CN108769284B - Domain name resolution method, server and system - Google Patents
Domain name resolution method, server and system Download PDFInfo
- Publication number
- CN108769284B CN108769284B CN201810421857.9A CN201810421857A CN108769284B CN 108769284 B CN108769284 B CN 108769284B CN 201810421857 A CN201810421857 A CN 201810421857A CN 108769284 B CN108769284 B CN 108769284B
- Authority
- CN
- China
- Prior art keywords
- server
- recursive
- domain name
- authoritative
- query
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 230000004044 response Effects 0.000 claims abstract description 162
- 238000013475 authorization Methods 0.000 claims abstract description 73
- 238000012545 processing Methods 0.000 claims description 31
- 238000010586 diagram Methods 0.000 description 10
- 230000008569 process Effects 0.000 description 8
- 238000012360 testing method Methods 0.000 description 8
- 238000012986 modification Methods 0.000 description 6
- 230000004048 modification Effects 0.000 description 6
- 238000004458 analytical method Methods 0.000 description 5
- 238000005242 forging Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a domain name resolution method, a server and a system, which are used for improving the security of an authoritative server, wherein the method comprises the following steps: the method comprises the steps that an authoritative server receives a first query request sent by a recursive server; when the recursion server is a non-secure server, the authoritative server returns an authorization response to the recursion server; when receiving a second query request returned by the recursive server, the authoritative server returns a second query response to the recursive server; the second query response is used for instructing the recursive server to send a third query request to the authoritative server; the third query request includes the first domain name; the authoritative server receives a third query request sent by the recursive server and returns a third query response to the recursive server; the third query reply includes the first internet protocol, IP, address corresponding to the first domain name.
Description
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to a domain name resolution method, a server, and a system.
Background
In the domain name resolution system, an authoritative server allocates IP addresses for all domain names, and simultaneously responds to query requests sent by all recursive servers to resolve the IP addresses corresponding to the domain names to be resolved in the query requests.
However, the Internet Protocol Address (IP) of the recursive server is unknown to the authoritative service. When the domain name resolution system is attacked, the authoritative server can be requested maliciously by a large number of forged IP addresses, the maliciousness requests can consume a large number of resources of the authoritative server, and the problems that the authoritative server refuses resolution service or the response speed is reduced rapidly and the like can be caused, so that the access of normal users is influenced.
Disclosure of Invention
The invention provides a domain name resolution method, a server and a system, which are used for improving the security of an authoritative server.
In a first aspect, an embodiment of the present invention provides a domain name resolution method, including:
the method comprises the steps that an authoritative server receives a first query request sent by a recursive server; the first query request comprises a first domain name to be resolved;
when the recursive server is a non-secure server, the authoritative server returns an authorization response to the recursive server; the authorization response is used for instructing the recursive server to return a second query request;
when the authority server receives the second query request returned by the recursive server, returning a second query response to the recursive server; the second query response is used for instructing the recursive server to send a third query request to the authoritative server; the third query request includes the first domain name;
the authoritative server receives a third query request sent by the recursive server and returns a third query response to the recursive server; the third query reply includes a first internet protocol, IP, address corresponding to the first domain name.
When receiving the first query request sent by the recursive server which is not a secure server, the authoritative server does not directly respond to the first query request, but sends an authorization response to the recursive server to instruct the recursive server to return a second query request. For a recursive server of a forged IP, the recursive server usually only sends a first query request to the authoritative server continuously, and does not process an authorization response returned by the authoritative server. Therefore, when receiving the second query request returned by the recursive server, the authoritative server can determine that the IP address of the recursive server is the real IP address, so that the query request sent by the recursive server can be responded, and the safety of the authoritative server is improved. Moreover, in the embodiment of the present invention, when the authoritative server receives the second query request returned by the recursive server, the authoritative server responds to the second query request, and then responds to the third query request instead of directly responding to the first query request, so that the recursive server can identify the first IP address returned by the authoritative server according to the existing protocol.
Optionally, after the authoritative server receives the first query request sent by the recursive server, the method further includes:
when the recursive server is a safe server, the authoritative server returns a first query response to the recursive server; the first query reply includes the first IP address.
The authoritative server determines that the recursive server is a safe server, namely determines that the IP address of the recursive server is a real IP address, and the authoritative server can directly respond to the first query request, so that the domain name resolution efficiency is improved.
Optionally, when the authority server receives the second query request returned by the recursive server, the method further includes:
adding the recursive server to a white list; the whitelist is used to determine whether the recursive server is a secure server.
And when the authoritative server receives the second query request returned by the recursive server, the recursive server is a safe server, and the IP address of the recursive server is a real IP address. After the recursive server is added into the white list, when the recursive server sends the first query request again, the recursive server can be directly determined as the safe server according to the white list, and the first query request of the recursive server can be directly responded, so that the domain name resolution efficiency is improved.
Optionally, after the authority server returns the authorization response to the recursive server, the method further includes:
and when the authoritative server does not receive the second query request sent by the recursive server, determining that the recursive server is a suspicious server.
The recursive server which forges the IP address cannot process the authorization response, and therefore cannot send the second query request to the recursive server, so that the authoritative server can consider that the IP address of the recursive server is a suspicious server when not receiving the second query request sent by the recursive server.
Optionally, returning an authorization response to the recursive server includes:
the authoritative server randomly generating a second domain name;
the authoritative server allocates a second IP address for the second domain name;
the authority server generates an authorization response according to the second domain name; the authorization reply is used for instructing the recursive server to send a second query request comprising the second domain name to the authoritative server.
After the authoritative server returns the authorization response to the recursive server, the recursive server confirms that the authoritative server corresponding to the second domain name allocates the IP address for the first domain name according to the existing protocol. Therefore, the recursive server may request the authoritative server for the second IP address corresponding to the second domain name, i.e., send a second query to the authoritative server.
Optionally, the second IP address is an IP address of the authoritative server; the authoritative server returning a second query response to the recursive server, comprising:
the authoritative server resolves a second domain name in the second query request, and determines a second IP address corresponding to the second domain name;
the authoritative server returns a second query response to the recursive server; the second query reply includes the second IP address.
Because the authoritative server allocates the second IP address to the second domain name, the authoritative server can directly analyze the second domain name to obtain the second IP address after receiving the second query request, and return the second IP address to the recursive server through the second query response. Because the second IP address is the IP address of the authoritative server, when the recursive server sends the third query request to the virtual authoritative server corresponding to the second domain name according to the existing protocol, the recursive server still sends the third query request to the authoritative server.
In a second aspect, an embodiment of the present invention further provides a domain name resolution method, including:
the recursion server sends a first query request to the authority server; the first query request comprises a first domain name to be resolved;
the recursive server receives an authorization response returned by the authoritative server and sends a second query request to the authoritative server according to the authorization response; the authorization response is returned to the recursive server by the authoritative server when the recursive server is a non-secure server;
the recursive server receives a second query response returned by the authoritative server and sends a third query request to the authoritative server according to the second query response; the third query request includes the first domain name;
the recursive server receives a third query response returned by the authoritative server; the third query reply includes the first IP address corresponding to the first domain name.
Optionally, after the recursive server sends the first query request to the authoritative server, the method further includes:
the recursive server receives a first query response returned by the authoritative server; the first query response is returned to the recursive server by the authoritative server when the recursive server is a secure server; the first query reply includes the first IP address.
In a third aspect, an embodiment of the present invention further provides an authoritative server, including:
the receiving and sending unit is used for receiving a first query request sent by the recursive server; the first query request comprises a first domain name to be resolved;
the processing unit is used for returning an authorization response to the recursive server when the recursive server is a non-secure server; the authorization response is used for instructing the recursive server to return a second query request; when the transceiver unit receives the second query request returned by the recursive server, a second query response is returned to the recursive server through the transceiver unit; the second query response is used for instructing the recursive server to send a third query request to the authoritative server; the third query request includes the first domain name; receiving a third query request sent by the recursive server through the transceiving unit, and returning a third query response to the recursive server; the third query reply includes the first IP address corresponding to the first domain name.
Optionally, the processing unit is further configured to:
when the recursive server is a secure server, returning the first query response to the recursive server through the transceiver unit; the first query reply includes the first IP address.
Optionally, the processing unit is further configured to:
adding the recursive server to a white list; the whitelist is used to determine whether the recursive server is a secure server.
Optionally, the processing unit is further configured to:
and when the transceiver unit does not receive the second query request sent by the recursive server, determining that the recursive server is a suspicious server.
Optionally, the processing unit is specifically configured to:
randomly generating a second domain name;
allocating a second IP address for the second domain name;
generating an authorization response according to the second domain name; the authorization reply is used for instructing the recursive server to send a second query request comprising the second domain name to the authoritative server.
Optionally, the processing unit is specifically configured to:
analyzing a second domain name in the second query request, and determining a second IP address corresponding to the second domain name;
returning a second query response to the recursive server; the second query reply includes the second IP address.
In a fourth aspect, an embodiment of the present invention further provides a recursive server, including:
the receiving and sending unit is used for sending a first query request to the authoritative server; the first query request comprises a first domain name to be resolved;
the processing unit is used for receiving the authorization response returned by the authoritative server through the transceiver unit and sending a second query request to the authoritative server through the transceiver unit according to the authorization response; the authorization response is returned to the recursive server by the authoritative server when the recursive server is a non-secure server; receiving a second query response returned by the authoritative server through the transceiver unit, and sending a third query request to the authoritative server through the transceiver unit according to the second query response; the third query request includes the first domain name; receiving a third query response returned by the authoritative server through the transceiving unit; the third query reply includes the first IP address corresponding to the first domain name.
Optionally, the processing unit is further configured to:
receiving the first query response returned by the authoritative server through the transceiver unit; the first query response is returned to the recursive server by the authoritative server when the recursive server is a secure server; the first query reply includes the first IP address.
In a fifth aspect, an embodiment of the present invention further provides a domain name resolution system, including the authoritative server according to any one of the third aspects, and the recursive server according to the fourth aspect.
In a sixth aspect, the present invention also provides a computer-readable storage medium storing computer-executable instructions for causing a computer to perform the method according to any one of the first aspect, or the method according to the first aspect.
In a seventh aspect, an embodiment of the present invention further provides a computing device, including:
a memory for storing program instructions;
a processor for calling program instructions stored in said memory to perform a method according to any one of the first aspect or a method according to the second aspect in accordance with the obtained program.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic diagram of a domain name resolution system according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a domain name resolution method according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of a practical domain name resolution method according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of an authoritative server according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a recursive server according to an embodiment of the present invention;
FIG. 6 is a schematic structural diagram of an authoritative server according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a recursive server according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic diagram of a domain name resolution system according to an embodiment of the present invention, as shown in fig. 1, the domain name resolution system mainly includes a recursive server, an authoritative server, a root server, and the like, and the terminals and the servers, and the servers may be connected through a wired or wireless network. When a terminal needs to access a certain domain name, the terminal requests the recursion server for the IP address of the domain name, and specifically, the terminal sends a domain name resolution request to the recursion server, where the domain name resolution request includes the domain name to be resolved, that is, the domain name to be accessed by the terminal. After receiving the domain name resolution request, the recursive server firstly queries a local cache, and if an IP address corresponding to the domain name to be resolved exists in the local cache, a domain name resolution response including the IP address is generated and returned to the terminal. If the local cache of the recursive server does not store the IP address corresponding to the domain name to be resolved, the recursive server acquires the IP address of the authoritative server corresponding to the domain name to be resolved, sends a query request to the authoritative server corresponding to the domain name to be resolved, and returns the IP address corresponding to the domain name to be resolved to the recursive server by the authoritative server.
In the prior art, the recursion server needs to send a query request to an authoritative server (an authoritative server that allocates an IP address to the domain name to be resolved) corresponding to the domain name to be resolved, so as to obtain the IP address corresponding to the domain name to be resolved. For example, in fig. 1, the authority server 2 has allocated an IP address to the domain name test.wangsu.com, the recursive server needs to send a query request to the authority server 2 to obtain the IP address corresponding to test.wangsu.com. Specifically, the recursive server needs to acquire the IP address of the authoritative server 2 first, and can send the query request to the authoritative server 2. In the case that the recursion server does not cache the IP address of the authoritative server 2, the recursion server sends a query request to the root server, and the root server returns a query response including the authorized domain name and the IP address of the authorized domain name, where the query response includes the domain name of the authoritative server 1 corresponding to com and the IP address of the authoritative server 1, which indicates that the authoritative server 1 manages the domain name ". com". The recursive server sends a query request to the authoritative server 1 according to the IP address of the authoritative server 1, and the authoritative server 1 also returns a query response comprising the authorized domain name and the IP address of the authorized domain name. The query response returned by the authority server 1 includes the domain name of the authority server 2 corresponding to wangsu.com and the IP address of the authority server 2, which means that the authority server 2 manages the domain name ". wangsu.com", and the domain name of the authority server 2 may be ns1. wangsu.com. The query response returned by the authority server 1 includes the IP address of the authority server 2, for example, 2.2.2.2, and the query response returned by the authority server 1 may be IN the specific form of ns1.wangsu. com 1728 IN a 2.2.2.2. The recursion server sends the query request to the authority server 2 according to the IP address 2.2.2.2 corresponding to ns1.wangsu.com, and since the authority server 2 allocates an IP address to test.wangsu.com, the authority server 2 can determine the IP address corresponding to test.wangsu.com and return the IP address to the recursion server.
However, for most authoritative servers in a domain name resolution system, the IP addresses of the recursive servers are unknown, and thus the authoritative servers are very vulnerable to recursive servers that forge IP addresses. The recursion server for forging the IP address may not be a real recursion server, an attacker sends a large number of query requests to the authoritative server through the forged IP address, the authoritative server cannot identify the IP addresses and only queries the query requests, so that a large number of resources of the authoritative server are occupied, and the authoritative server refuses the resolution service or the response speed is reduced rapidly. In order to solve the above problem, an embodiment of the present invention provides a domain name resolution method. Fig. 2 is a schematic flow chart of a domain name resolution method according to an embodiment of the present invention, as shown in fig. 2, which mainly includes the following steps:
s201: the recursion server sends a first query request to the authority server; the first query request includes a first domain name to be resolved.
S202: and the authoritative server receives the first query request sent by the recursive server and returns an authorization response to the recursive server when the recursive server is an insecure server.
S203: and the recursive server receives the authorization response returned by the authoritative server and sends a second query request to the authoritative server according to the authorization response.
S204: and when receiving a second query request returned by the recursive server, the authoritative server returns a second query response to the recursive server.
S205: the recursive server receives a second query response returned by the authoritative server and sends a third query request to the authoritative server according to the second query response; the third query request includes the first domain name.
S206: the authoritative server receives a third query request sent by the recursive server and returns a third query response to the recursive server; the third query reply includes the first internet protocol, IP, address corresponding to the first domain name.
In S201, when receiving an analysis request from a terminal, a recursive server generally queries a local cache, and when an IP address corresponding to a first domain name to be analyzed exists in the local cache, the recursive server directly returns an analysis response to the terminal, where the analysis response includes the IP address corresponding to the first domain name. When the local cache of the recursive server does not have the IP address corresponding to the first domain name, the recursive server sends a first query request to the authoritative server, wherein the first query request comprises the first domain name to be resolved.
In an embodiment of the present invention, recursive servers may be divided into secure servers and non-secure servers. The secure server is a recursive server for determining whether the IP address is a real IP address, and the non-secure server is a recursive server for determining whether the IP address is a real IP address. In S202, the authoritative server may determine whether the recursive server is a secure server by itself, or may determine whether the recursive server is a secure server by a third-party device, for example, the switch determines whether the recursive server is a secure server. When the recursive server is a non-secure server, the authoritative server does not return the first query response corresponding to the first query request to the recursive server, but returns the authorization response to the recursive server.
Optionally, when the recursive server is a secure server, the authoritative server returns a first query response to the recursive server; the first query reply includes the first IP address. The authoritative server determines that the recursive server is a safe server, namely determines that the IP address of the recursive server is a real IP address, and the authoritative server can directly respond to the first query request, so that the domain name resolution efficiency is improved.
In S204, when the authority server receives the second query request returned by the recursion server, it indicates that the recursion server can process the authorization response sent by the authority server, so as to determine that the IP address of the recursion server is a real IP address. The authoritative server returns a second query response to the recursive server. After determining that the IP address of the recursive server is a real IP address, the authoritative server does not directly return a first query response corresponding to the first query request, but returns a second query response corresponding to the second query request, so that the existing processing protocol of the recursive server can be changed as little as possible, namely, the query response received by the recursive server latest corresponds to the query request sent by the recursive server latest.
In S205, after receiving the second query response returned by the authoritative server, the recursive server may send a third query request to the authoritative server according to the second query response; the third query request includes the first domain name. It should be appreciated that in particular implementations, the third query request and the first query request may have the same form, and embodiments of the present invention distinguish between them for clarity.
In S206, the authoritative server receives the third query request sent by the recursive server, and determines the first IP address corresponding to the first domain name according to the first domain name in the third query request. And then, the authoritative server generates a third query response according to the first IP address and returns the third query response to the recursive server.
After receiving the third query response, the recursive server may cache the first IP address, or generate an analysis response according to the first IP address and send the analysis response to the terminal, and so on.
When receiving the first query request sent by the recursive server which is not a secure server, the authoritative server does not directly respond to the first query request, but sends an authorization response to the recursive server to instruct the recursive server to return a second query request. For a recursive server of a forged IP, the recursive server usually only sends a first query request to the authoritative server continuously, and does not process an authorization response returned by the authoritative server. Therefore, when receiving the second query request returned by the recursive server, the authoritative server can determine that the IP address of the recursive server is the real IP address, so that the query request sent by the recursive server can be responded. Moreover, in the embodiment of the present invention, when the authoritative server receives the second query request returned by the recursive server, the authoritative server responds to the second query request, and then responds to the third query request instead of directly responding to the first query request, so that the recursive server can identify the first IP address returned by the authoritative server according to the existing protocol.
In S204, the authoritative server, upon receiving the second query request returned by the recursive server, may determine that the IP address of the recursive server is a real IP address, and the recursive server may serve as a secure server. Optionally, when receiving a second query request returned by the recursive server, the authoritative server adds the recursive server to the white list; the white list is used to determine whether the recursive server is a secure server. In the specific implementation process, the authoritative server can add the IP address of the recursive server into a white list, the white list can be issued to the switch, the switch confirms whether the recursive server is a safe server or not, and the authoritative server can also confirm whether the recursive server is the safe server or not through a firewall system. Taking the implementation mode of self-identification by the authority server as an example, after receiving the first query request, the authority server queries the white list according to the IP address of the recursive server, and when the IP address of the recursive server exists in the white list, the authority server can confirm that the recursive server is a secure server and can return a first query response to the server. Optionally, the authority server may design an effective period for the white list according to an actual application environment, and delete the IP address from the white list when the time of the IP address of the recursive server in the white list exceeds the effective period, so as to enhance the timeliness of the white list.
Through the embodiment, after the recursive server capable of returning the second query request is added into the white list, when the recursive server sends the first query request again, the recursive server can be directly determined as the security server according to the white list, and the first query request of the recursive server can be directly responded, so that the domain name resolution efficiency is improved.
In particular implementations, the recursive server for forged IP addresses does not return the second query request to the authoritative server based on the authorization response. Optionally, after the authoritative server returns the authorization response to the recursive server, the method further includes: and when the authoritative server does not receive the second query request sent by the recursive server, determining the recursive server as a suspicious server. In a specific implementation process, the authoritative server may set a certain threshold time, and if the second query request is not received within the threshold time, the recursive server is determined to be a suspicious server. For suspicious servers, the authoritative server may access the suspicious servers by building a blacklist. For example, for a recursive server in the blacklist, the authoritative server limits the number of times the recursive server can access every minute, or directly denies the recursive server access, and so on, to ensure that the normal server of the authoritative server is continuously available. Similar to the white list, the black list may also be issued to the switch, and the switch performs access restriction on the recursive server in the black list, or the authoritative server performs access restriction on the recursive server in the black list through the firewall system. Under the condition of having both a black list and a white list, when receiving a first query request sent by a recursive server, an authoritative server can query the white list first, and if the recursive server exists in the white list, a first query response is returned to the recursive server; if the recursive server does not exist in the white list, querying a black list; if the recursive server does not exist in the blacklist, determining the recursive server as a non-secure server; and if the recursive server exists in the blacklist, performing access limitation on the recursive server.
As in the foregoing processing procedure of the recursive server in the prior art, after the recursive server sends the query request to the authoritative server, if the authoritative server is the upper-level server of the authoritative server corresponding to the domain name to be resolved, the authoritative server will return the domain name including the authorization and the authorization to the recursive serverThe query response of the IP address of the right domain name, where the authorized domain name is the domain name of the authoritative server corresponding to the domain name to be resolved, for example, when the # com authoritative server receives the query request including "test. The embodiment of the invention provides a specific and feasible implementation mode based on the existing protocol. Optionally, when the recursive server is a non-secure server, the authoritative server randomly generates a second domain name; the authoritative server distributes a second IP address for the second domain name; the authoritative server generates an authorization response according to the second domain name; the authorization reply is used to instruct the recursive server to send a second query request including the second domain name to the authoritative server. In a specific example, the first domain name to be resolved is domain name a, which is obtained by an authoritative server B0An IP address IPA is distributed for the domain name A, and an authoritative server B0Is an authoritative server corresponding to domain name A. Authoritative server B0After receiving the first query request, when the recursive server is a non-secure server, the authoritative server B0A second domain name, domain name C, is randomly generated and assigned a second IP address, IPc. Authoritative server B0And generating an authorization response according to the domain name C and sending the authorization response to the recursive server. After receiving the authorization response, the recursive server considers the authoritative server C corresponding to the domain name C according to the existing processing protocol0By assigning an IP address to domain name A, the recursive server will then forward to authoritative server B0Query authority server C0I.e. the second query request. Wherein, the authoritative server C0May be a virtual authoritative server and does not require the presence of an authoritative server C in the domain name resolution system0。
By adopting the specific implementation mode, the recursive server can send the second query request to the authoritative server according to the authorization response after receiving the authorization response without changing the existing protocol of the recursive server, and the specific implementation mode can be compatible with the existing domain name resolution system and can reduce the cost of system modification and maintenance.
Optionally, in the foregoing specific embodiment, the second IP address is an IP address of an authoritative server; the authoritative server returns a second query response to the recursive server, comprising: the authoritative server analyzes a second domain name in the second query request and determines a second IP address corresponding to the second domain name; the authoritative server returns a second query response to the recursive server; the second query reply includes the second IP address. Continuing with the foregoing specific example, authoritative server B0A second IP address IPc allocated for a second domain name C is an authoritative server B0IP address IPb. Authoritative server B0And after receiving a second query request which is sent by the recursive server and comprises the domain name C, determining that the IP address corresponding to the domain name C is IPb (IPc). Authoritative server B0Returning a second query response to the recursive server; the second query reply includes the second IP address ipb (ipc). After receiving the second query response, the recursive server determines an authoritative server C0Is IPb, thereby sending to an authoritative server C according to IPb0And sending a third query request to acquire the IP address corresponding to the first domain name A to be resolved. Since IPb is actually an authoritative server B0So that the recursive server is actually directed to the authoritative server B0And sending a third query request to acquire the IP address corresponding to the first domain name A to be resolved. And authoritative server B0Is an authoritative server actually corresponding to domain name a, and thus authoritative server B0The IP address IPa corresponding to the domain name a may be determined and fed back to the recursive server via the third query response. Therefore, in the above process, the recursive server may operate according to the existing processing protocol, so that the domain name resolution method provided by the embodiment of the present invention can be implemented.
In order to further illustrate the domain name resolution method provided by the embodiment of the present invention, the following specific examples are provided for illustration. Fig. 3 is a schematic flowchart of a practical domain name resolution method provided by an embodiment of the present invention, which is applied to an authoritative server, and as shown in fig. 3, the method mainly includes the following steps:
s301: a first query request sent by a recursive server is received.
S302: judging whether the recursive server is a safe server or not according to the white list; if yes, go to S310; if not, go to S303.
S303: judging whether the recursive server is a suspicious server or not according to the blacklist; if yes, go to S311; if not, go to step S304.
S304: an authorization reply is sent to the recursive server.
S305: whether a second query request sent by the recursive server according to the authorization request is received within a threshold time; if yes, executing S306; if not, go to S312.
S306: the recursive server is added to the white list.
S307: a second query response is sent to the recursive server.
S308: and receiving a third query request sent by the recursive server according to the second query response.
S309: and sending a third query response to the recursive server.
S310: a first query response is sent to the recursive server.
S311: access restrictions are applied to the recursive server.
S312: the recursive server is added to the blacklist.
The flow chart shown in fig. 3 is explained below by specific examples:
the first query request comprises a first domain name test.wangsu.com to be resolved, and the recursive server with the IP address of 1.1.1.1 sends the first query request to an authoritative server wangsu.com, wherein the IP address of the authoritative server wangsu.com is 2.2.2.2.
Com receives the first query request sent by the recursive server and acquires the IP address 1.1.1.1 of the recursive server in S301.
In S302, the authority server wangsu.com queries whether the white list has the IP address 1.1.1.1, and if the white list has the IP address 1.1.1.1, it indicates that the recursive server is a secure server, so as to execute S310, the authority server wangsu.com determines the IP address 3.3.3.3 corresponding to test.wangsu.com, and sends a first query response including the IP address 3.3.3.3 to the recursive server.
In S303, the authority server wangsu.com continuously queries whether the IP address 1.1.1.1 exists in the blacklist, and if the IP address 1.1.1.1 exists in the blacklist, it indicates that the recursive server is a suspicious server, so as to execute S311, and the authority server wangsu.com performs access restriction on the recursive server with the IP address 1.1.1.1.
In S304, the second domain name ns1. xxxcheckipyy. wangsu. com is randomly generated by the authority server wangsu. com, and the IP address 2.2.2.2 of the authority server wangsu. com is allocated to the second domain name, and at the same time, ns1. xxxcheckipyy. wangsu. com is transmitted to the recursive server by an authorization response. A specific form of the authorization response may be wangsu.com 172800 IN NS ns1.xxxcheckipyyy. wangsu.com. For the recursive server whose IP address is the real IP address, after receiving the authorization response, the recursive server will continue to request the IP address corresponding to the ns1.xxxcheckipyyy. wangsu.com from the authoritative server, that is, send the second query request. And for the recursive server forging the IP address, the recursive server does not process the authorization response returned by the authority server wangsu.com, and does not continuously send the second query request to the authority server wangsu.com.
Com judges whether a second query request for querying a second domain name sent by the recursive server is received within a threshold time in S305, if not, the recursive server is a suspicious server, and then executes S312 to add the recursive server to a blacklist. If the second query request is received, the IP address of the recursive server is the real IP address, and the recursive server is a safe server. Optionally, the second domain name may preset a certain characteristic rule, for example, a special character string must be included, so as to facilitate the authoritative server to quickly identify the second query request.
IN S307, the authoritative server wangsu.com determines that the IP address corresponding to ns1. xxxcheckipyy. wangsu.com is 2.2.2, and sends a second query response to the recursive server, where the second query response may be IN the specific form of ns1. xxxcheckipyy. wangsu.com.600 IN a 2.2.2.2. After the recursive server obtains the IP address 2.2.2.2 of ns1. xxxcheckipyy. wangsu.com, it will continue to send a third query request to the authoritative server with the IP address 2.2.2, i.e. the authoritative server wangsu.com, to request the IP address corresponding to test.
Com receives the third query request sent by the recursive server, determines the recursive server as a secure server through a white list, and responds to the third query request in S308, so that a third query response including the IP address 3.3.3.3 is sent to the recursive server in S309.
Based on the same technical concept, the embodiment of the invention also provides an authoritative server, and the authoritative server can realize the domain name resolution method provided by any one of the embodiments. Fig. 4 is a schematic structural diagram of an authoritative server according to an embodiment of the present invention, and as shown in fig. 4, an authoritative server 400 includes a transceiver unit 401 and a processing unit 402, where:
a transceiving unit 401, configured to receive a first query request sent by a recursive server; the first query request comprises a first domain name to be resolved;
a processing unit 402, configured to return an authorization response to the recursive server when the recursive server is an insecure server; the authorization response is used for instructing the recursive server to return a second query request; when the transceiver unit 401 receives a second query request returned by the recursive server, a second query response is returned to the recursive server through the transceiver unit 401; the second query response is used for instructing the recursive server to send a third query request to the authoritative server; the third query request includes the first domain name; receiving a third query request sent by the recursive server through the transceiver unit 401, and returning a third query response to the recursive server; the third query reply includes the first IP address corresponding to the first domain name.
Optionally, the processing unit 402 is further configured to:
when the recursive server is a secure server, a first query response is returned to the recursive server through the transceiver unit 401; the first query reply includes the first IP address.
Optionally, the processing unit 402 is further configured to:
adding the recursive server into a white list; the white list is used to determine whether the recursive server is a secure server.
Optionally, the processing unit 402 is further configured to:
when the transceiving unit 401 does not receive the second query request sent by the recursive server, it determines that the recursive server is a suspicious server.
Optionally, the processing unit 402 is specifically configured to:
randomly generating a second domain name;
allocating a second IP address for the second domain name;
generating an authorization response according to the second domain name; the authorization reply is used to instruct the recursive server to send a second query request including the second domain name to the authoritative server.
Optionally, the processing unit 402 is specifically configured to:
analyzing a second domain name in the second query request, and determining a second IP address corresponding to the second domain name;
returning a second query response to the recursive server; the second query reply includes the second IP address.
Based on the same technical concept, the embodiment of the present invention further provides a recursive server, which can implement the domain name resolution method provided in any of the above embodiments. Fig. 5 is a schematic structural diagram of a recursive server according to an embodiment of the present invention, and as shown in fig. 5, a recursive server 500 includes a transceiver 501 and a processing unit 502, where:
a transceiving unit 501, configured to send a first query request to an authoritative server; the first query request comprises a first domain name to be resolved;
the processing unit 502 is configured to receive an authorization response returned by the authoritative server through the transceiver unit 501, and send a second query request to the authoritative server through the transceiver unit 501 according to the authorization response; the authorization response is returned to the recursive server by the authoritative server when the recursive server is a non-secure server; receiving a second query response returned by the authoritative server through the transceiver unit 501, and sending a third query request to the authoritative server through the transceiver unit 501 according to the second query response; the third query request includes the first domain name; receiving a third query response returned by the authoritative server through the transceiving unit 501; the third query reply includes the first IP address corresponding to the first domain name.
Optionally, the processing unit 502 is further configured to:
receiving a first query response returned by the authoritative server through the transceiving unit 501; the first query response is returned to the recursive server by the authoritative server when the recursive server is a safe server; the first query reply includes the first IP address.
Based on the same technical concept, an embodiment of the present invention further provides a domain name resolution system, where the domain name resolution system includes the authority server provided in any one of the embodiments and the recursive server provided in any one of the embodiments, and the domain name resolution system can implement the domain name resolution method provided in any one of the embodiments.
Based on the same technical concept, an embodiment of the present invention provides a computing device, where the computing device is an authoritative server, and fig. 6 is a schematic structural diagram of the authoritative server provided in the embodiment of the present invention. The terminal in fig. 6 includes a processor 600 for reading the program in the memory 620 to execute the domain name resolution method provided in any of the above embodiments.
In FIG. 6, the bus interface may include any number of interconnected buses and bridges, with various circuits being linked together, particularly one or more processors represented by processor 600 and memory represented by memory 620. The bus interface may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 610 may be a number of elements including a transmitter and a receiver that provide a means for communicating with various other apparatus over a transmission medium.
The processor 600 is responsible for managing bus interfaces and general processing, and the memory 620 may store data used by the processor 600 in performing operations.
Alternatively, the processor 600 may be a CPU (central processing unit), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array), or a CPLD (Complex Programmable Logic Device).
Based on the same technical concept, an embodiment of the present invention provides a computing device, where the computing device is a recursive server, and fig. 7 is a schematic structural diagram of the recursive server provided in the embodiment of the present invention. As shown in fig. 7, the recursive server comprises a processor 700 for reading the program in the memory 720, and executing the domain name resolution method provided in any of the above embodiments through the transceiver 710.
Based on the same technical concept, an embodiment of the present invention further provides a non-volatile computer-readable storage medium, where computer-executable instructions are stored, and the computer-executable instructions are configured to enable a computing device to execute the domain name resolution method in any of the above embodiments.
The non-volatile computer-readable storage medium can be any available media or data storage device that can be accessed by a computer, including, but not limited to, magnetic memory (e.g., floppy disks, hard disks, magnetic tape, magneto-optical disks (MOs), etc.), optical memory (e.g., CDs, DVDs, BDs, HVDs, etc.), and semiconductor memory (e.g., ROMs, EPROMs, EEPROMs, non-volatile memory (NAND FLASH), Solid State Disks (SSDs)), etc.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (15)
1. A domain name resolution method is characterized by comprising the following steps:
the method comprises the steps that an authoritative server receives a first query request sent by a recursive server; the first query request comprises a first domain name to be resolved;
the authority server acquires the IP address of the recursive server, if the IP address of the recursive server exists in a white list, the recursive server is determined to be a safe server, and a first query response is returned to the recursive server; the first query response comprises a first IP address corresponding to the first domain name; the IP address of the security server is a real IP address;
if the IP address of the recursive server exists in a blacklist, determining the recursive server as a suspicious server, and performing access limitation on the recursive server;
if the IP address of the recursive server does not exist in the white list and does not exist in the black list, determining that the recursive server is a non-secure server, and returning an authorization response to the recursive server; the authorization response is used for indicating the recursive server to return a second query request according to the authorization response; returning an authorization reply to the recursive server, comprising:
the authoritative server randomly generating a second domain name;
the authoritative server allocates a second IP address for the second domain name;
the authority server generates an authorization response according to the second domain name; the authorization reply is used for instructing the recursive server to send a second query request comprising the second domain name to the authoritative server;
when the authority server receives the second query request returned by the recursion server, adding the recursion server into a white list, and returning a second query response to the recursion server; the second query response is used for instructing the recursive server to send a third query request to the authoritative server; the third query request includes the first domain name;
the authoritative server receives a third query request sent by the recursive server and returns a third query response to the recursive server; the third query reply includes a first internet protocol, IP, address corresponding to the first domain name.
2. The method of claim 1, wherein the authoritative server, upon receiving the second query request returned by the recursive server, further comprises:
adding the recursive server to a white list; the whitelist is used to determine whether the recursive server is a secure server.
3. The method of claim 1, wherein after the authoritative server returns an authorization reply to the recursive server, further comprising:
and when the authoritative server does not receive the second query request sent by the recursive server, determining that the recursive server is a suspicious server.
4. The method of claim 1, wherein the authoritative server returning a second query response to the recursive server comprises:
the authoritative server resolves a second domain name in the second query request, and determines a second IP address corresponding to the second domain name;
the authoritative server returns a second query response to the recursive server; the second query reply includes the second IP address.
5. A domain name resolution method is characterized by comprising the following steps:
the recursion server sends a first query request to the authority server; the first query request comprises a first domain name to be resolved;
the recursive server receives an authorization response returned by the authoritative server and sends a second query request to the authoritative server according to the authorization response; the authorization response is returned to the recursive server by the authoritative server when the recursive server is a non-secure server; the second query request is used for determining the recursive server as a secure server; the authorization response is generated by the authority server randomly generating a second domain name, distributing a second IP address for the second domain name and generating according to the second domain name; the authorization reply is used for instructing the recursive server to send a second query request comprising the second domain name to the authoritative server; the recursive server is a non-secure server determined when the IP address of the recursive server is not present in a white list and is not present in a black list;
the recursive server receives a second query response returned by the authoritative server and sends a third query request to the authoritative server according to the second query response; the third query request includes the first domain name;
the recursive server receives a third query response returned by the authoritative server; the third query reply includes the first IP address corresponding to the first domain name.
6. The method of claim 5, wherein after the recursive server sends the first query request to the authoritative server, further comprising:
the recursive server receives a first query response returned by the authoritative server; the first query response is returned to the recursive server by the authoritative server when the recursive server is a secure server; the first query reply includes the first IP address.
7. An authoritative server, comprising:
the receiving and sending unit is used for receiving a first query request sent by the recursive server; the first query request comprises a first domain name to be resolved;
the processing unit is used for determining the recursive server as a safe server if the IP address of the recursive server exists in a white list, and returning a first query response to the recursive server; the first query response comprises a first IP address corresponding to the first domain name; the IP address of the security server is a real IP address;
if the IP address of the recursive server exists in a blacklist, determining the recursive server as a suspicious server, and performing access limitation on the recursive server;
if the IP address of the recursive server does not exist in the white list and does not exist in the black list, determining that the recursive server is a non-secure server, and returning an authorization response to the recursive server; the authorization response is used for instructing the recursive server to return a second query request;
the processing unit is specifically configured to:
randomly generating a second domain name;
allocating a second IP address for the second domain name;
generating an authorization response according to the second domain name; the authorization response is used for instructing the recursive server to send a second query request comprising the second domain name to an authoritative server;
when the transceiver unit receives the second query request returned by the recursive server, adding the recursive server into a white list, and returning a second query response to the recursive server through the transceiver unit; the second query response is used for instructing the recursive server to send a third query request to the authoritative server; the third query request includes the first domain name; receiving a third query request sent by the recursive server through the transceiving unit, and returning a third query response to the recursive server; the third query reply includes the first IP address corresponding to the first domain name.
8. The authoritative server of claim 7, wherein the processing unit is further configured to:
adding the recursive server to a white list; the whitelist is used to determine whether the recursive server is a secure server.
9. The authoritative server of claim 7, wherein the processing unit is further configured to:
and when the transceiver unit does not receive the second query request sent by the recursive server, determining that the recursive server is a suspicious server.
10. The authoritative server of claim 7, wherein said processing unit is specifically configured to:
analyzing a second domain name in the second query request, and determining a second IP address corresponding to the second domain name;
returning a second query response to the recursive server; the second query reply includes the second IP address.
11. A recursive server, comprising:
the receiving and sending unit is used for sending a first query request to the authoritative server; the first query request comprises a first domain name to be resolved;
the processing unit is used for receiving the authorization response returned by the authoritative server through the transceiver unit and sending a second query request to the authoritative server through the transceiver unit according to the authorization response; the authorization response is returned to the recursive server by the authoritative server when the recursive server is a non-secure server; the second query request is used for determining the recursive server as a secure server; the authorization response is generated by the authority server randomly generating a second domain name, distributing a second IP address for the second domain name and generating according to the second domain name; the authorization reply is used for instructing the recursive server to send a second query request comprising the second domain name to the authoritative server; the recursive server is a non-secure server determined when the IP address of the recursive server is not present in a white list and is not present in a black list;
receiving a second query response returned by the authoritative server through the transceiver unit, and sending a third query request to the authoritative server through the transceiver unit according to the second query response; the third query request includes the first domain name; receiving a third query response returned by the authoritative server through the transceiving unit; the third query reply includes the first IP address corresponding to the first domain name.
12. The recursive server of claim 11, wherein the processing unit is further to:
receiving the first query response returned by the authoritative server through the transceiver unit; the first query response is returned to the recursive server by the authoritative server when the recursive server is a secure server; the first query reply includes the first IP address.
13. A domain name resolution system comprising an authoritative server according to any one of claims 7 to 10, and a recursive server according to claim 11 or claim 12.
14. A computer-readable storage medium storing computer-executable instructions for causing a computer to perform the method of any one of claims 1 to 4, or the method of claim 5 or claim 6.
15. A computing device, comprising:
a memory for storing program instructions;
a processor for calling program instructions stored in said memory to perform a method according to any one of claims 1 to 4, or a method according to claim 5 or claim 6, in accordance with the obtained program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810421857.9A CN108769284B (en) | 2018-05-04 | 2018-05-04 | Domain name resolution method, server and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810421857.9A CN108769284B (en) | 2018-05-04 | 2018-05-04 | Domain name resolution method, server and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108769284A CN108769284A (en) | 2018-11-06 |
| CN108769284B true CN108769284B (en) | 2022-02-18 |
Family
ID=64009314
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810421857.9A Expired - Fee Related CN108769284B (en) | 2018-05-04 | 2018-05-04 | Domain name resolution method, server and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108769284B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112929463A (en) * | 2021-01-26 | 2021-06-08 | 网宿科技股份有限公司 | Traffic proxy method, server and system based on DNS (Domain name System) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103957289A (en) * | 2014-05-12 | 2014-07-30 | 中国科学院计算机网络信息中心 | DNSSEC analytic method based on complex network |
| CN104125238A (en) * | 2014-08-14 | 2014-10-29 | 互联网域名系统北京市工程研究中心有限公司 | DoS (Denial of Service) and DDoS (Distributed Denial of service) attack resisting method of DNS recursive server |
| CN105472057A (en) * | 2015-11-23 | 2016-04-06 | 中国石油天然气股份有限公司华北油田分公司 | Processing method of inexistence domain name query in DNS |
| CN105939347A (en) * | 2016-05-05 | 2016-09-14 | 杭州迪普科技有限公司 | Method and device for defending domain name attack |
| CN107222588A (en) * | 2017-07-14 | 2017-09-29 | 中国互联网络信息中心 | A kind of method and system of raising DNS availabilities |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8631489B2 (en) * | 2011-02-01 | 2014-01-14 | Damballa, Inc. | Method and system for detecting malicious domain names at an upper DNS hierarchy |
| CN102404334A (en) * | 2011-12-07 | 2012-04-04 | 山石网科通信技术(北京)有限公司 | Method and device for preventing denial of service attacks |
| CN104052829A (en) * | 2013-03-14 | 2014-09-17 | 弗里塞恩公司 | Adaptive name resolution |
| CN105827646B (en) * | 2016-05-17 | 2019-06-11 | 浙江宇视科技有限公司 | The method and device of ssyn attack protection |
| CN107454065B (en) * | 2017-07-12 | 2020-07-10 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for protecting UDP Flood attack |
-
2018
- 2018-05-04 CN CN201810421857.9A patent/CN108769284B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103957289A (en) * | 2014-05-12 | 2014-07-30 | 中国科学院计算机网络信息中心 | DNSSEC analytic method based on complex network |
| CN104125238A (en) * | 2014-08-14 | 2014-10-29 | 互联网域名系统北京市工程研究中心有限公司 | DoS (Denial of Service) and DDoS (Distributed Denial of service) attack resisting method of DNS recursive server |
| CN105472057A (en) * | 2015-11-23 | 2016-04-06 | 中国石油天然气股份有限公司华北油田分公司 | Processing method of inexistence domain name query in DNS |
| CN105939347A (en) * | 2016-05-05 | 2016-09-14 | 杭州迪普科技有限公司 | Method and device for defending domain name attack |
| CN107222588A (en) * | 2017-07-14 | 2017-09-29 | 中国互联网络信息中心 | A kind of method and system of raising DNS availabilities |
Non-Patent Citations (1)
| Title |
|---|
| 一种快速评估DDoS 攻击对DNS权威服务影响的方法;潘蓝兰,尉迟学彪,胡安磊;《计算机应用研究》;20151231;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108769284A (en) | 2018-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3481029B1 (en) | Internet defense method and authentication server | |
| US10097568B2 (en) | DNS tunneling prevention | |
| US8447856B2 (en) | Policy-managed DNS server for to control network traffic | |
| CN105430011B (en) | A kind of method and apparatus detecting distributed denial of service attack | |
| US9065826B2 (en) | Identifying application reputation based on resource accesses | |
| EP3200434A2 (en) | Domain name resolution | |
| WO2019237813A1 (en) | Method and device for scheduling service resource | |
| US20130276120A1 (en) | System, method, and computer program product for determining whether a security status of data is known at a server | |
| CN110545541A (en) | Method, device, equipment, terminal and medium for defending attack behavior | |
| CN113950813A (en) | System and method for anonymous e-mail relay | |
| CN110704820A (en) | Login processing method and device, electronic equipment and computer readable storage medium | |
| CN113259479A (en) | Data processing method and equipment | |
| CN112738100A (en) | Authentication method, device, authentication equipment and authentication system for data access | |
| CN108156270A (en) | Domain name request treating method and apparatus | |
| CN112272164A (en) | Message processing method and device | |
| CN113271289A (en) | Method, system and computer storage medium for resource authorization and access | |
| CN110489957B (en) | Management method of access request and computer storage medium | |
| CN112311769A (en) | Method, system, electronic device and medium for security authentication | |
| CN108769284B (en) | Domain name resolution method, server and system | |
| CN112291204B (en) | Access request processing method and device and readable storage medium | |
| CN112311722A (en) | Access control method, device, equipment and computer readable storage medium | |
| CN117251837A (en) | System access method and device, electronic equipment and storage medium | |
| CN114500368B (en) | Data transmission method and device and router adopting device | |
| CN113365272B (en) | Method and system for preventing network from being rubbed | |
| CN112738215A (en) | Block chain node authorization method, block chain node authorization device, terminal equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20220218 |