CN108632401A - Reduce the anonymous querying method and system of privacy compromise on DNS recursion servers - Google Patents

Reduce the anonymous querying method and system of privacy compromise on DNS recursion servers Download PDF

Info

Publication number
CN108632401A
CN108632401A CN201810209202.5A CN201810209202A CN108632401A CN 108632401 A CN108632401 A CN 108632401A CN 201810209202 A CN201810209202 A CN 201810209202A CN 108632401 A CN108632401 A CN 108632401A
Authority
CN
China
Prior art keywords
domain name
dns
user
request
popular
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810209202.5A
Other languages
Chinese (zh)
Other versions
CN108632401B (en
Inventor
黄锴
孔宁
姚健康
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Internet Network Information Center
Original Assignee
China Internet Network Information Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Internet Network Information Center filed Critical China Internet Network Information Center
Priority to CN201810209202.5A priority Critical patent/CN108632401B/en
Publication of CN108632401A publication Critical patent/CN108632401A/en
Application granted granted Critical
Publication of CN108632401B publication Critical patent/CN108632401B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4552Lookup mechanisms between a plurality of directories; Synchronisation of directories, e.g. metadirectories
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Abstract

The present invention provides a kind of anonymous querying method reducing privacy compromise on DNS recursion servers, includes the following steps to realize the purpose for solving the problems, such as that the privacy on DNS recursion servers is collected:It after subscriber's main station sends DNS request, monitors DNS request and is parsed, whether the domain name of analysis DNS request inquiry is in a popular domain name list, if so, returning to query result;User is then connected into P2P network backward recursive servers and initiates request;The IP address of popular domain name is periodically updated to recursion server, the newer popular domain name of fixed time broadcast is to subscriber's main station.The real user that inquiry can be hidden to greatest extent, to protect the privacy of user.Simultaneously because the extension carried out on existing DNS layers, does not interfere with existing DNS frames, there is good compatibility.The system for providing the corresponding above method simultaneously.

Description

Reduce the anonymous querying method and system of privacy compromise on DNS recursion servers
Technical field
The present invention relates to information technology field more particularly to DNS, and in particular to hidden on a kind of reduction DNS recursion servers The anonymous querying method and system of private leakage.
Background technology
DNS be currently one of most important infrastructure component in internet, on internet almost each activity with DNS Inquiry starts.Since the operation principle of DNS is fairly simple, almost all of DNS flows are all based on UDP plaintext transmissions, and And resource record does not add any certification and encryption measures, this kind of agreement causes agreement to be highly susceptible to due to disadvantages described above So-called man-in-the-middle attack (Man-in-the-middle attack), go-between can distort and forge DNS numbers by eavesdropping Implement attack according to packet.In addition current DNS query is substantially based on UDP, it is also difficult weight to cause to want now to encrypt it Weight (most of encryption routines are all based on TCP's).In recent years, privacy leakage problem emerged one after another, and worked as other protocol layers all Privacy concern is begun to focus on, when protecting privacy by various cryptographic means, DNS is often just at most fragile in all links A ring.
The privacy compromise of DNS is there are mainly two types of approach, and one is the interception eavesdropping on circuit, another is exactly to collect authority Inquiry log on server and recursion server.This domestic and international DNS privacy that begin one's study for 2 years, has focused largely on channel encryption On, for example, IETF propose RFC7858, RFC8094, be intended to provide transmission link on encryption, with ensure go-between without Method is eavesdropped, but there is no the privacies on settlement server to collect problem.
At present had multiple studies have shown that, DNS daily records can leak the geographical location of user, and facility information passes through receipts Collect the inquiry log of user, moreover it is possible to accurately restore everyone daily internet behavior, accurately identify specific user.And it passs It is nearest from user to return server again, possesses most user's Query Informations, in addition a large amount of commercial third parties recurrence clothes at present The appearance of business device so that the privacy compromise problem in this link of recursion server becomes very severe.It is external in this respect Achievement in research mainly has the scheme of " range query (Range Query) ", by one query be hidden in multiple camouflages inquiry from And realize the anonymization sent, claim to the secret protection for realizing 1/N.But there is scholar to study this method and find, due to When practical browsing webpage, when browsing particular webpage, specific query pattern is often triggered, is attacked by semanteme intersection It hits, it is easy to the access request of user can be cracked, so this scheme practical effect is very poor, can only be ensured extremely limited Protection effect.
Also other schemes such as use the DNS (NameCoin) that block chain technology is realized, to realize anonymization;Or The similar DNS using P2Pization of person realizes anonymization.However both the above scheme does not have deployable, wholesale revision is existing DNS frameworks be very unpractical.
Invention content
The present invention provides a kind of reduction to realize the purpose for solving the problems, such as that the privacy on DNS recursion servers is collected The anonymous querying method and system of privacy compromise on DNS recursion servers can hide the real user of inquiry to greatest extent, To protect the privacy of user.Simultaneously because the extension carried out on existing DNS layers, does not interfere with existing DNS frames, With good compatibility.
The technical solution adopted by the present invention is that:
A kind of anonymous querying method reducing privacy compromise on DNS recursion servers, includes the following steps:
It after subscriber's main station sends DNS request, monitors DNS request and is parsed, whether the domain name of analysis DNS request inquiry In a popular domain name list, if so, returning to query result;User is then connected into the initiation of P2P network backward recursive servers to ask It asks;
The IP address of popular domain name is periodically updated to recursion server, the newer popular domain name of fixed time broadcast is used householder Machine.
Further, further include:
Domain name list that initialization is popular;Initialize subscription list;Timer is set;Subscription is updated if receiving message List;If time-out popular domain name list is updated to recursion server again.
Further, further include progress initialization operation, including:
Monitor DNS query port and a self-defined port;
Partner user is matched, initial user table is built;
It sends to subscribe to popular name server and asks and update popular domain name list.
Further, the monitoring DNS request and carry out parsing include:
The inquiry request that DNS query port is initiated is monitored, and is parsed:Judge whether it is popular domain according to analysis result Name;
If so, then directly returning to the result kept in popular domain name list;
If not, one inquiry hop count of request package, it is forwarded to P2P networks;
Self-defined port is monitored to receive message and judge type of message:It is forwarded processing according to type of message.
Further, a random forwarding algorithm is executed if type of message is request type, if result of calculation is true, Secondary forwarding is carried out, and a forwarding table is recorded;If result of calculation is false, by executing inquiry;
If type of message is to reply type, then checks forwarding table, replied according to the corresponding forwarding IP of nslookup;
If type of message is that popular domain name broadcasts the message, then popular domain name list is updated.
Further, the execution random forwarding algorithm includes:
One random value is set, and forwarding every time then reduces the random value, until the random value is less than a setting threshold values k and stops turning Hair.
Further, user randomly chooses the digital X of a 10-10000, is packaged into message, as additional information one It rises and sends;
After user has received the additional message in P2P networks, following algorithm is executed:
1) it whether true calculates log ([X])=0, if set up, executes inquiry operation to recursion server, otherwise hold Row step 2);
2) random algorithm for executing [0-1], obtains random number r, if result is more than r > k, is executed to recursion server Inquiry operation, it is no to then follow the steps 3);
3) X=r*X is calculated, result is included in message, is forwarded.
Further, the value range for setting threshold values k is 0.5-0.8.
Further, the value for setting threshold values k is 0.7.
A kind of anonymous inquiry system reducing privacy compromise on DNS recursion servers is deployed in subscriber's main station and recurrence clothes It is engaged between device, including:
Home agent module, to monitor DNS request and be parsed, whether the domain name of analysis DNS request inquiry is in heat In door domain name list, if so, returning to query result;If not, initiating to ask to user collaboration module;
User collaboration module, user is connected into P2P networks;
Domain name broadcast module, it is fixed periodically to the IP address of recursion server more new domain name to safeguard popular domain name list When broadcast newer domain name to user home agent module.
Traditional DNS frameworks can not effectively prevent privacy compromise problem of the user on recursion server, by adopting Take above-mentioned technical proposal, the privacy on effective solution of the present invention recursion server collects problem, and recursion server can not root According to the information of inquiry log accurate reproduction user.
Also, need to change the system that current DNS frameworks could protect privacy of user compared to PP DNS, NameCoin, It is not necessary to modify existing DNS frameworks by the present invention, are conducive to actual deployment.
In addition, by introducing to the broadcast mechanism of popular domain name, it is possible to reduce the query time of about 82% domain name (according to Existing research), while reducing privacy compromise hidden danger.
And by the way of the inquiry of P2P user collaborations, each user agent inquiry, solve single-point agency performance and can By sex chromosome mosaicism.On this basis, the present invention improves the mode of user's random forwarding, realizes simply, while can be very good hidden Hide sender so that forwarding user, recursion server can not all guess true sender.
Finally, the anonymous means of tradition are all multi-encipherings, and delay is high, is unfavorable for the scene that DNS is used, and through the invention Random forwarding mechanism can be very good to solve the problems, such as this, and enough anonymities can be provided.
Description of the drawings
Fig. 1 is traditional DNS query system architecture schematic diagram.
The framework for reducing the anonymous inquiry system of privacy compromise on DNS recursion servers in Fig. 2 one embodiment of the invention shows It is intended to.
The bulk flow of the anonymous querying method of privacy compromise on DNS recursion servers is reduced in Fig. 3 one embodiment of the invention Journey schematic diagram.
It reduces in Fig. 4 one embodiment of the invention on DNS recursion servers and is initialized in the anonymous querying method of privacy compromise The flow diagram of operation.
It reduces to receive in the anonymous querying method of privacy compromise on DNS recursion servers in Fig. 5 one embodiment of the invention and disappear Cease the flow diagram of operation.
Popular domain in the anonymous querying method of privacy compromise is reduced on DNS recursion servers in Fig. 6 one embodiment of the invention The flow diagram of name service operations.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Whole description.
As shown in Figure 1, traditional DNS query relates generally to three parts:Stub servers (being usually subscriber's main station), recurrence Server, authoritative name server.All DNS queries of user can all be initiated to inquire, finally be obtained by recursion server by it Get corresponding query result.
As shown in Fig. 2, in one embodiment, the present invention provides one kind by broadcasting popular domain name combination P2P user association The system that the mode of work carries out DNS query, the system operation pass through user collaboration between subscriber's main station and recursion server Form, instead of the original direct process inquired to recursion server, to reduce the leakage of this layer of privacy of user.
The operation principle of system is the user's Query Information that reduces recursion server to the greatest extent and can get, and is passed to reduce Server is returned to can recognize that the probability of specific user.
Some researches show that the domain name request of 60-80% can be solved by caching, while inquiry of the domain name meets power law point Cloth.I.e. popular domain name access amount is huge, and the visit capacity of very much " long-tail domain names " is very small.Before recursion server is by caching 10% domain name can realize 97.7% query hit.Therefore the mechanism broadcasted by using popular domain name, enables to user Popular domain name is accessed without going past recursion server, but query result is directly returned to by this system, this part domain name does not have in this way There is privacy compromise risk, while the response speed of inquiry can be accelerated.
For remaining long-tail domain name, this system uses the form of P2P user collaborations, inquiry request is transmitted to different User allows their agents queries that can hide the requestor of script by this form, to realize sender anonymity.
The system is made of three parts, is home agent module, user collaboration module, domain name broadcast module respectively.
Home agent module:
The function of home agent module mainly replaces original DNS softwares, monitors DNS request, is then asked to DNS data Ask and parsed, analysis the inside inquire domain name whether in popular domain name list, if if directly return query result.Such as Fruit does not exist, then initiates to ask to user collaboration module.
User collaboration module:
The function of user collaboration module is that user is connected into P2P networks, and in a network, each user is exactly one specific Node, each node can independently initiate inquiry request, also other node can be assisted to be inquired.In anonymization network, The node of each forwarding is called Mix nodes, in P2P networks, each node is as the same Mix nodes.According to crowds Agreement carries out multiple random forwarding by the improved algorithm being hereinafter described, can so that the information of sender is hidden.
Domain name broadcast module:
Domain name broadcast module be mainly to maintain the list of a popular domain name, then periodically to recursion server more The IP address of new hot topic domain name works as user so then in these popular domain names to the home agent module of user of fixed time broadcast What is accessed is the domain name in popular domain name list, then can directly return the result.
Correspondingly, in the present embodiment, a kind of anonymous issuer reducing privacy compromise on DNS recursion servers is provided Method includes the following steps:
Safeguard a popular domain name list;
It after subscriber's main station sends DNS request, monitors DNS request and is parsed, whether the domain name of analysis DNS request inquiry In popular domain name list, if so, returning to query result;User is then connected into P2P network backward recursive servers and initiates request;
Periodically to the IP address of recursion server more new domain name, the newer domain name of fixed time broadcast is to subscriber's main station.
As shown in figure 3, the overall flow that the above method is realized may be summarized as follows:
After carrying out initialization operation, listening port judges whether to execute reception Message Opcode according to snoop results.
Wherein, as shown in figure 4, initialization operation includes:
1) user opens software, carries out initialization operation, monitors 53 ports and 3500 ports.(53 ports are the DNS of acquiescence Port is inquired, and 3500 ports are the customized ports of this system)
2) partner user is matched, user's table is built.(structure P2P network first things are exactly to build initial user table, are used for Further user has found)
3) it is sent to popular name server and subscribes to request.Popular domain name list in update hot topic dns database, and Temporary result.
As shown in figure 5, reception Message Opcode includes:
1) inquiry initiated 53 ports is monitored:
1-1) when user initiates DNS query, system analysis request judges whether it is popular domain name according to analysis result.Such as Fruit is popular domain name, then the result kept in direct returned data library.
1-2) unexpected winner request then request package user configuration inquiry hop count (hop count is higher, and anonymization degree is better, but It is query time also can accordingly increase, is typically provided to 4 preferable anonymization may be implemented voluntarily to set as needed for user Set), it is forwarded to P2P networks.
2) 3500 ports are monitored and receives message:
2-1) judge type of message, be request type then according to random number, executes random algorithm, specific algorithm will below It is introduced.If result of calculation is true, secondary forwarding is carried out, and forwarding table is recorded.
If 2-2) result of calculation is false, inquiry is executed by general inquiry process.The query result received is returned It returns.
If 2-3) type of message is to reply type, checks the forwarding table of oneself, sees the corresponding forwarding IP of nslookup, Directly forwarding will be replied to go back.
If 2-4) message is popular domain name broadcast message, popular domain name list is updated.
As shown in fig. 6, popular domain name list maintenance operation includes:
1) popular domain name list is initialized
2) subscription list is initialized
3) timer (timing more new domain name, be generally set to 1 hour, can take minimum value in all domain name TTL) is set
4) subscription list is updated if receiving message
5) popular domain name list is updated to recursion server again if time-out
Note:The selection of popular domain name combines the websites Alexa, Baidu's index, and it is whole to incorporate internal queries several months data Reason obtains.
Random forwarding algorithm:
Traditional crowds random forwarding algorithms are done every time at random, if it is less than specific Pr(0 < Pr< 1) value then turn Hair, otherwise stops forwarding.But the trap of cycle forwarding is may result in, although probability is very low
The improved random forwarding algorithm thinking of the application is one random value of setting, and forwarding every time then reduces this value, such as This value of fruit small to a certain extent (being less than a setting threshold values) then stops forwarding.And this algorithm cannot be too representative, it is no It can then be guessed to sender by intermediate user.Such as one number of selection, forward primary number to subtract 1, it can then many people are possible May be exactly to inquire promoter to guess to that user of 4-5 is typically chosen, select 1-2 is usually to turn originator.Here it selects What is selected is 10-10000 (logarithm is taken to correspond to 2-9), and range value big in this way, intermediate user is difficult real hair of the conjecture to inquiry Play person.
Actual algorithm implementation procedure is as follows:
User randomly chooses the digital X of a 10-10000, is packaged into message, is sent together as additional information.When After user has received message in next P2P networks, following algorithm is executed:
1) it whether true calculates log ([X])=0, if set up, executes inquiry operation to recursion server, otherwise hold Row step 2);
2) random algorithm for executing [0-1], obtains random number r, if result is more than r > 0.7, is held to recursion server Row inquiry operation, it is no to then follow the steps 3);
3) X=r*X is calculated, result is included in message, is forwarded.
Note:3) operation is exactly actually to reduce the process of random value, and it is by mass data mould to set threshold values to be selected as 0.7 It is quasi- obtain as a result, when value selection 0.7, the forwarding that 93% inquiry may be implemented is 1-6 times, highest hop count It does not exceed 12 times.It is more satisfactory state.During implementing technical scheme, the selection model of the setting threshold values Enclose set for 0.5-0.8 the higher forwarding of threshold values probability it is higher, but hop count too it is high can so that the response time increase, 0.7 For preferred value.
The operating process of system described in previous embodiment is illustrated with reference to specific application example, specifically Including:
1. initialization operation
1) user A (ID:102230) software is opened, initialization operation is carried out, monitors 53 ports and 3500 ports.(53 ends Mouth is the DNS query port of acquiescence, and 3500 ports are the customized ports of this system)
2) partner user is matched, builds user's table, and obtain the User ID of oneself, starts the use that can restore last time every time Family table, and successively request is initiated to corresponding user, it is ensured that corresponding user is online, if number of users is very few, starts discovery Mechanism finds new user.
User ID IP Port State Response time
102231 135.22.30.01 3500 alive 30ms
102232 147.22.30.01 3500 alive 102ms
102233 136.22.30.01 3500 died -
102234 124.22.30.01 3500 alive 120ms
3) it when user A (102230) is initialized, can initiate to subscribe to request to popular name server.
Request type User ID Added value
ADD 102230 133.101.112.100
4) popular name server receives request, user information is added the user list of oneself.
User ID IP Port State Response time
102230 133.101.112.100 3500 alive 30ms
104388 147.22.30.01 3500 alive 102ms
123302 136.22.30.01 3500 died -
If it is user list is added for the first time, the information of preceding 10000 domain name can be sent to the user.Meanwhile it can timing Refresh domain name list, when finding to have the information of domain name inconsistent, then sends corresponding domain to all user of subscription list The information of name.
5) user receives information, will update the popular domain name list of oneself.
ID Domain name Ranking IP Version number
1 www.baidu.com. 1 220.181.57.217 171202
2 www.sohu.com. 2 123.126.104.68 171210
3 www.sina.com. 3 115.238.190.238 171202
2. accessing popular domain name
1) user browseswww.baidu.com, initiate DNS request;
2) home agent module analysis request inquires local popular domain name table, finds hit record;
3) 220.181.57.217 is directly returned.
3. accessing long-tail domain name
1) user B (102231) is accessedwww.example123.com, initiate DNS request
2) home agent module analysis request inquires local popular domain name table, does not find hit record
3) it initiates to ask to user list user successively
Request type Ask domain name Hop count
QUERY www.example123.com 4
4) user B (102231) receives request, and analysis request judges that request type, QUERY are inquiry requests, executes Random algorithm (0-1), obtains 0.92>0.7, open forwarding
Request type Ask domain name Added value
QUERY www.example123.com 4
And forwarding list (if there are multiple users to inquire same domain name simultaneously, being recorded under same domain name) is recorded
Domain name Forward user
www.example123.com 102230
5) user C (112301) receives the request of B, judges that request type, QUERY are inquiry requests, executes random calculate Method (0-1), obtains 0.22<0.7, inquiry is opened, the recursion server of oneself is accessed, has inquired corresponding IP (123.123.11.11) returns to user B
Request type Ask domain name Added value
RESPONSE www.example123.com 123.123.11.11
6) user B (102231) receives the request of C, and analysis request judges that request type, RESPONSE are to reply to ask It asks, checks forwarding table, find corresponding forwarding user
Domain name Forward user
www.example123.com 102230
Reply result is returned to user A (102230)
Request type Ask domain name Added value
RESPONSE www.example123.com 123.123.11.11
7) user A (102230) receives the request of B, and analysis request judges that request type, RESPONSE are to reply to ask It asks, checks forwarding table, do not find corresponding forwarding user, explanation is the request that oneself is initiated, and is resolved to corresponding IP, passes through 53 ports return.
In specific implementation process, user can get corresponding Query Information, while the shape forwarded by user agent Formula conceals true sender (recursion server only knows the IP of the last user C for initiating inquiry).
And due to being random forwarding, forwarding is all random every time, therefore the user B and C of intermediate forwarding, can not also be known True sender (user before them may be real user may also be one turn originator).Each user can only see Whether be true sender by the previous user of this analysis in Query Information to the random value for including, due to according to Machine algorithm, random value can be gradually reduced, therefore the random value of real user is generally bigger.But due to the improved calculation of this system The random value that method provides is taken in 10-10000, range value big in this way, and intermediate user also is difficult to conjecture to the true of inquiry Positive promoter.
The scheme of the application is when inquiry popular domain name, since the popular domain name of broadcast has arrived on user's machine, Popular domain name is all that 0 delay accesses (general hot topic domain name access delay is probably 30ms), but inquiring unexpected winner domain name can pass through User agent, wherein can increase user, to the delay between user, (related with network speed with the position of user, big appointment increases 100- 300ms), subsequently it is contemplated that the selection strategy (the corresponding time is short, and the close user in geographical location preferentially selects) of user is reduced This delay.
In conclusion traditional DNS does not provide the secret protection of user, recurrence clothes can be reduced the present invention provides a kind of The mechanism and system of User DN S privacy compromises on business device.By integrating P2P user agents pattern and domain name broadcast mechanism, realize The interworking mechanism of the anonymization of popular domain name and long-tail domain name inquiry.Traditional user is directly inquired into recursion server Mode changes into user's inquiry and first passes through P2P networks, and this inquiry mode of DNS query is carried out by way of user collaboration. Used improved random forwarding algorithm when random forwarding DNS query.The popular domain name list used is to integrate a variety of numbers The list obtained from, actual motion effect are preferable.Traditional inquiry be all by recursion server, and the present invention use extensively The mode for broadcasting popular domain name skips over this link, to reduce whole query latency.
Obviously, described embodiment is only a part of the embodiment of the present invention, instead of all the embodiments.Based on this hair Embodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative efforts Example, shall fall within the protection scope of the present invention.

Claims (10)

1. reducing the anonymous querying method of privacy compromise on DNS recursion servers, include the following steps:
It after subscriber's main station sends DNS request, monitors DNS request and is parsed, whether the domain name of analysis DNS request inquiry is one In popular domain name list, if so, returning to query result;It is asked if not, user is connected into the initiation of P2P network backward recursive servers It asks;
The IP address of popular domain name is periodically updated to recursion server, the newer popular domain name of fixed time broadcast is to subscriber's main station.
2. reducing the anonymous querying method of privacy compromise on DNS recursion servers as described in claim 1, which is characterized in that Further include:
Domain name list that initialization is popular;Initialize subscription list;Timer is set;Subscription row are updated if receiving message Table;If time-out popular domain name list is updated to recursion server again.
3. reducing the anonymous querying method of privacy compromise on DNS recursion servers as described in claim 1, which is characterized in that Further include progress initialization operation, including:
Monitor DNS query port and a self-defined port;
Partner user is matched, initial user table is built;
It sends to subscribe to popular name server and asks and update popular domain name list.
4. reducing the anonymous querying method of privacy compromise on DNS recursion servers as claimed in claim 3, which is characterized in that The monitoring DNS request and carry out parsing include:
The inquiry request that DNS query port is initiated is monitored, and is parsed:Judge whether it is popular domain name according to analysis result; If so, then directly returning to the result kept in popular domain name list;
If not, one inquiry hop count of request package, it is forwarded to P2P networks;
Self-defined port is monitored to receive message and judge type of message:It is forwarded processing according to type of message.
5. reducing the anonymous querying method of privacy compromise on DNS recursion servers as claimed in claim 4, which is characterized in that A random forwarding algorithm is executed if type of message is request type, if result of calculation is true, carries out secondary forwarding, and remember It records to a forwarding table;If result of calculation is false, by executing inquiry;
If type of message is to reply type, then checks forwarding table, replied according to the corresponding forwarding IP of nslookup;
If type of message is that popular domain name broadcasts the message, then popular domain name list is updated.
6. reducing the anonymous querying method of privacy compromise on DNS recursion servers as claimed in claim 5, which is characterized in that The execution random forwarding algorithm includes:
One random value is set, and forwarding every time then reduces the random value, until the random value is less than a setting threshold values k and stops forwarding.
7. reducing the anonymous querying method of privacy compromise on DNS recursion servers as claimed in claim 6, which is characterized in that User randomly chooses the digital X of a 10-10000, is packaged into message, is sent together as additional information;When in P2P networks After user has received the additional message, following algorithm is executed:
1) it calculatesIt is whether true, if set up, inquiry operation is executed to recursion server, it is no to then follow the steps 2);
2) random algorithm for executing [0-1], obtains random number r, if result is more than r > k, inquiry is executed to recursion server Operation, it is no to then follow the steps 3);
3) X=r*X is calculated, result is included in message, is forwarded.
8. reducing the anonymous querying method of privacy compromise on DNS recursion servers as claimed in claim 7, which is characterized in that The value range for setting threshold values k is 0.5-0.8.
9. reducing the anonymous querying method of privacy compromise on DNS recursion servers as claimed in claim 8, which is characterized in that The value for setting threshold values k is 0.7.
10. reduce the anonymous inquiry system of privacy compromise on DNS recursion servers, be deployed in subscriber's main station and recursion server it Between, which is characterized in that including:
Home agent module, to monitor DNS request and be parsed, whether the domain name of analysis DNS request inquiry is in popular domain In list of file names, if so, returning to query result;If not, initiating to ask to user collaboration module;
User collaboration module initiates request user is connected into P2P network backward recursive servers;
Domain name broadcast module periodically updates the IP address of popular domain name to safeguard popular domain name list to recursion server, fixed When broadcast newer popular domain name to user home agent module.
CN201810209202.5A 2018-03-14 2018-03-14 Anonymous query method and system for reducing privacy leakage on DNS recursive server Active CN108632401B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810209202.5A CN108632401B (en) 2018-03-14 2018-03-14 Anonymous query method and system for reducing privacy leakage on DNS recursive server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810209202.5A CN108632401B (en) 2018-03-14 2018-03-14 Anonymous query method and system for reducing privacy leakage on DNS recursive server

Publications (2)

Publication Number Publication Date
CN108632401A true CN108632401A (en) 2018-10-09
CN108632401B CN108632401B (en) 2022-04-01

Family

ID=63706269

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810209202.5A Active CN108632401B (en) 2018-03-14 2018-03-14 Anonymous query method and system for reducing privacy leakage on DNS recursive server

Country Status (1)

Country Link
CN (1) CN108632401B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109451043A (en) * 2018-12-12 2019-03-08 熵加网络科技(北京)有限公司 A kind of server access method for protecting privacy of user by proxy access
CN109598506A (en) * 2018-11-02 2019-04-09 克洛斯比尔有限公司 Block chain accurately postpones the method for encryption, system, calculates equipment and computer readable storage medium
CN110635945A (en) * 2019-09-10 2019-12-31 清华大学 Data processing method supporting time trigger mechanism and SDN network system
CN114338604A (en) * 2021-12-31 2022-04-12 北京奇艺世纪科技有限公司 DNS configuration updating method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100100957A1 (en) * 2008-10-17 2010-04-22 Alan Graham Method And Apparatus For Controlling Unsolicited Messages In A Messaging Network Using An Authoritative Domain Name Server
CN103581258A (en) * 2012-08-03 2014-02-12 中国移动通信集团公司 Network data caching method and system
CN103825969A (en) * 2013-10-29 2014-05-28 电子科技大学 DNS query method based on anonymous network
CN105307111A (en) * 2014-07-07 2016-02-03 南京理工大学常熟研究院有限公司 Position privacy protection method based on incremental neighbour inquiry
CN107204988A (en) * 2017-06-28 2017-09-26 华南理工大学 A kind of location privacy protection method under the structure based on P2P

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100100957A1 (en) * 2008-10-17 2010-04-22 Alan Graham Method And Apparatus For Controlling Unsolicited Messages In A Messaging Network Using An Authoritative Domain Name Server
CN103581258A (en) * 2012-08-03 2014-02-12 中国移动通信集团公司 Network data caching method and system
CN103825969A (en) * 2013-10-29 2014-05-28 电子科技大学 DNS query method based on anonymous network
CN105307111A (en) * 2014-07-07 2016-02-03 南京理工大学常熟研究院有限公司 Position privacy protection method based on incremental neighbour inquiry
CN107204988A (en) * 2017-06-28 2017-09-26 华南理工大学 A kind of location privacy protection method under the structure based on P2P

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109598506A (en) * 2018-11-02 2019-04-09 克洛斯比尔有限公司 Block chain accurately postpones the method for encryption, system, calculates equipment and computer readable storage medium
CN109451043A (en) * 2018-12-12 2019-03-08 熵加网络科技(北京)有限公司 A kind of server access method for protecting privacy of user by proxy access
CN109451043B (en) * 2018-12-12 2022-02-08 北京升鑫网络科技有限公司 Server access method for protecting user privacy through proxy access
CN110635945A (en) * 2019-09-10 2019-12-31 清华大学 Data processing method supporting time trigger mechanism and SDN network system
CN114338604A (en) * 2021-12-31 2022-04-12 北京奇艺世纪科技有限公司 DNS configuration updating method and system
CN114338604B (en) * 2021-12-31 2024-04-12 北京奇艺世纪科技有限公司 DNS configuration updating method and system

Also Published As

Publication number Publication date
CN108632401B (en) 2022-04-01

Similar Documents

Publication Publication Date Title
Delgado-Segura et al. Txprobe: Discovering bitcoin’s network topology using orphan transactions
US11271892B2 (en) Network communication method and system, device, and storage medium
US8838670B2 (en) Collaboration between internet service providers and content distribution systems
CN108632401A (en) Reduce the anonymous querying method and system of privacy compromise on DNS recursion servers
Wolinsky et al. Dissent in numbers: Making strong anonymity scale
CN105453488B (en) For handling the method and system of DNS request
US10084756B2 (en) Anonymous communications in software-defined networks via route hopping and IP address randomization
CN105228140B (en) A kind of data access method and device
CN104796475B (en) A kind of socialization recommendation method based on homomorphic cryptography
Acs et al. Privacy-aware caching in information-centric networking
US10554616B1 (en) Generating mobile device-specific identifiers across native mobile applications and mobile browsers
CN106357839B (en) A kind of DNS query method and device
Vratonjic et al. A location-privacy threat stemming from the use of shared public IP addresses
Chen et al. PacketCloud: A cloudlet-based open platform for in-network services
US20180288612A1 (en) User equipment and method for protection of user privacy in communication networks
Da Silva et al. Privatube: Privacy-preserving edge-assisted video streaming
Kaiser et al. Adding privacy to multicast DNS service discovery
Papadopoulos et al. Where's wally? how to privately discover your friends on the internet
CN109743238B (en) Distributed access system
Manzillo et al. CLOSER: a collaborative locality-aware overlay SERvice
CN107528932A (en) A kind of data transmission method, network address translation apparatus
Ciaccio Improving sender anonymity in a structured overlay with imprecise routing
CN109495253A (en) A method of privacy of user protection is realized in heart network in the information
Xin et al. Design improvement for tor against low-cost traffic attack and low-resource routing attack
Cisco Configuring Network Proximity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant