Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar modules or modules having the same or similar functionality throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application. On the contrary, the embodiments of the application include all changes, modifications and equivalents coming within the spirit and terms of the claims appended hereto.
Fig. 1 is a flowchart illustrating a method for assigning a domain name in a restricted network environment according to an embodiment of the present application. Referring to fig. 1, the method includes:
s11: receiving a request message sent by a requester in a restricted network, wherein the request message comprises an IP address.
The requesting party may specifically refer to a service party, and after providing a new service, the service party may configure an IP address pointing to the service, and include the IP address in the request message, and then may apply for a domain name pointing to the IP address, so that the user accesses the service through the domain name.
For example, the service newly provided by the business party is a static web service on which a programmer may write code or the like. The business party may configure an IP address, such as 10.33.32.134, that points to the static web service. If the programmer needs to write code and the like through the static web service, the static web service needs to be accessed first, if the programmer accesses through the IP address, the programmer needs to remember the IP address (10.33.32.134), which is difficult to remember, and in order to facilitate the programmer to access the static web service, the business party can apply for a domain name, such as static web page. Therefore, when the programmer needs to access the static webpage service, the DNS can determine that the IP address corresponding to the domain name static webpage is 10.33.32.134 according to the pre-established directing relationship between the domain name and the IP address, and then access the static webpage service according to the IP address, so that the programmer does not need to memorize a complex IP address and only needs to memorize the domain name.
S12: and selecting a domain name from the domain names pre-configured in the unrestricted network as a second domain name, and controlling the unrestricted network to modify the configuration relation of the second domain name into a direction relation that the second domain name points to the IP address.
For example, a set formed by domain names configured in the limited network is referred to as a first set, and a set formed by domain names configured in the unrestricted network is referred to as a second set, and then after receiving the request message, a domain name may be selected from the second set, and the selected domain name may be referred to as a second domain name.
Optionally, when the domain name is selected from the second set, the domain name with the modification time farthest from the current time may be used as the second domain name.
An execution subject of this embodiment is a device (which may be in a hardware form, a software form, or a combination of hardware and software) capable of managing a restricted network and an unrestricted network, and assuming that the device is referred to as a management device, after receiving a request message of a requester, the management device may acquire an IP address required by the requester from the request message, and in addition, the management device may also select a second domain name from the unrestricted network, and the management device may send the acquired IP address to a DNS of the unrestricted network, and instruct the DNS to modify a configuration relationship of the second domain name into a direction relationship in which the second domain name points to the IP address, so as to point the second domain name to the IP address required by the requester.
S13: and determining a first domain name pointing to the second domain name in the limited network according to the pointing relationship between the domain names configured in advance in the limited network.
The direction relationship between the domain names configured in the restricted network specifically refers to a direction relationship in which the domain name configured in the restricted network points to the domain name configured in the unrestricted network.
Assume that the configured domain names in the restricted network include: a1, A2 and A3 …, the domain names configured in the non-restricted network include: b1, B2 and B3 …, the directional relations of A1- > B1, A2- > B2 and A3- > B3 … can be configured in the limited network. The numbers of A1, A2 and A3 … are the same as those of B1, B2 and B3 ….
For example, assuming that the restricted network is a paymate network, the domain names configured in the restricted network include: a1. internet, a2. internet, etc., and assuming that the non-restricted network is a pan network, the configured domain names in the non-restricted network include: com, b2 com, etc. And configuring the directional relations of A1. internet. net- > B1.remote. com, A2. internet. net- > B2.remote. com in the limited network.
When the above-mentioned pointing relationship between domain names exists in the restricted network, the first domain name pointing to the second domain name can be determined. For example, assuming that the second domain name is B1, the corresponding first domain name is a1 according to the above-described pointing relationships.
S14: assigning the first domain name to the requestor.
For example, the management device determines a first domain name in the restricted network according to the above-mentioned direction relationship between the domain names, and then allocates the first domain name to the requester.
Further, the management device may specifically determine the first domain name and allocate the first domain name to the requester according to the direction relationship between the domain names after learning that the direction relationship between the second domain name and the IP address is successfully configured in the unrestricted network, or the management device may specifically determine the first domain name according to the direction relationship between the domain names and allocate the first domain name to the requester after learning that the direction relationship between the second domain name and the IP address is successfully configured in the unrestricted network.
After the requestor has the first domain name as described above, the first domain name may be provided to the user, and the user may then access the service provided by the requestor based on the first domain name. For example, when a user sends an access request by using a first domain name, the access request may determine a second domain name pointed by the first domain name according to a pointing relationship between domain names in a restricted network when obtaining a domain name resolution result, and then determine an IP address pointed by the second domain name, that is, an IP address required by a requester, according to a pointing relationship between the domain name and the IP address in a non-restricted network, so as to access a service provided by the requester according to the IP address.
In the embodiment, the domain name in the restricted network is allocated to the requester by modifying the configuration relationship in the unrestricted network and according to the direction relationship between the domain names in the restricted network, so that the record in the restricted network does not need to be modified manually when the domain name is allocated to the requester, thereby realizing the automatic allocation of the domain name to the requester in the restricted network and meeting the requirement of the requester for applying the domain name in real time.
Fig. 2 is a flowchart illustrating a method for assigning a domain name in a restricted network environment according to another embodiment of the present application. The present embodiment is described with a specific example. Referring to fig. 2, the method includes:
s21: during initialization, a first set is configured in a limited network, a second set is configured in an unlimited network, and domain names in the first set point to domain names in the second set one by one in the limited network to serve as the pointing relationship among the domain names.
For example, assuming that the DNS in the restricted network and the unrestricted network are respectively referred to as a first DNS and a second DNS, at the time of initialization, a first set may be manually configured in the first DNS, a second set may be manually configured in the second DNS, and a pointing relationship that a domain name in the first set points to a domain name in the second set may be manually configured in the first DNS. The first set and the second set are sets of domain names.
The number of the domain names in the first set is the same as that in the second set, and a one-to-one direction relationship exists when the direction relationship between the domain names is configured.
For example, configured domain names in a restricted network include: a1.intranet.com, a2.intranet.com, …, a100. intranet.com;
the configured domain names in the unrestricted network include: com, b2 com, …, b100 com;
the restricted network also includes the following pointing relationships between domain names:
A1.intranet.com->B1.remote.com、A2.intranet.com->B2.remote.com、
…、A100.intranet.com->B100.remote.com
where CNAME may be employed in configuring the pointing relationship between domain names. The CNAME alias name record is also called a canonical name, and can be used for pointing to the IP by taking one domain name as an A record when a plurality of domain names need to point to the same IP, and then making other domain names as aliases (namely CNAME) to the domain name of the A record; then when the IP address changes, it is not necessary to change the direction of a domain name, only the domain name recorded in a needs to be changed to the new IP, and the directions of the domain names of other aliases (i.e., CNAME) will be automatically changed to the new IP address.
In addition, on the second DNS, a pointing relationship between the initial domain name and the IP address may also be configured. For example, an initial IP address (e.g., 127.0.0.1) may be configured to which all domain names in the second set initially point.
The above process can be completed during initialization, and after the service is running, different service parties can all use the same information when needing to apply for the domain name in real time.
Of course, it is understood that the initialization may be performed again if modification is required in the subsequent flow, and the reconfiguration may be performed at the time of the re-initialization.
For example, upon re-initialization, one or more of the following are performed: reconfiguring domain names in the first set, reconfiguring domain names in the second set, and reconfiguring the directional relationship between the domain names.
In this embodiment, by configuring the direction relationship between the domain names in the restricted network, the domain name in the restricted network can be controlled, and the result of domain name resolution in the unrestricted network is prevented from being the result of security risk. For example, initially, the pointing relationship between the domain names configured in the restricted network is that a in the restricted network points to B in the unrestricted network, and the pointing relationship configured in the unrestricted network is that B points to a certain IP address, and if the unrestricted network is attacked maliciously, so that B points to an IP address with a security risk, the pointing relationship from a to B in the restricted network can be released at this time to ensure security.
Further, when configuring the domain names in the first set, the number of the domain names in the first set may be configured to be greater than or equal to the maximum value of the number of domain names required by different requesters in each period.
Each period refers to a period in which initialization is performed once, and the next period can be initialized again. For example, a cycle may refer to a day.
By configuring that the number of the domain names in the first set is greater than or equal to the maximum value of the requirements, domain name collision can be avoided, and the requirements of different requesters are met.
After the initialization process is completed, the following service operation process may be executed:
s22: the management device receives a request message sent by a requester in the restricted network, wherein the request message comprises an IP address.
For example, the IP address contained in the request message is 1.2.3.4.
S23: the management device selects a domain name from the domain names pre-configured in the non-limited network as a second domain name, and controls the non-limited network to modify the configuration relationship of the second domain name into a direction relationship that the second domain name points to the IP address.
The configuration relationship in the unrestricted network can record the modification time during modification, so that the domain name with the modification time farthest from the current time can be selected as the second domain name.
For example, the second domain name is b27.
After acquiring the IP address from the request message, the management device may send the IP address to the unrestricted network and instruct the unrestricted network to modify the configuration relationship of the second domain name into a configuration relationship in which the second domain name points to the IP address.
For example, the unrestricted network points the initial b27.remote. com to 127.0.0.1, modified to b27.remote. com to 1.2.3.4.
S24: and the management device determines a first domain name pointing to the second domain name in the limited network according to the pointing relationship between the domain names configured in advance in the limited network.
For example, from the above-described pointing relationship between domain names, it can be determined that the domain name pointing to b27.remote.
S25: the management device assigns the first domain name to the requestor.
For example, the management device allocates a1.intranet. com to the requester after learning that b27.remote. com points to 1.2.3.4 were successfully configured in the unrestricted network.
Therefore, in the service operation process, the configuration relation in the limited network is not modified, the requesting party also obtains the domain name, and the requesting party applies for the domain name in real time.
In the embodiment, the domain name in the restricted network is allocated to the requester by modifying the configuration relationship in the unrestricted network and according to the direction relationship between the domain names in the restricted network, so that the record in the restricted network does not need to be modified manually when the domain name is allocated to the requester, thereby realizing the automatic allocation of the domain name to the requester in the restricted network and meeting the requirement of the requester for applying the domain name in real time. The domain name control right in the limited network can be realized by configuring the direction relation among the domain names in the limited network, so that the domain name resolution result of the non-limited network is avoided to be the result with safety risk, and the safety is improved. By configuring that the number of the domain names in the first set is greater than or equal to the maximum value of the requirements, domain name collision can be avoided, and the requirements of different requesters are met.
Fig. 3 is a schematic structural diagram of a system for assigning a domain name in a restricted network environment according to another embodiment of the present application. Referring to fig. 3, the system includes a management apparatus 31, and the management apparatus 31 includes: a receiving module 311, a modifying module 312, a determining module 313, and an assigning module 314.
A receiving module 311, configured to receive a request message sent by a requester in a restricted network, where the request message includes an IP address;
the requesting party may specifically refer to a service party, and after providing a new service, the service party may configure an IP address pointing to the service as a required IP address, and then may apply for a domain name pointing to the IP address, so that a user may access the service through the domain name.
A modifying module 312, configured to select a domain name from the domain names preconfigured in the unrestricted network as a second domain name, and control the unrestricted network to modify the configuration relationship of the second domain name into a directing relationship that the second domain name directs to the IP address;
for example, a set formed by domain names configured in the limited network is referred to as a first set, and a set formed by domain names configured in the unrestricted network is referred to as a second set, and then after receiving the request message, a domain name may be selected from the second set, and the selected domain name may be referred to as a second domain name.
Optionally, when the domain name is selected from the second set, the domain name with the modification time farthest from the current time may be used as the second domain name.
An execution subject of this embodiment is a device (which may be in a hardware form, a software form, or a combination of hardware and software) capable of managing a restricted network and an unrestricted network, and assuming that the device is referred to as a management device, after receiving a request message of a requester, the management device may acquire an IP address required by the requester from the request message, and in addition, the management device may also select a second domain name from the unrestricted network, and the management device may send the acquired IP address to a DNS of the unrestricted network, and instruct the DNS to modify a configuration relationship of the second domain name into a direction relationship in which the second domain name points to the IP address, so as to point the second domain name to the IP address required by the requester.
A determining module 313, configured to determine, according to a pointing relationship between domain names preconfigured in the restricted network, a first domain name pointing to the second domain name in the restricted network;
the direction relationship between the domain names configured in the restricted network specifically refers to a direction relationship in which the domain name configured in the restricted network points to the domain name configured in the unrestricted network.
Assume that the configured domain names in the restricted network include: a1, A2 and A3 …, the domain names configured in the non-restricted network include: b1, B2 and B3 …, the directional relations of A1- > B1, A2- > B2 and A3- > B3 … can be configured in the limited network. The numbers of A1, A2 and A3 … are the same as those of B1, B2 and B3 ….
When the above-mentioned pointing relationship between domain names exists in the restricted network, the first domain name pointing to the second domain name can be determined. For example, assuming that the second domain name is B1, the corresponding first domain name is a1 according to the above-described pointing relationships.
An assigning module 314 configured to assign the first domain name to the requestor.
For example, the management device determines a first domain name in the restricted network according to the above-mentioned direction relationship between the domain names, and then allocates the first domain name to the requester.
Further, the management device may specifically determine the first domain name and allocate the first domain name to the requester according to the direction relationship between the domain names after learning that the direction relationship between the second domain name and the IP address is successfully configured in the unrestricted network, or the management device may specifically determine the first domain name according to the direction relationship between the domain names and allocate the first domain name to the requester after learning that the direction relationship between the second domain name and the IP address is successfully configured in the unrestricted network.
After the requestor has the first domain name as described above, the first domain name may be provided to the user, and the user may then access the service provided by the requestor based on the first domain name. For example, when a user sends an access request by using a first domain name, the access request may determine a second domain name pointed by the first domain name according to a pointing relationship between domain names in a restricted network when obtaining a domain name resolution result, and then determine an IP address pointed by the second domain name, that is, an IP address required by a requester, according to a pointing relationship between the domain name and the IP address in a non-restricted network, so as to access a service provided by the requester according to the IP address.
Optionally, the modifying module 312 is configured to select a domain name from domain names preconfigured in the unrestricted network as the second domain name, and includes:
and selecting the domain name with the modification time farthest from the current time as a second domain name from the domain names configured in advance in the unrestricted network.
In some embodiments, referring to fig. 4, the system further comprises:
a first DNS 32 located in the restricted network for configuring, upon initialization, a first set including the first domain name;
a second DNS 33 located in an unrestricted network for configuring a second set comprising the second domain name at initialization;
the number of the domain names in the first set is the same as that of the domain names in the second set;
the first DNS 32 is further configured to configure domain names in the first set to point to domain names in the second set one by one as a pointing relationship between the domain names.
Optionally, the first DNS 32 is further configured to: when the pointing relationship among the domain names needs to be modified, the initialization is carried out again, and when the initialization is carried out again, the pointing relationship among the domain names is reconfigured.
Optionally, the number of domain names in the first set configured by the first DNS 32 is greater than or equal to the maximum value of the number of domain names required by different requesters in each period.
It is understood that the system of the present embodiment corresponds to the method embodiment described above, and specific contents may be referred to related descriptions in the method embodiment, and are not described in detail herein.
In the embodiment, the domain name in the restricted network is allocated to the requester by modifying the configuration relationship in the unrestricted network and according to the direction relationship between the domain names in the restricted network, so that the record in the restricted network does not need to be modified manually when the domain name is allocated to the requester, thereby realizing the automatic allocation of the domain name to the requester in the restricted network and meeting the requirement of the requester for applying the domain name in real time.
It should be noted that, in the description of the present application, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. Further, in the description of the present application, the meaning of "a plurality" means at least two unless otherwise specified.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and the scope of the preferred embodiments of the present application includes other implementations in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present application.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present application may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.