CN111107170A - DNS system and management method thereof - Google Patents
DNS system and management method thereof Download PDFInfo
- Publication number
- CN111107170A CN111107170A CN201811248543.XA CN201811248543A CN111107170A CN 111107170 A CN111107170 A CN 111107170A CN 201811248543 A CN201811248543 A CN 201811248543A CN 111107170 A CN111107170 A CN 111107170A
- Authority
- CN
- China
- Prior art keywords
- client
- dns
- client application
- application program
- domain name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/55—Push-based network services
Abstract
The invention discloses a DNS system and a management method thereof. The disclosed DNS system includes: a plurality of authoritative DNS servers for providing a plurality of authoritative DNS services for client applications that access based on client domain names; management means for managing a plurality of authoritative DNS servers to specify, for a given client application, DNS services provided by a given set of DNS servers, wherein the set of DNS servers comprises one or more DNS servers adapted to provide DNS services for the given client application. The technical scheme disclosed can maximize the advantage of utilizing the functions of different DNS servers according to different customer requirements.
Description
Technical Field
The invention relates to the field of internet, in particular to a DNS system and a management method thereof.
Background
In recent years, with the increase of the demand of enterprises for DNS application, especially on an intelligent dispatching system, a great deal of diversified demands are put on the DNS system, and most of the enterprises are currently using standard BIND software to realize the most basic demand, and only a few enterprises realize specific demands in a self-research manner.
For example, most companies that provide network services currently have only their own set of authoritative DNS systems for providing DNS services to client applications (e.g., web browsing, streaming media, etc.), which are built and self-developed using standard BIND software, each of which has its own features, is robust, and is compact and flexible.
However, these DNS systems in the prior art are limited to a single authorized DNS software, and in order to meet the diversified needs of customers (enterprises), the single authorized DNS software is continuously made large, and an efficient and reasonable platform management scheme is lacking, which is easy to cause a single point of failure. In addition, in DNS software management and configuration update, the adopted method is also relatively single, and is not flexible enough, and it is difficult to meet the diversified demands of the enterprise.
In order to solve the above technical problems, a new technical solution needs to be proposed.
Disclosure of Invention
The DNS system according to the present invention comprises:
a plurality of authoritative DNS servers for providing a plurality of authoritative DNS services for client applications that access based on client domain names;
management means for managing a plurality of authoritative DNS servers to specify, for a given client application, DNS services provided by a given set of DNS servers,
wherein the set of DNS servers includes one or more DNS servers adapted to provide DNS services for specified client applications.
According to the DNS system of the present invention, the management apparatus includes:
the GUI interface providing module is used for providing a GUI interface which interacts with an administrator and is used for displaying monitoring and statistical information;
the equipment management module is used for managing a plurality of authorized DNS servers;
the client and client application program management module is used for managing the client and the client application program;
the DNS server management module is used for binding a client domain name corresponding to the specified client application program with a single DNS server and managing the running state of the single DNS server;
a DNS server group management module for grouping DNS servers and assigning a DNS server group for a client domain name corresponding to an assigned client application,
the client management method comprises the steps of creating and deleting a client login account, setting the authority of the client to access a GUI (graphical user interface), and setting the authority of a DNS (domain name server) group which can be used by a client application program, and the client application program management comprises the steps of adding and deleting a client domain name corresponding to the client application program.
According to the DNS system of the present invention, the DNS server group management module specifies a DNS server group for a client domain name corresponding to a specified client application based on at least one of the following criteria:
selecting one or more DNS servers from a plurality of authoritative DNS servers;
configuring an initial DNS server group for a specified client application;
configuring different DNS server groups for the appointed client application program according to the client grade;
configuring a private DNS server group for a specified client application program according to the client requirement;
manually switching a designated DNS server group of a client domain name corresponding to a designated client application program in time according to the client requirement;
automatically switching a designated DNS server group of a client domain name corresponding to a designated client application program when the client level is increased/decreased;
intelligently switching a designated DNS server group of a client domain name corresponding to a designated client application program under a specific scene;
the intelligent recommendation specifies a specified set of DNS servers for the client domain name to which the client application corresponds.
According to the DNS system, the DNS server group management module intelligently switches the designated DNS server group of the client domain name corresponding to the designated client application program under a specific scene based on at least one of the following criteria:
when the system time meets the requirement of the specified time, intelligent switching is carried out so as to guarantee important activities;
when the request flow of the client domain name corresponding to the specified client application program reaches a specified flow threshold value, intelligent switching is carried out;
intelligent switching when triggering a specified safety alarm condition, and/or
The DNS server group management module intelligently recommends a designated DNS server group for a client domain name corresponding to a designated client application program based on at least one of the following criteria:
carrying out intelligent recommendation according to the user access flow aiming at the client domain name corresponding to the specified client application program;
and intelligently recommending according to whether the client domain name corresponding to the specified client application program is attacked or not.
According to the DNS system, the DNS servers with multiple authorizations comprise a DNS server supporting a BIND stable version, a DNS server supporting an NSD enhanced version, a DNS server supporting a DPDK high-protection version and a DNS server supporting a client customized version.
The management method of the DNS system comprises the following steps:
providing a plurality of authoritative DNS services for client applications that access based on client domain names using a plurality of authoritative DNS servers;
managing a plurality of authoritative DNS servers, thereby specifying for a given client application the DNS services provided by a given set of DNS servers,
wherein the set of DNS servers includes one or more DNS servers adapted to provide DNS services for specified client applications.
According to the management method of the DNS system, the step of managing the DNS servers with various authorizations comprises the following steps:
providing a GUI interface for interaction with an administrator and for displaying monitoring and statistical information;
managing a plurality of authorized DNS servers;
managing clients and client applications;
a set of DNS servers is specified for the client domain name to which the specified client application corresponds,
the client management method comprises the steps of creating and deleting a client login account, setting the authority of the client to access a GUI (graphical user interface), and setting the authority of a DNS (domain name server) group which can be used by a client application program, and the client application program management comprises the steps of adding and deleting a client domain name corresponding to the client application program.
According to the management method of the DNS system of the present invention, a DNS server group is specified for a client domain name corresponding to a specified client application based on at least one of the following criteria:
selecting one or more DNS servers from a plurality of authoritative DNS servers;
configuring an initial DNS server group for a client domain name corresponding to a specified client application program;
configuring different DNS server groups for the client domain name corresponding to the appointed client application program according to the client grade;
configuring a private DNS server group for a client domain name corresponding to a specified client application program according to the client requirement;
manually switching a designated DNS server group of a client domain name corresponding to a designated client application program in time according to the client requirement;
automatically switching a designated DNS server group of a client domain name corresponding to a designated client application program when the client level is increased/decreased;
intelligently switching a designated DNS server group of a client domain name corresponding to a designated client application program under a specific scene;
the intelligent recommendation specifies a specified set of DNS servers for the client domain name to which the client application corresponds.
According to the management method of the DNS system, a designated DNS server group of a client domain name corresponding to a designated client application program is intelligently switched under a specific scene based on at least one of the following criteria:
when the system time meets the requirement of the specified time, intelligent switching is carried out so as to guarantee important activities;
when the request flow of the client domain name corresponding to the specified client application program reaches a specified flow threshold value, intelligent switching is carried out;
intelligent switching when triggering a specified safety alarm condition, and/or
Intelligently recommending a designated DNS server group for a client domain name corresponding to a designated client application based on at least one of the following criteria:
carrying out intelligent recommendation according to the user access flow aiming at the client domain name corresponding to the specified client application program;
and intelligently recommending according to whether the client domain name corresponding to the specified client application program is attacked or not.
According to the management method of the DNS system, the multiple authorized DNS servers comprise a DNS server supporting a BIND stable version, a DNS server supporting an NSD enhanced version, a DNS server supporting a DPDK high-protection version and a DNS server supporting a client customized version.
According to the technical scheme of the invention, the advantages of the functions of different DNS servers can be utilized to the maximum extent according to different customer requirements.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate embodiments of the invention and together with the description, serve to explain the principles of the invention. In the drawings, like reference numerals are used to indicate like elements. The drawings in the following description are directed to some, but not all embodiments of the invention. For a person skilled in the art, other figures can be derived from these figures without inventive effort.
Fig. 1 shows a schematic diagram of a DNS system according to the present invention.
Fig. 2 shows a schematic flow diagram of a method for managing a DNS system according to the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
Fig. 1 schematically shows a schematic view of a DNS system 100 according to the present invention.
As shown in fig. 1, a DNS system 100 according to the present invention includes:
a plurality of authoritative DNS servers 101 for providing a plurality of authoritative DNS services for client applications accessing based on client domain names;
management means 102 for managing the various authoritative DNS servers 101, so as to specify for a given client application the DNS services provided by a given set of DNS servers,
wherein the set of DNS servers includes one or more DNS servers 101 adapted to provide DNS services for specified client applications.
For example, the client application may be a web application provided by various client application servers 103 shown in FIG. 1, such as a web browsing server, a streaming media server, a database server, and so forth. These servers have their own domain names and belong to different clients.
Optionally, the management apparatus 102 includes:
a GUI interface providing module for providing a GUI interface for interaction with the administrator 104 and for displaying monitoring and statistical information;
the device management module is used for managing the DNS server 101 with various authorizations;
the client and client application program management module is used for managing the client and the client application program;
the DNS server management module is used for binding a client domain name corresponding to the specified client application program with a single DNS server and managing the running state of the single DNS server;
a DNS server group management module for grouping DNS servers and assigning a DNS server group for a client domain name corresponding to an assigned client application,
the client management method comprises the steps of creating and deleting a client login account, setting the authority of the client to access a GUI (graphical user interface), and setting the authority of a DNS (domain name server) group which can be used by a client application program, and the client application program management comprises the steps of adding and deleting a client domain name corresponding to the client application program.
For example, the device management module may be configured to perform the following operations according to the instructions of the administrator 104:
information of a device used to provide the DNS service (i.e., the above-described DNS server) is added. The device information may include attributes such as device name, device IP, hardware configuration, device status, etc. The device information may be entered manually by the administrator 104 or may be selected directly by the administrator 104 from a list of existing devices. Alternatively, operations such as suspension may be performed on devices that do not want to provide services any more at any time.
Selecting a certain device corresponding to a certain specified client application, binding a DNS domain name for the certain device, and adding a piece of DNS server information. This operation may be repeated to create DNS servers of various different functions (i.e., supporting different protocols or different protocol versions as described below) to facilitate subsequent planning of a resolution set (i.e., the set of DNS servers described above).
For example, the client and client application management module may be configured to perform the following operations according to the instructions of administrator 104:
add supported clients, client domain names, and client applications (i.e., client applications), and make some customized configurations for the applications, such as: configuring pulling, operation and maintenance management, monitoring alarm, statistical analysis and the like, classifying the equipment, and binding the equipment with the added application types. The classification operation of the equipment is convenient for subsequent selection and reference, and the equipment does not need to be indexed simply according to the IP.
For example, the DNS server group management module may be configured to perform the following operations according to the instructions of the administrator 104:
and adding a resolution group, and binding the created DNS server or servers with the resolution group. So that different DNS servers can be freely and flexibly bound or unbound for each resolution group. Various analysis groups with high performance or high safety degree can be assembled at any time, so that the customers with different requirements can be served. Optionally, different versions of DNS software on one or more DNS servers are managed.
It should be understood that a resolution group herein refers to a group of DNS servers that provide DNS resolution services for a client domain name. For example, the parser set configuration may be considered in multiple dimensions, such as function extension, stability, concurrent processing capability, and device reuse, to meet the diverse needs of the customers.
The client is assigned a set of DNS resolutions that it can use, and multiple resolution sets can be assigned as needed. Optionally, a general parsing group may be assigned to the client by default, or a customized parsing group may be collocated with the client according to the further requirements of the client.
A resolution group is specified for a client's domain name to provide resolution services for its domain name. Optionally, when selecting the resolution group, only various conventional parameters of the domain name, such as PV, UV, IP, etc., need to be filled in, the system intelligently provides the customer binding for the resolution group recommended by the system to meet the needs of the system, and the customer can switch to the resolution group with other functions at any time as required. And the client can set an intelligent switching rule, and the switching task is handed to the platform, and the platform intelligently switches the domain name to the high-defense resolution group according to the condition of the domain name access amount.
Optionally, the DNS server group management module specifies a DNS server group for the client domain name corresponding to the specified client application based on at least one of the following criteria:
selecting one or more DNS servers 101 from a plurality of authoritative DNS servers 101;
configuring an initial DNS server group for a specified client application;
configuring different DNS server groups for the appointed client application program according to the client grade;
configuring a private DNS server group for a specified client application program according to the client requirement;
manually switching a designated DNS server group of a client domain name corresponding to a designated client application program in time according to the client requirement;
automatically switching a designated DNS server group of a client domain name corresponding to a designated client application program when the client level is increased/decreased;
intelligently switching a designated DNS server group of a client domain name corresponding to a designated client application program under a specific scene;
the intelligent recommendation specifies a specified set of DNS servers for the client domain name to which the client application corresponds.
Optionally, the DNS server group management module intelligently switches the designated DNS server group of the client domain name corresponding to the designated client application in a specific scenario based on at least one of the following criteria:
when the system time meets the requirement of the specified time, intelligent switching is carried out so as to guarantee important activities;
when the request flow of the client domain name corresponding to the specified client application program reaches a specified flow threshold value, intelligent switching is carried out;
intelligent switching when triggering a specified safety alarm condition, and/or
The DNS server group management module intelligently recommends a designated DNS server group for a client domain name corresponding to a designated client application program based on at least one of the following criteria:
carrying out intelligent recommendation according to the user access flow aiming at the client domain name corresponding to the specified client application program;
and intelligently recommending according to whether the client domain name corresponding to the specified client application program is attacked or not.
For example, the following method can be adopted to intelligently switch a specified DNS server group specifying a client domain name corresponding to a client application in a specific scenario.
The domain name (. abc. com) resolution amount of a certain e-commerce platform (abc) at ordinary times is small, and the security risk is low, so that the domain name resolution service of a basic version can be provided for the client by adopting the first class DNS server group at ordinary times. However, in a heavy festival or promotion day (such as the double 11 period) when the access volume suddenly increases (and at the same time, the malicious attack behavior of a potential competitor can be suffered), the second-class DNS server group can be automatically assigned (switched to) to provide better (more advanced) domain name resolution service for the customer, so as to ensure that the e-commerce platform can normally operate during the activity.
Corresponding to the above intelligent switching when the system time meets the specified time requirement so as to perform important activity guarantee, the following rules can be added:
specifying a specific switching time, a plurality of pieces may be set, such as: bis 11(11.1 to 11.15), bis 12(12.1 to 12.15), and the like.
The intelligent switching corresponding to the above-mentioned request flow rate for the client domain name corresponding to the specified client application program reaches the specified flow rate threshold value can be realized by adding the following rules;
com when the total request for the domain name (, abc.com) reaches a certain amount, the switch is made, such as: 10 million requests per second.
Corresponding to the intelligent switching when the specified safety alarm condition is triggered, the intelligent switching can be realized by adding the following rules;
when the system detects an attack, automatic switching is performed, such as: when the request amount of the DNS server group currently used by the client reaches the limit value of 100 ten thousand requests per second (i.e., exceeds the service processing capacity, triggers a security alarm condition).
For example, key information may be extracted based on the access amount of the client domain name and statistical data of the attack behavior performed on the client domain name, and a specified DNS server group that specifies the client domain name corresponding to the client application may be intelligently recommended by the following method.
Corresponding to the above-mentioned intelligent recommendation according to the user access flow for the client domain name corresponding to the specified client application program, the following method can be adopted:
1. analyzing the domain name access amount of the client in a time dimension, finding out a time range (such as the bottom of each month) with larger domain name access amount of the client, and automatically recommending that the client switches to a DNS server group capable of providing proper access amount in the time range.
2. Whether the current visit volume of the client website is consistent with the visit volume which can be supported by the currently used DNS server group is analyzed, and if the current visit volume of the client website is far larger than the visit volume which can be provided by the currently specified DNS server group (which may affect the service quality), the client is automatically recommended to be switched to the DNS server group which can provide the proper visit volume.
Corresponding to the above-mentioned intelligent recommendation according to whether the client domain name corresponding to the specified client application program is attacked or not, the following method may be adopted:
analyzing the frequency and the flow of the attack on the client website, and recommending an appropriate DNS server group (for example, a DNS server group supporting DPDK high-protection) for the client.
Optionally, the plurality of authorized DNS servers include a DNS server supporting a BIND stable version, a DNS server supporting an NSD enhanced version, a DNS server supporting a DPDK highly protected version, and a DNS server supporting a custom-made version.
For example, a DNS server supporting the BIND stable version, a DNS server supporting the NSD enhanced version, and a DNS server supporting the DPDK highly protected version may be combined into a DNS server group as needed to provide DNS resolution service for a web browsing application of a client a providing web browsing service.
The characteristics of the different DNS protocols or different DNS protocol versions (i.e., versions of different DNS characteristics) described above are shown in table 1.
TABLE 1 characteristics of different DNS protocols or different versions of DNS protocols
That is, according to the above-described technical solution of the present invention, in order to meet diversified needs, a plurality of versions of DNS software are supported. As shown in table 1, these software have their own features and are applied in different scenarios. The characteristics are mainly reflected in the following aspects:
1. the functional stability and the software realization function stability are different.
2. And function expansibility, whether software is easy to expand or not, such as functions of supporting safety protection, branch line analysis, proportional scheduling and the like.
3. Customizing functions, and determining whether software is customizable, such as supporting response packet rewriting, private record types, minimizing function sets and the like.
4. Concurrent processing power, the processing power provided by software varies.
5. And in the aspect of equipment reuse, whether the software can be reused with other business machines.
For the DNS software with different versions and different features, a management system (e.g., the DNS server group management module) is required to provide a reasonable and efficient way to perform differentiated management on the software. The method mainly comprises the following steps:
1. configuration, drawing and customizing: the platform provides complete configuration data, and different versions of software are independently configured according to the implementation conditions of the software, so that the relevant configuration is only pulled.
2. Customizing operation and maintenance management: the operation and maintenance management modes of different versions of DNS software are different, so that differential configuration management is required.
3. Customizing a monitoring alarm: the management system sets different alarm thresholds, alarm rules, specific counter measures and the like according to the processing capacity of DNS software with different versions.
4. Statistical analysis customization: the management system can define the data information formats reported by different versions of DNS software and can effectively extract the data information formats.
Fig. 2 shows a schematic flow diagram of a method for managing a DNS system according to the invention.
As shown in fig. 2, the management method of the DNS system according to the present invention includes:
step S202: providing a plurality of authoritative DNS services for client applications that access based on client domain names using a plurality of authoritative DNS servers;
step S204: managing a plurality of authoritative DNS servers, thereby specifying for a given client application the DNS services provided by a given set of DNS servers,
wherein the set of DNS servers includes one or more DNS servers adapted to provide DNS services for specified client applications.
Optionally, step S204 includes:
providing a GUI interface for interaction with an administrator and for displaying monitoring and statistical information;
managing a plurality of authorized DNS servers;
managing clients and client applications;
a set of DNS servers is specified for the client domain name to which the specified client application corresponds,
the client management method comprises the steps of creating and deleting a client login account, setting the authority of the client to access a GUI (graphical user interface), and setting the authority of a DNS (domain name server) group which can be used by a client application program, and the client application program management comprises the steps of adding and deleting a client domain name corresponding to the client application program.
Optionally, a set of DNS servers may be specified for the client domain name to which the specified client application corresponds based on at least one of the following criteria:
selecting one or more DNS servers from a plurality of authoritative DNS servers;
configuring an initial DNS server group for a client domain name corresponding to a specified client application program;
configuring different DNS server groups for the client domain name corresponding to the appointed client application program according to the client grade;
configuring a private DNS server group for a client domain name corresponding to a specified client application program according to the client requirement;
manually switching a designated DNS server group of a client domain name corresponding to a designated client application program in time according to the client requirement;
automatically switching a designated DNS server group of a client domain name corresponding to a designated client application program when the client level is increased/decreased;
intelligently switching a designated DNS server group of a client domain name corresponding to a designated client application program under a specific scene;
the intelligent recommendation specifies a specified set of DNS servers for the client domain name to which the client application corresponds.
Optionally, the designated DNS server group for the client domain name corresponding to the designated client application may be intelligently switched in certain scenarios based on at least one of the following criteria:
when the system time meets the requirement of the specified time, intelligent switching is carried out so as to guarantee important activities;
when the request flow of the client domain name corresponding to the specified client application program reaches a specified flow threshold value, intelligent switching is carried out;
intelligent switching when triggering a specified safety alarm condition, and/or
The set of designated DNS servers that specify the client domain name to which the client application corresponds can be intelligently recommended based on at least one of the following criteria:
carrying out intelligent recommendation according to the user access flow aiming at the client domain name corresponding to the specified client application program;
and intelligently recommending according to whether the client domain name corresponding to the specified client application program is attacked or not.
Optionally, the plurality of authorized DNS servers include a DNS server supporting a BIND stable version, a DNS server supporting an NSD enhanced version, a DNS server supporting a DPDK highly protected version, and a DNS server supporting a custom-made version.
According to the technical scheme of the invention, the method has the following characteristics:
1. a plurality of sets of DNS software are differentiated to apply the management method.
2. The heterogeneous realization system of multiple sets of DNS software is high in reliability.
3. Multiple sets of DNS software are shared to meet the diversified demands of customers.
4. The parsing group can switch intelligently under certain specific scenarios.
5. The intelligent recommendation of the analysis group can be performed for the client.
According to the technical scheme of the invention, the method has the following advantages:
1. the functional advantages of different DNS software can be utilized to the maximum extent according to different customer requirements so as to meet the customer requirements, the different software can play a role in assisting and running more and more, and the customer requirements are distributed to the DNS servers meeting the requirements.
2. Visual management and monitoring may be provided.
3. The method supports access to various authorized DNS software, and the DNS software has different characteristics and functions according to different actual requirements.
4. Various DNS software can be customized and grouped according to the requirements of customers, and different services can be provided for different customers.
5. The function of switching DNS software groups (namely, the DNS server group) at any time can be provided, and the requirement can be adjusted quickly by a client conveniently.
6. So that configuration centers, data centers, and the like can expand and join the DNS software in the industry indefinitely.
7. The underlying DNS software manages the overall platformization, including monitoring and configuration.
8. The system can flexibly meet various requirements of customers and provide functions with different dimensions as required.
9. Rapid commercial applications can be supported.
The above-described aspects may be implemented individually or in various combinations, and such variations are within the scope of the present invention.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
Finally, it should be noted that: the above examples are only for illustrating the technical solutions of the present invention, and are not limited thereto. Although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A DNS system, comprising:
a plurality of authoritative DNS servers for providing a plurality of authoritative DNS services for client applications that access based on client domain names;
management means for managing the plurality of authoritative DNS servers to specify, for a given client application, the DNS services provided by a given set of DNS servers,
wherein the set of DNS servers comprises one or more DNS servers adapted to provide DNS services for the specified client application.
2. The DNS system according to claim 1, wherein the management means includes:
the GUI interface providing module is used for providing a GUI interface which interacts with an administrator and is used for displaying monitoring and statistical information;
the equipment management module is used for managing the various authorized DNS servers;
the client and client application program management module is used for managing the client and the client application program;
a DNS server management module used for binding the client domain name corresponding to the specified client application program with a single DNS server and managing the running state of the single DNS server;
a DNS server group management module for grouping DNS servers and assigning the DNS server group for the client domain name corresponding to the assigned client application program,
the client application program management method comprises the steps of creating and deleting a client login account, setting the authority of a client to access the GUI interface, and setting the authority of a DNS server group which can be used by the client application program, and the client application program management comprises the steps of adding and deleting a client domain name corresponding to the client application program.
3. The DNS system of claim 2, wherein the DNS server group management module specifies the DNS server group for the client domain name corresponding to the specified client application based on at least one of the following criteria:
selecting the one or more DNS servers from the plurality of authoritative DNS servers;
configuring an initial DNS server set for the specified client application;
configuring different DNS server groups for the appointed client application program according to the client grade;
configuring a private DNS server group for the specified client application program according to the client requirement;
manually switching the designated DNS server group of the client domain name corresponding to the designated client application program in time according to the client requirement;
a designated DNS server group for automatically switching the client domain name corresponding to the designated client application program when the client level is increased/decreased;
intelligently switching a designated DNS server group of the client domain name corresponding to the designated client application program under a specific scene;
and intelligently recommending a designated DNS server group of the client domain name corresponding to the designated client application program.
4. The DNS system of claim 3, wherein the DNS server group management module intelligently switches the designated DNS server group for the client domain name corresponding to the designated client application in a particular scenario based on at least one of the following criteria:
when the system time meets the requirement of the specified time, intelligent switching is carried out so as to guarantee important activities;
when the request flow of the client domain name corresponding to the specified client application program reaches a specified flow threshold value, intelligent switching is carried out;
intelligent switching when triggering a specified safety alarm condition, and/or
The DNS server group management module intelligently recommends a designated DNS server group of a client domain name corresponding to a designated client application program based on at least one of the following criteria:
carrying out intelligent recommendation according to the user access flow of the client domain name corresponding to the specified client application program;
and intelligently recommending according to whether the client domain name corresponding to the specified client application program is attacked or not.
5. The DNS system of claim 1, wherein the plurality of authoritative DNS servers include DNS servers supporting a BIND stable version, DNS servers supporting an NSD enhanced version, DNS servers supporting a DPDK high defense version, DNS servers supporting a custom tailored version.
6. A method for managing a DNS system, comprising:
providing a plurality of authoritative DNS services for client applications that access based on client domain names using a plurality of authoritative DNS servers;
managing the plurality of authoritative DNS servers to specify, for a given client application, DNS services provided by a given set of DNS servers,
wherein the set of DNS servers comprises one or more DNS servers adapted to provide DNS services for the specified client application.
7. The method for managing a DNS system according to claim 6, wherein the step of managing the plurality of authorized DNS servers includes:
providing a GUI interface for interaction with an administrator and for displaying monitoring and statistical information;
managing the plurality of authoritative DNS servers;
managing clients and client applications;
specifying the set of DNS servers for the client domain name corresponding to the specified client application,
the client application program management method comprises the steps of creating and deleting a client login account, setting the authority of a client to access the GUI interface, and setting the authority of a DNS server group which can be used by the client application program, and the client application program management comprises the steps of adding and deleting a client domain name corresponding to the client application program.
8. The method of managing a DNS system according to claim 7, wherein said set of DNS servers is specified for a client domain name corresponding to said specified client application based on at least one of the following criteria:
selecting the one or more DNS servers from the plurality of authoritative DNS servers;
configuring an initial DNS server group for the client domain name corresponding to the specified client application program;
configuring different DNS server groups for the client domain name corresponding to the specified client application program according to the client level;
configuring a private DNS server group for the client domain name corresponding to the specified client application program according to the client requirement;
manually switching the designated DNS server group of the client domain name corresponding to the designated client application program in time according to the client requirement;
a designated DNS server group for automatically switching the client domain name corresponding to the designated client application program when the client level is increased/decreased;
intelligently switching a designated DNS server group of the client domain name corresponding to the designated client application program under a specific scene;
and intelligently recommending a designated DNS server group of the client domain name corresponding to the designated client application program.
9. The method of managing a DNS system according to claim 8, wherein the designated DNS server group for the client domain name corresponding to the designated client application is intelligently switched in a specific scenario based on at least one of the following criteria:
when the system time meets the requirement of the specified time, intelligent switching is carried out so as to guarantee important activities;
when the request flow of the client domain name corresponding to the specified client application program reaches a specified flow threshold value, intelligent switching is carried out;
intelligent switching when triggering a specified safety alarm condition, and/or
Intelligently recommending a designated DNS server group for a client domain name corresponding to a designated client application based on at least one of the following criteria:
carrying out intelligent recommendation according to the user access flow of the client domain name corresponding to the specified client application program;
and intelligently recommending according to whether the client domain name corresponding to the specified client application program is attacked or not.
10. The method for managing a DNS system according to claim 6, wherein the plurality of authorized DNS servers include a DNS server supporting a BIND stable version, a DNS server supporting an NSD enhanced version, a DNS server supporting a DPDK highly protected version, and a DNS server supporting a custom version.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811248543.XA CN111107170B (en) | 2018-10-25 | 2018-10-25 | DNS system and management method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811248543.XA CN111107170B (en) | 2018-10-25 | 2018-10-25 | DNS system and management method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111107170A true CN111107170A (en) | 2020-05-05 |
| CN111107170B CN111107170B (en) | 2023-04-07 |
Family
ID=70418261
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811248543.XA Active CN111107170B (en) | 2018-10-25 | 2018-10-25 | DNS system and management method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111107170B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114124832A (en) * | 2020-08-31 | 2022-03-01 | 中国移动通信集团浙江有限公司 | DNS system service processing method and device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060039352A1 (en) * | 2004-08-19 | 2006-02-23 | International Business Machines Corporation | System and method for designating a priority access order of domain name service servers |
| CN101243422A (en) * | 2005-08-19 | 2008-08-13 | 微软公司 | Branch office DNS storage and resolution |
| US20100070569A1 (en) * | 2007-06-07 | 2010-03-18 | Bhavin Turakhia | Method and system for providing a predetermined service to a domain registrant by a dns manager |
| CN102647341A (en) * | 2012-03-28 | 2012-08-22 | 北京星网锐捷网络技术有限公司 | Message processing method, device and system |
| US20160219015A1 (en) * | 2015-01-27 | 2016-07-28 | Mastercard International Incorporated | Systems and methods for centralized domain name system administration |
| CN106302850A (en) * | 2016-08-04 | 2017-01-04 | 北京迅达云成科技有限公司 | A kind of authority's DNS method for optimizing configuration and device |
| US10015094B1 (en) * | 2015-06-19 | 2018-07-03 | Amazon Technologies, Inc. | Customer-specified routing policies |
-
2018
- 2018-10-25 CN CN201811248543.XA patent/CN111107170B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060039352A1 (en) * | 2004-08-19 | 2006-02-23 | International Business Machines Corporation | System and method for designating a priority access order of domain name service servers |
| CN101243422A (en) * | 2005-08-19 | 2008-08-13 | 微软公司 | Branch office DNS storage and resolution |
| US20100070569A1 (en) * | 2007-06-07 | 2010-03-18 | Bhavin Turakhia | Method and system for providing a predetermined service to a domain registrant by a dns manager |
| CN102647341A (en) * | 2012-03-28 | 2012-08-22 | 北京星网锐捷网络技术有限公司 | Message processing method, device and system |
| US20160219015A1 (en) * | 2015-01-27 | 2016-07-28 | Mastercard International Incorporated | Systems and methods for centralized domain name system administration |
| US10015094B1 (en) * | 2015-06-19 | 2018-07-03 | Amazon Technologies, Inc. | Customer-specified routing policies |
| CN106302850A (en) * | 2016-08-04 | 2017-01-04 | 北京迅达云成科技有限公司 | A kind of authority's DNS method for optimizing configuration and device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114124832A (en) * | 2020-08-31 | 2022-03-01 | 中国移动通信集团浙江有限公司 | DNS system service processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111107170B (en) | 2023-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11770438B2 (en) | Network communications | |
| AU2019204090B2 (en) | Networking flow logs for multi-tenant environments | |
| US10938860B1 (en) | Preserving privacy related to networked media consumption activities | |
| US9836346B2 (en) | Error troubleshooting using a correlated knowledge base | |
| CN107707943B (en) | A kind of method and system for realizing cloud service fusion | |
| KR20180048761A (en) | Systems, methods and computer-readable storage media for the manipulation of personalized event-triggered computers at edge locations | |
| CN104301436B (en) | Content to be displayed push, subscription, update method and its corresponding device | |
| US10878432B2 (en) | System and methods for consumer managed behavioral data | |
| US20120290545A1 (en) | Collection of intranet activity data | |
| CN107111510B (en) | Method and device for operating VNF packet | |
| CN107211035A (en) | Method and network node for monitoring service in content delivery network | |
| CN111107170B (en) | DNS system and management method thereof | |
| US20230251789A1 (en) | Record information management based on self-describing attributes | |
| CN110795677A (en) | CDN node distribution method and device | |
| US20070220002A1 (en) | Dynamic server configuration for managing high volume traffic | |
| CN110839066A (en) | Data processing method and related equipment | |
| US20230171269A1 (en) | Identifying and targeting communication network events via uniform resource locator sets | |
| US20190355001A1 (en) | Method and system for integrating a feedback gathering system over existing wifi network access | |
| CN115860308A (en) | Method for managing information and related equipment | |
| CN114722046A (en) | Server and home page cache data version generation method | |
| CN114218537A (en) | Management method, device, equipment and readable medium for distributed storage users | |
| CN113452539A (en) | Source station switching method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |