuration, server administrators can be with
Configure the sum of a multiplexing number.Just it is parsing note whenever inquiring response from authoritative server when recursion server is run
Record sets the counter of above " multiplexing sum " that initial value is configured by keeper.Afterwards whenever solution new record is expired and authoritative clothes
When business device service is unavailable (when namely caching multiplexing mechanism is triggered), authoritative server will reset the TTL of the solution new record
Value, and subtracts one by counter, after Counter Value is reduced to zero, and recursion server will delete the caching of the inquiry data, and to
Client computer replys SERVFAIL (serv-fail).
As shown in figure 3, being the DNS record data structural representations based on above-mentioned caching multiplex strategy, it is seen then that the data knot
Structure includes from top to bottom:TTL and the number of times of caching multiplexing that DNS query key, DNS responses set, caching multiplexing are used.
As shown in figure 4, the data extraction system 100 of raising DNS availabilities according to embodiments of the present invention, including following mould
Block:
Request receiving module 110, for receiving DNS query request;
Cache Multiplexing module 120, for the data in inquiry in the buffer and the data TTL it is not out of date when, return slow
The Query Result deposited;Or inquiry data not in the buffer or the data TTL it is out of date when, will be weighed to corresponding DNS
Prestige server initiates iterative query.
The caching Multiplexing module 120 includes judging unit 121, for during the iterative query, if received
To the response of the DNS authority server, by record buffer memory to DNS recursion servers, caching multiplexing counter is reset, judging should
Response whether be this DNS query response result;If it is, by the Query Result of return cache, terminating this inquiry;If
It is not then to be continued up to state DNS authority server and send request according to the response that receives to make iterative queries into.
It is described caching Multiplexing module also include query unit 122, for during the iterative query certain one-level weigh
When prestige server is not replied, whether in the buffer to inquire about the data, serv-fail returned if uncached to client,
Whether the disconnected caching multiplexing counter of major punishment exceedes configured caching multiplexing number if having caching;If it is, returning to service
Failure, if it is not, then resetting the TTL of the data of the inquiry, caching multiplexing counter subtracts one, is then back to the number of the inquiry
According to record.
The query unit further comprises reset apparatus 1221, the TTL for resetting above-mentioned data according to following rule:
The TTL that every resource record in the data of the inquiry and its signing messages are recorded removes the minimum value in columns value:
(1) TTL in the DNS authority server response received;
(2) TTL of the signing messages record in the DNS authority server response received;
(3) the original TTL in the signing messages record of the data;
(4) expired time in the signing messages record of the data subtracts the difference of current time.
The caching Multiplexing module also includes deleting unit 123, for being reduced to zero in the caching multiplexing Counter Value
Afterwards, the caching of the data inquired about is deleted, and returns to serv-fail.
" caching multiplexing mechanism " in the present invention, can allow recursion server in the case of authoritative server is inaccessible
There is provided availability higher dns resolution service:First, the systems such as bandwidth are caused to provide when the Authoritative DNS server of concentration is attacked
During source is seriously taken or service is delayed machine, the availability of own services can be effectively improved, it is to avoid large-scale DNS service loses
Lose and internet paralysis.Secondly, when Authoritative DNS server causes the system resources such as bandwidth seriously to be taken when being attacked, recurrence
Server will reduce the load that DNS request is brought to authoritative server in the case where keeping normal service.
It should be noted that:
Algorithm and display be not inherently related to any certain computer, virtual bench or miscellaneous equipment provided herein.
Various fexible units can also be used together with based on teaching in this.As described above, construct required by this kind of device
Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It is understood that, it is possible to use it is various
Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the specification that this place is provided, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one or more in each inventive aspect, exist
Above in the description of the exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:It is i.e. required to protect
The application claims of shield features more more than the feature being expressly recited in each claim.More precisely, such as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following embodiment are expressly incorporated in the embodiment, wherein each claim is in itself
All as the separate embodiments of the present invention.
Those skilled in the art, which are appreciated that, to be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power
Profit is required, summary and accompanying drawing) disclosed in each feature can or similar purpose identical, equivalent by offer alternative features come generation
Replace.
Although in addition, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments
In included some features rather than further feature, but the combination of the feature of be the same as Example does not mean in of the invention
Within the scope of and form different embodiments.For example, in the following claims, times of embodiment claimed
One of meaning mode can be used in any combination.
The present invention all parts embodiment can be realized with hardware, or with one or more processor run
Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that can use in practice
One in the creating device of microprocessor or digital signal processor (DSP) to realize virtual machine according to embodiments of the present invention
The some or all functions of a little or whole parts.The present invention is also implemented as performing method as described herein
Some or all equipment or program of device (for example, computer program and computer program product).It is such to realize
The program of the present invention can be stored on a computer-readable medium, or can have the form of one or more signal.This
The signal of sample can be downloaded from internet website and obtained, and either provided or carried in any other form on carrier signal
For.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" is not excluded the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of some different elements and coming real by means of properly programmed computer
It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto,
Any one skilled in the art the invention discloses technical scope in, the change or replacement that can be readily occurred in,
It should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with the protection model of the claim
Enclose and be defined.
Claims (10)
1. a kind of method of raising DNS availabilities, for DNS recursion servers, comprises the following steps:
Receive DNS query request;
If the inquiry data of DNS query request in the caching of DNS recursion servers and the TTL for inquiring about data not
It is expired, then the Query Result of return cache;If the inquiry data are not in the caching of the DNS recursion servers or institute
The TTL for stating inquiry data is out of date, then initiates iterative query to corresponding DNS authority server.
2. the method for DNS availabilities is improved as claimed in claim 1, it is characterised in that
The iterative query includes, and receives the response of the DNS authority server, by record buffer memory to the DNS recursion services
Device, reset caching multiplexing counter, the DNS recursion servers judge the response whether be this DNS query response result;
If it is, by the Query Result of return cache, terminating this inquiry;Stated if it is not, then being continued up according to the response received
DNS authority server sends request and made iterative queries into.
3. the method for DNS availabilities is improved as claimed in claim 1 or 2, it is characterised in that
The iterative query process includes, if certain one-level authoritative server is not replied, the DNS recursion servers inquiry
The data of the inquiry whether in the buffer, if not in the buffer if return to serv-fail, if in the buffer, judging slow
Deposit whether multiplexing counter exceedes configured caching multiplexing number;If it is, serv-fail is returned to, if it is not, then resetting
The TTL of the data of the inquiry, caching multiplexing counter subtracts one, is then back to the record of the data of the inquiry.
4. the method for DNS availabilities is improved as claimed in claim 3, it is characterised in that
The process for resetting the TTL of above-mentioned data is as follows:
The TTL that every resource record in the data of the inquiry and its signing messages are recorded removes the minimum in columns value
Value:
(1) TTL in the DNS authority server response received;
(2) TTL of the signing messages record in the DNS authority server response received;
(3) the original TTL in the signing messages record of the data;
(4) expired time in the signing messages record of the data subtracts the difference of current time.
5. the method for DNS availabilities is improved as claimed in claim 4, it is characterised in that also included:
After the caching multiplexing Counter Value is reduced to zero, DNS recursion servers delete the caching of the data inquired about, and
Return to serv-fail.
6. a kind of system of raising DNS availabilities, it is characterised in that including following module:
Request receiving module, for receiving DNS query request;
Cache Multiplexing module, for inquiry data ask in the DNS query in the buffer and the TTL for inquiring about data not
When expired, the Query Result of return cache;Or the inquiry data not in the buffer or the inquiry data TTL mistakes
During the phase, iterative query is initiated to corresponding DNS authority server.
7. the system of DNS availabilities is improved as claimed in claim 6, it is characterised in that
The caching Multiplexing module includes judging unit, for during the iterative query, receiving the DNS authority clothes
Be engaged in the response of device, by record buffer memory to the DNS recursion servers, reset caching and is multiplexed counter, judge the response whether be
The response result of this DNS query;If it is, by the Query Result of return cache, terminating this inquiry;If it is not, then root
Continued up according to the response received state DNS authority server send request make iterative queries into.
8. the system of raising DNS availabilities as claimed in claims 6 or 7, it is characterised in that
The caching Multiplexing module also includes query unit, for during the iterative query, if certain one-level is authoritative
Server is not replied, then whether in the buffer inquires about the data of the inquiry, if not in the buffer if return to service and lose
Lose, if in the buffer, judging whether caching multiplexing counter exceedes configured caching multiplexing number;If it is, returning
Serv-fail, if it is not, then resetting the TTL of the data of the inquiry, caching multiplexing counter subtracts one, is then back to the inquiry
Data record.
9. the system of DNS availabilities is improved as claimed in claim 8, it is characterised in that
The query unit further comprises reset apparatus, the TTL of the data for resetting above-mentioned inquiry according to following rule:Will
The TTL of every resource record and its signing messages record in the data removes the minimum value in columns value:
(1) TTL in the DNS authority server response received;
(2) TTL of the signing messages record in the DNS authority server response received;
(3) the original TTL in the signing messages record of the data;
(4) expired time in the signing messages record of the data subtracts the difference of current time.
10. the system of DNS availabilities is improved as claimed in claim 9, it is characterised in that
The caching Multiplexing module also includes deleting unit, for after the value of the caching multiplexing counter is reduced to zero, deleting
Except the caching of the data inquired about, and return to serv-fail.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710576523.4A CN107222588A (en) | 2017-07-14 | 2017-07-14 | A kind of method and system of raising DNS availabilities |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710576523.4A CN107222588A (en) | 2017-07-14 | 2017-07-14 | A kind of method and system of raising DNS availabilities |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107222588A true CN107222588A (en) | 2017-09-29 |
Family
ID=59952190
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710576523.4A Pending CN107222588A (en) | 2017-07-14 | 2017-07-14 | A kind of method and system of raising DNS availabilities |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107222588A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108769284A (en) * | 2018-05-04 | 2018-11-06 | 网宿科技股份有限公司 | A kind of domain name analytic method, server and system |
CN109302433A (en) * | 2018-12-17 | 2019-02-01 | 深信服科技股份有限公司 | Detection method, device, equipment and the storage medium of remote command execution loophole |
CN110545333A (en) * | 2018-05-28 | 2019-12-06 | 大唐移动通信设备有限公司 | message processing method and device and network system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101465768A (en) * | 2009-01-12 | 2009-06-24 | 上海及第熊软件科技有限公司 | Method and system for implementing website disaster-tolerating and error-tolerating operation |
CN102624716A (en) * | 2012-03-01 | 2012-08-01 | 上海交通大学 | P |
CN106331212A (en) * | 2016-08-25 | 2017-01-11 | 北京润通丰华科技有限公司 | Domain name server (DNS) cache camping-based domain name resolution method and system |
US20170155678A1 (en) * | 2015-12-01 | 2017-06-01 | Fastly, Inc. | Attack mitigation in content delivery networks using stenographic network addressing |
-
2017
- 2017-07-14 CN CN201710576523.4A patent/CN107222588A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101465768A (en) * | 2009-01-12 | 2009-06-24 | 上海及第熊软件科技有限公司 | Method and system for implementing website disaster-tolerating and error-tolerating operation |
CN102624716A (en) * | 2012-03-01 | 2012-08-01 | 上海交通大学 | P |
US20170155678A1 (en) * | 2015-12-01 | 2017-06-01 | Fastly, Inc. | Attack mitigation in content delivery networks using stenographic network addressing |
CN106331212A (en) * | 2016-08-25 | 2017-01-11 | 北京润通丰华科技有限公司 | Domain name server (DNS) cache camping-based domain name resolution method and system |
Non-Patent Citations (1)
Title |
---|
何旻中等: "《计算机网络与工程》", 31 January 2012, 中国铁道出版社 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108769284A (en) * | 2018-05-04 | 2018-11-06 | 网宿科技股份有限公司 | A kind of domain name analytic method, server and system |
CN108769284B (en) * | 2018-05-04 | 2022-02-18 | 网宿科技股份有限公司 | Domain name resolution method, server and system |
CN110545333A (en) * | 2018-05-28 | 2019-12-06 | 大唐移动通信设备有限公司 | message processing method and device and network system |
CN109302433A (en) * | 2018-12-17 | 2019-02-01 | 深信服科技股份有限公司 | Detection method, device, equipment and the storage medium of remote command execution loophole |
CN109302433B (en) * | 2018-12-17 | 2021-05-04 | 深信服科技股份有限公司 | Method, device, equipment and storage medium for detecting remote command execution vulnerability |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11606388B2 (en) | Method for minimizing the risk and exposure duration of improper or hijacked DNS records | |
Moura et al. | Clouding up the internet: How centralized is dns traffic becoming? | |
AU2010279477B2 (en) | Method and system for filtering of network traffic | |
US8762573B2 (en) | Reverse DNS lookup with modified reverse mappings | |
EP2521330B1 (en) | DNSSEC signing server | |
Klein et al. | Internet-wide study of DNS cache injections | |
CN108111639A (en) | A kind of method and system for improving domain name system availability | |
US7415536B2 (en) | Address query response method, program, and apparatus, and address notification method, program, and apparatus | |
US10560422B2 (en) | Enhanced inter-network monitoring and adaptive management of DNS traffic | |
EP3204857A1 (en) | Apparatus and method for identifying domain name system tunneling, exfiltration and infiltration | |
CN107222588A (en) | A kind of method and system of raising DNS availabilities | |
Alani et al. | Tcp/ip model | |
US11122004B1 (en) | Externally applying internal network domain name system (DNS) policies | |
US20160197989A1 (en) | Managing traffic-overload on a server | |
EP3065372A1 (en) | Detection and mitigation of network component distress | |
Alzoubi et al. | Performance implications of unilateral enabling of IPv6 | |
Bestavros et al. | DNS-based internet client clustering and characterization | |
Gañán | WHOIS sunset? A primer in Registration Data Access Protocol (RDAP) performance. | |
Hudák | Analysis of DNS in cybersecurity | |
Zdrnja | Security Monitoring of DNS traffic | |
KR101645222B1 (en) | Advanced domain name system and management method | |
Singh et al. | Spoofing attacks of domain name system internet | |
Balakrichenan et al. | Studying ENUM Performance with Modeling and simulation | |
Scharrenberg | Analyzing fast-flux service networks | |
Abegaz | DNS Services, alternative ways of using DNS infrastructures |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170929 |
|
RJ01 | Rejection of invention patent application after publication |