CN112929463A - Traffic proxy method, server and system based on DNS (Domain name System) - Google Patents
Traffic proxy method, server and system based on DNS (Domain name System) Download PDFInfo
- Publication number
- CN112929463A CN112929463A CN202110100557.2A CN202110100557A CN112929463A CN 112929463 A CN112929463 A CN 112929463A CN 202110100557 A CN202110100557 A CN 202110100557A CN 112929463 A CN112929463 A CN 112929463A
- Authority
- CN
- China
- Prior art keywords
- domain name
- dns
- address
- flow control
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000011217 control strategy Methods 0.000 claims abstract description 35
- 238000004458 analytical method Methods 0.000 claims abstract description 22
- 238000004590 computer program Methods 0.000 claims description 16
- 230000008569 process Effects 0.000 claims description 8
- 238000004891 communication Methods 0.000 claims description 6
- 230000001133 acceleration Effects 0.000 claims description 4
- 238000004904 shortening Methods 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 12
- 238000012545 processing Methods 0.000 description 5
- 230000004044 response Effects 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000013507 mapping Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/58—Caching of addresses or names
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/59—Network arrangements, protocols or services for addressing or naming using proxies for addressing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a traffic proxy method, a server and a system based on a DNS (domain name system), wherein the method comprises the following steps: receiving a DNS analysis request sent by a client by a domain name DNS proxy service, wherein the DNS analysis request comprises a domain name to be analyzed; the DNS proxy service acquires the IP address corresponding to the domain name to be resolved from a DNS authoritative server; if the DNS proxy service records the flow control strategy aiming at the domain name to be analyzed, the domain name to be analyzed and the IP address are saved to a local disk, and the DNS analysis request is responded based on the IP address. The method is used for shortening the time for acquiring the IP address and the flow agent strategy thereof and improving the performance of the flow agent system.
Description
Technical Field
The present application relates to the field of network technologies, and in particular, to a traffic proxy method, server, and system based on a DNS.
Background
In the existing traffic proxy service, because the IP address of the source station server of the content provider is frequently updated, the DNS proxy needs to be performed first to obtain the IP address corresponding to the domain name, and the response speed is improved by storing the IP address in the cache, but because the DNS proxy server may have problems such as process restart, abnormal exit, or abnormal restart of the device during the operation process, the information in the memory is lost, which causes the loss of the mapping relationship between the domain name and the IP address stored in the cache, and when receiving the DNS resolution request of the domain name again, the IP address corresponding to the domain name can only be obtained from the authoritative server, which increases the workload of the domain name server and slows down the proxy speed of the domain name server.
Disclosure of Invention
Embodiments of the present invention provide a traffic proxy method, a server, and a system based on a DNS, which are used to prevent the above problem caused by memory data loss and improve the performance of a traffic proxy system.
In a first aspect, an embodiment of the present invention provides a traffic proxy method based on a DNS, where the method includes:
receiving a DNS analysis request sent by a client by a domain name DNS proxy service, wherein the DNS analysis request comprises a domain name to be analyzed;
the DNS proxy service acquires the IP address corresponding to the domain name to be resolved from a DNS authoritative server;
if the DNS proxy service records the flow control strategy aiming at the domain name to be analyzed, the domain name to be analyzed and the IP address are saved to a local disk, and the DNS analysis request is responded based on the IP address.
In the method, the domain name to be resolved and the IP address are saved to the local disk. When the local cache information is lost, the DNS proxy service may directly obtain the IP address corresponding to the domain name to be resolved from the local disk, without obtaining the IP address corresponding to the domain name to be resolved from the DNS authority server again. Compared with the prior art, the DNS proxy service processing method and the DNS proxy service processing device can quickly respond to the DNS analysis request by acquiring the information lost in the local cache from the local disk when the memory data in the DNS proxy service is lost, reduce the workload of the DNS proxy service and accelerate the proxy speed of the DNS proxy service.
Optionally, before the step of obtaining, by the DNS proxy service, the IP address corresponding to the domain name to be resolved from the DNS authoritative server, the method further includes: the DNS proxy service queries a local cache to acquire an IP address corresponding to the domain name to be resolved; if the record is not inquired, inquiring a local disk to acquire the IP address corresponding to the domain name to be analyzed; if the local disk has no corresponding record, then executing the step of obtaining the IP address corresponding to the domain name to be analyzed from the DNS authoritative server and the subsequent steps; and if the local cache or the local disk has a corresponding record, responding to the DNS analysis request based on the IP address corresponding to the domain name to be analyzed, which is acquired from the local cache or the local disk.
In the method, the DNS proxy service firstly acquires the IP address corresponding to the domain name to be resolved from the local cache, if the IP address corresponding to the domain name to be resolved is not acquired, the IP address corresponding to the domain name to be resolved is acquired from the local disk, and if the IP address corresponding to the domain name to be resolved is not acquired from the local cache and the local disk, the IP address corresponding to the domain name to be resolved is acquired from the DNS authoritative server. Therefore, when information in the local cache is lost due to the restart or abnormality of the DNS proxy service process, the information can be obtained from the local disk, the time consumed for obtaining the lost information from the DNS authoritative server again can be saved, and the flow proxy speed of the DNS proxy service is accelerated.
Optionally, the method includes: and storing the IP address of the domain name to be analyzed to a local cache.
In the method, the IP address acquired from the DNS authoritative server is stored in the local cache, so that the time of the DNS proxy service for accessing the local disk or the DNS authoritative server can be saved, and the storage space of the local disk can be saved if the IP address does not need to be stored in the local disk.
Optionally, the storing the domain name to be resolved and the IP address to a local disk specifically includes:
inverting the characters of the domain name to be analyzed to obtain a storage directory; and creating the storage directory in a file system of a local disk, and storing the IP address in the storage directory.
The IP address is stored according to the method, so that the subsequent query of the IP address can be facilitated, and the efficiency of obtaining the IP address is improved.
Optionally, the method for querying a local disk specifically includes:
turning characters of the domain name to be resolved, obtaining a corresponding query directory based on the turned characters, matching the query directory with a storage directory of the file system, and if the matching is successful, obtaining the IP address stored under the matched storage directory and determining the IP address as the IP address corresponding to the domain name to be resolved; and if not, determining that no corresponding record exists in the local disk.
According to the method, the storage directory is matched according to the inverted domain name to be analyzed, the file name matched with the domain name to be analyzed is obtained, and the IP address is further obtained from the file. Thus, the efficiency of acquiring the IP address is increased.
Optionally, the method further comprises: and the DNS proxy service generates an IP flow control strategy based on the IP address and the flow control strategy and sends the IP flow control strategy to the flow control service, so that the flow control service proxies the flow based on the IP flow control strategy when receiving the flow sent to the IP address by the client.
Optionally, when the DNS proxy service receives a domain name flow control policy update instruction issued by a configuration platform, the DNS proxy service acquires each domain name to be updated and a corresponding updated flow control policy included in the update instruction, queries an IP address corresponding to each domain name to be updated from the local disk, generates a new IP flow control policy based on the IP address corresponding to the domain name to be updated and the updated flow control policy, sends the new IP flow control policy to the flow control service, and instructs the flow control service to update a locally stored IP flow control policy based on the new IP flow control policy.
In the method, the traffic control service can proxy the traffic sent by the client to the IP address based on the IP traffic control policy sent by the DNS proxy service. Therefore, different IP addresses can correspond to different flow control strategies, and the flexibility of flow control is improved.
In a second aspect, embodiments of the present invention provide a computer-readable storage medium storing a program which, when run on a computer, causes the computer to carry out the method described in the various possible designs of the first aspect.
In a third aspect, an embodiment of the present invention provides a DNS proxy server, including:
a memory for storing a computer program;
a processor for calling the computer program stored in said memory and executing the method described in the various possible designs of the first aspect according to the obtained program.
In a fourth aspect, an embodiment of the present invention provides a traffic proxy system, where the traffic proxy system includes:
the configuration platform is used for configuring the domain name flow control strategy and sending the domain name flow control strategy to the DNS proxy service; the DNS proxy service is in communication connection with the configuration platform, receives the domain name traffic control policy, and processes a DNS resolution request sent by a client by executing the DNS-based traffic proxy method according to the first aspect.
Further, the system further comprises: the flow control service is in communication connection with the DNS proxy service, and after the DNS proxy service acquires the IP address corresponding to the domain name to be analyzed in the DNS analysis request, the DNS proxy service sends the IP address and the corresponding flow control strategy to the flow control service; and the flow control service is used for receiving the flow sent by the client aiming at the IP address and carrying out acceleration control on the flow according to the IP address and the flow control strategy sent by the DNS proxy service.
These and other implementations of the invention will be more readily understood from the following description of the embodiments.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic application architecture diagram of a traffic proxy system of a DNS according to an embodiment of the present invention;
fig. 2A is a schematic diagram illustrating a DNS-based traffic proxy system according to an embodiment of the present invention;
fig. 2B is a schematic diagram illustrating a DNS-based traffic proxy system according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a DNS-based traffic proxy method according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic diagram of an application architecture of a DNS-based traffic proxy method according to an embodiment of the present invention. The client 101 may be a communicable device such as a computer, a mobile phone, a server, etc.; the DNS proxy service 102 may be implemented based on a computer program, which may be deployed on various service devices or local to a client, specifically, the service device may be a computer server, or a network service device such as a switch or a router; the flow control service 103 is also implemented based on a computer program, and may be deployed on various service devices or local to a client, specifically, the service device may be a computer server, or a network service device such as a switch, a router, and the like, which may be deployed on the same device as the DNS proxy service or may be deployed separately; in other embodiments of the present invention, the configuration platform 104 may also be deployed locally at a client, and may be configured to generate and manage a domain name flow control policy, and send the domain name flow control policy to the DNS proxy service, where the domain name flow control policy includes domain name information that needs to perform flow control and a flow control policy corresponding to each domain name, and the flow control policy may include a specific routing path or a routing policy, for example, a routing policy based on cost-first, a routing policy based on a source-back rate, or a routing policy based on line reliability, and the specific routing policy may be set according to an actual service requirement, which is not limited in the present invention.
It is to be understood that, in the embodiment of the present invention, all of the DNS proxy service, the flow control service, and the configuration platform are implemented based on computer programs, and then these three services may be deployed on different devices, as shown in fig. 1, or may be deployed on the same device, as shown in fig. 2A and fig. 2B, for example, both of the services are deployed on the same service device, or both of the services are deployed locally on a client, which may be adjusted according to actual needs, and the present invention is not limited thereto.
The DNS proxy service 102 may receive the domain name traffic control policy issued by the configuration platform 104, and store the domain name traffic control policy in a local cache and/or a local disk, for use in subsequently generating a traffic control policy for an IP address corresponding to a domain name.
Specifically, the DNS proxy service 102 receives a DNS resolution request sent by the client 101, acquires a domain name to be resolved in the DNS resolution request, queries whether a flow control policy corresponding to the domain name to be resolved exists in a domain name flow control policy stored locally according to the domain name to be resolved, and if the flow control policy exists, generates a mapping relationship between an IP address and the flow control policy corresponding to the domain name to be resolved after acquiring the IP address corresponding to the domain name to be resolved from the DNS authority server, and sends the mapping relationship to the flow accelerator, so that the flow accelerator can determine to accelerate proxy for the received flow based on the mapping relationship between the IP and the flow control policy, and can store the domain name to be resolved and the IP address in a local cache and a local disk in an associated manner.
Based on this, an embodiment of the present application provides a flow of a DNS-based traffic proxy method, and as shown in fig. 3, the DNS-based traffic proxy method provided in the embodiment of the present application is applied to a DNS proxy service, and specifically includes:
In one implementation, the DNS proxy service may intercept traffic from the network egress device of the client to obtain all traffic sent by the client, and identify the traffic to determine the DNS resolution request sent by the client.
In another implementation, the DNS proxy service may receive a DNS resolution request sent by a client by configuring a client local DNS server address to serve the DNS proxy.
When the DNS proxy service is deployed locally on the client, the DNS resolution request sent by the client can be received through monitoring a local port.
After receiving a DNS analysis request sent by a client, the DNS can perform message analysis on the DNS analysis request and acquire a domain name to be analyzed in the DNS analysis request.
In implementation, before step 302 is executed, the DNS proxy service may first query a local cache to quickly obtain an IP address corresponding to the domain name to be resolved from the local cache, and respond to the DNS resolution request; if the record is not inquired, the local disk can be inquired so as to quickly acquire the IP address corresponding to the domain name to be analyzed from the local disk, and then the DNS analysis request is directly responded.
It should be noted that, each time the DNS proxy service obtains a DNS resolution result from the DNS authoritative server, the domain name in the resolution result and the corresponding IP address may be cached locally, that is, cached in a local memory, and meanwhile, in order to prevent the situation that the local cache is lost due to a restart or an abnormal exit, the domain name and the corresponding IP address may be synchronously stored in the local disk, so when the DNS proxy service receives a DNS resolution request, the local cache may be queried first to obtain the corresponding IP address, thereby quickly responding to the DNS resolution request, if the local cache does not store the IP address corresponding to the domain name to be resolved, there are two possibilities, first, in an effective cache deadline, the DNS resolution request for the domain name to be resolved is received for the first time; secondly, the local cache is lost, so that the local cache can continue to inquire from the local disk, if the local disk stores the IP address corresponding to the domain name to be resolved, the local cache is lost, and then the DNS proxy service can directly acquire the IP address corresponding to the domain name to be resolved from the local disk and directly respond to the DNS resolution request; if the local disk does not have the corresponding IP address, the DNS analysis request can be forwarded to the DNS authoritative server so as to obtain a response message from the DNS authoritative server, and further, the IP address corresponding to the domain name to be analyzed is obtained from the response message and is stored in the local cache and the local disk.
In one implementation, when the DNS proxy locally stores a domain name and a corresponding IP address, it may determine whether the domain name and the corresponding IP address need to be stored in a local disk according to whether the domain name has a corresponding traffic control policy. Specifically, after receiving a response message sent by a DNS authoritative server, the DNS proxy server may first determine whether a corresponding flow control policy exists for a domain name to be resolved in the response message by querying a local record, and if not, directly store the corresponding record to a local cache, and if so, store the corresponding record in the local cache and a local disk, where the principle is as follows: if the domain name to be resolved has the corresponding flow control strategy, it is indicated that the DNS service needs to generate the flow control strategy for the IP address corresponding to the domain name to be resolved, and send the flow control strategy to the flow control service, so that the flow control service can control the flow based on the IP address, and meanwhile, since the IP address of the application server corresponding to the domain name to be resolved may change, the resolution result of the same domain name may change at different time points by the DNS authoritative server, therefore, when it is determined that the corresponding IP address exists in the local cache or the local disk, the DNS resolution request is directly responded, and it is ensured that the flow sent by the client based on the responded IP address is received by the flow control service, and the corresponding flow control strategy can be correctly obtained.
In one implementation, to improve the performance of domain name query in disk storage, the local disk storage of the service device where the DNS proxy service is located may adopt an existing tree directory structure of a file system, and the domain name to be resolved and the IP address are stored in a local disk to the local disk, which specifically includes: reversing the characters of the domain name to be analyzed to obtain a file storage directory, and establishing a storage relation for each level of domain name according to the form of a directory tree; and saving the IP address to the file storage directory. For example, the domain name to be resolved isnews, basic, com, corresponding IP address is1.1.1.1 and 1.1.1.2, when performing local disk storage, the domain name to be resolved can be reversed, and '·' is converted into '/', so as to obtain a file storage directory moc/udiab/swen, which is created in the file system and stores IP addresses 1.1.1.1 and 1.1.1.2 under the file storage, and at the same time, the domain name to be resolved can also be storedwww.baidu.comAnd storing the corresponding flow control strategy in the directory. Therefore, whether the IP corresponding to the domain name exists can be directly judged through the basic linux api interface during domain name searching, and the operation is quick and convenient. Further, when converting the domain name to be resolved into a file storage directory, a '·' end may be added to the domain name at the last level, for example, news. moc/udiab/swen, and moc/udiab/swen/gmi, to avoid conflicts with partial hierarchy domain name naming.
The following is an example of a storage directory as follows:
storage directory
In one implementation, the method for querying a local disk specifically includes: turning over the characters of the domain name to be analyzed, matching a file storage directory based on the turned-over characters to determine whether a corresponding directory exists in a file system, and if so, determining whether the corresponding directory exists in the file systemDetermining the IP address stored in the directory as the IP address corresponding to the domain name to be analyzed; and if not, determining that no corresponding record exists in the local disk. According to the above example, the domain name to be resolved isnews.baidu.comReversely acquiring moc/udiab/swen, searching the most extensive level moc of the storage directory, searching the sub-extensive level udiab, searching the level swen, and determining the contents stored under the level swenIP address 1.1.1.1And 1.1.1.2Corresponding to the domain name news IP address of. And if the storage directory does not have a directory corresponding to moc/udiab/swen, determining that no corresponding record exists in the local disk.
In one implementation, the method further comprises: and the DNS proxy service sends the IP address and the flow control strategy to a flow control service, so that the flow control service can proxy the flow based on the flow control strategy when receiving the flow sent to the IP address by the client. The DNS proxy service acquires the domain name to be resolved from the DNS authoritative serverwww.baidu.com corresponding to IP address 1.1.1.1And after 1.1.1.2, determining a flow control strategy corresponding to the domain name to be analyzed according to the domain name flow control strategy issued by the configuration platform: and accelerating transmission, namely, transmitting the IP address:1.1.1.1and 1.1.1.2And accelerating the transmissionAnd the control strategy is sent to the flow control service, so that the flow control service transmits the received flow with the destination address IP address of 1.1.1.1 or 1.1.1.2 through the acceleration channel.
In implementation, the configuration platform may manage the domain name flow control policy, including updating, such as adding, deleting, etc., and issue a domain name flow control policy update instruction to the DNS proxy service, where each domain name to be updated and a corresponding updated flow control policy that may be included in the update instruction may be acquired when the DNS proxy service receives the domain name flow control policy update instruction issued by the platform, and update the locally stored domain name flow control policy, if the domain name to be updated is not already stored in the local record, it may be directly stored locally first, an IP address corresponding to the domain name to be updated is acquired from a local cache, and if the domain name to be updated is available, a new IP flow control policy is generated based on the IP address and the corresponding updated flow control policy, sending the IP flow control policy to the flow control service, and instructing the flow control service to store the new IP flow control policy; if the domain name to be updated is stored locally, it indicates that the flow control policy corresponding to the domain name to be updated needs to be updated, the locally stored flow control policy corresponding to the domain name to be updated may be updated to the corresponding updated flow control policy, the IP address corresponding to the domain name to be updated is queried from the local disk, a new IP flow control policy is generated based on the IP address corresponding to the domain name to be updated and the updated flow control policy, and the new IP flow control policy is sent to the flow control service, and the flow control service is instructed to update based on the IP flow control policy locally recorded by the new IP flow control policy. Therefore, after the configuration platform updates the domain name flow control policy, the DNS proxy service can update local information in time and synchronously indicate the flow control service to update, so that the flow control service can update the flow sent by the client based on the latest flow control policy.
According to the method, the domain name to be analyzed and the IP address are stored in the local disk, when local cache information is lost, the DNS proxy service can directly acquire the IP address corresponding to the domain name to be analyzed from the local disk without acquiring the IP address corresponding to the domain name to be analyzed from the DNS authoritative server again, so that when abnormal exit and other abnormalities occur in the process of the DNS proxy service, the information lost in the local cache can be acquired from the local disk without requesting the DNS authoritative server again, and the proxy speed of the DNS proxy service is increased. Furthermore, by setting the storage mode of information persistence, namely turning over the domain name to generate a storage directory, creating a corresponding storage directory in the local disk file system, and storing the corresponding IP address in the storage directory, the query mode is simple, convenient and quick, a storage frame of an original memory data structure does not need to be adjusted, and the development cost is saved.
Based on the same concept, an embodiment of the present application provides a traffic proxy system, where the system includes: the configuration platform is used for configuring the domain name flow control strategy and sending the domain name flow control strategy to the DNS proxy service; the DNS proxy service is in communication connection with the configuration platform, receives the domain name flow control strategy, and processes a DNS analysis request sent by a client by executing the DNS-based flow proxy method.
Further, the system further comprises: the flow control service is in communication connection with the DNS proxy service, and after the DNS proxy service acquires the IP address corresponding to the domain name to be analyzed in the DNS analysis request, the DNS proxy service sends the IP address and the corresponding flow control strategy to the flow control service; and the flow control service is used for receiving the flow sent by the client aiming at the IP address and carrying out acceleration control on the flow according to the IP address and the flow control strategy sent by the DNS proxy service.
Based on the same concept, an embodiment of the present application provides a DNS proxy server, including: a memory for storing a computer program; and the processor is used for calling the computer program stored in the memory and executing the method according to the obtained program.
And a computer-readable storage medium storing a program which, when executed on a computer, causes the computer to carry out the method described above.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (10)
1. A DNS-based traffic proxy method, the method comprising:
receiving a DNS analysis request sent by a client by a domain name DNS proxy service, wherein the DNS analysis request comprises a domain name to be analyzed;
the DNS proxy service acquires the IP address corresponding to the domain name to be resolved from a DNS authoritative server;
if the DNS proxy service records the flow control strategy aiming at the domain name to be analyzed, the domain name to be analyzed and the IP address are saved to a local disk, and the DNS analysis request is responded based on the IP address.
2. The method of claim 1, wherein before the step of the DNS proxy service obtaining the I P address corresponding to the domain name to be resolved from the DNS authority server, the method further comprises:
the DNS proxy service queries a local cache to acquire an IP address corresponding to the domain name to be resolved; if the record is not inquired, inquiring a local disk to acquire the IP address corresponding to the domain name to be analyzed;
if the local disk has no corresponding record, then executing the step of obtaining the IP address corresponding to the domain name to be analyzed from the DNS authoritative server and the subsequent steps;
and if the local cache or the local disk has a corresponding record, responding to the DNS analysis request based on the IP address corresponding to the domain name to be analyzed, which is acquired from the local cache or the local disk.
3. The method of claim 1, wherein the method comprises: and storing the domain name to be analyzed and the IP address to a local cache.
4. The method according to claim 1 or 2, wherein the storing the domain name to be resolved and the IP address to a local disk specifically comprises:
inverting the characters of the domain name to be analyzed to obtain a storage directory;
and creating the storage directory in a file system of a local disk, and storing the IP address in the storage directory.
5. The method of claim 4, wherein the method for querying the local disk specifically comprises:
turning characters of the domain name to be resolved, obtaining a corresponding query directory based on the turned characters, matching the query directory with a storage directory of the file system, and if the matching is successful, obtaining the IP address stored under the matched storage directory and determining the IP address as the IP address corresponding to the domain name to be resolved; and if not, determining that no corresponding record exists in the local disk.
6. The method of claim 1, further comprising: and the DNS proxy service generates an IP flow control strategy based on the IP address and the flow control strategy and sends the IP flow control strategy to the flow control service, so that the flow control service proxies the flow based on the IP flow control strategy when receiving the flow sent to the IP address by the client.
7. The method according to claim 6, wherein when the DNS proxy service receives a domain name traffic control policy update instruction issued by a configuration platform, the DNS proxy service acquires each domain name to be updated and a corresponding updated traffic control policy included in the update instruction, queries an IP address corresponding to each domain name to be updated from the local disk, generates a new IP traffic control policy based on the IP address corresponding to the domain name to be updated and the updated traffic control policy, sends the new IP traffic control policy to the traffic control service, and instructs the traffic control service to update a locally stored IP traffic control policy based on the new IP traffic control policy.
8. A DNS proxy server, comprising:
a memory for storing a computer program;
a processor for calling a computer program stored in said memory to execute the method of any of claims 1 to 6 in accordance with the obtained program.
9. A traffic proxy system, characterized in that the system comprises:
the configuration platform is used for configuring the domain name flow control strategy and sending the domain name flow control strategy to the DNS proxy service;
the DNS proxy service is in communication connection with the configuration platform, receives the domain name flow control policy, and processes the DNS resolution request sent by the client by executing the DNS-based flow proxy method according to claims 1 to 5.
10. The system of claim 9, wherein the system further comprises:
the flow control service is in communication connection with the DNS proxy service, and after the DNS proxy service acquires the IP address corresponding to the domain name to be analyzed in the DNS analysis request, the DNS proxy service sends the IP address and the corresponding flow control strategy to the flow control service;
and the flow control service is used for receiving the flow sent by the client aiming at the IP address and carrying out acceleration control on the flow according to the IP address and the flow control strategy sent by the DNS proxy service.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110100557.2A CN112929463A (en) | 2021-01-26 | 2021-01-26 | Traffic proxy method, server and system based on DNS (Domain name System) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110100557.2A CN112929463A (en) | 2021-01-26 | 2021-01-26 | Traffic proxy method, server and system based on DNS (Domain name System) |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112929463A true CN112929463A (en) | 2021-06-08 |
Family
ID=76165925
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110100557.2A Pending CN112929463A (en) | 2021-01-26 | 2021-01-26 | Traffic proxy method, server and system based on DNS (Domain name System) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112929463A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113452808A (en) * | 2021-06-29 | 2021-09-28 | 百果园技术(新加坡)有限公司 | Domain name resolution method, device, equipment and storage medium |
| CN113766046A (en) * | 2021-09-09 | 2021-12-07 | 牙木科技股份有限公司 | Iterative traffic tracking method, DNS server, and computer-readable storage medium |
| CN114465982A (en) * | 2021-11-12 | 2022-05-10 | 中山大学 | Autonomous defense method and device for disappearing risk of authoritative domain name |
| CN116708041A (en) * | 2023-08-07 | 2023-09-05 | 烽台科技(北京)有限公司 | Camouflage proxy method, device, equipment and medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103678181A (en) * | 2013-12-10 | 2014-03-26 | 桂林长海科技有限责任公司 | Cache data protection method |
| CN103929507A (en) * | 2014-04-28 | 2014-07-16 | 广东睿江科技有限公司 | Method and device capable of achieving off-line DNS services |
| US20160072847A1 (en) * | 2010-03-18 | 2016-03-10 | Nominum, Inc. | Internet mediation |
| CN106331212A (en) * | 2016-08-25 | 2017-01-11 | 北京润通丰华科技有限公司 | Domain name server (DNS) cache camping-based domain name resolution method and system |
| CN106506715A (en) * | 2016-10-14 | 2017-03-15 | 乐视控股(北京)有限公司 | Domain name analytic method and device |
| CN106657426A (en) * | 2015-11-04 | 2017-05-10 | 中兴通讯股份有限公司 | Processing method and device for domain name parsing request, and server |
| CN108769284A (en) * | 2018-05-04 | 2018-11-06 | 网宿科技股份有限公司 | A kind of domain name analytic method, server and system |
| CN109067936A (en) * | 2018-09-05 | 2018-12-21 | 网宿科技股份有限公司 | A kind of method and device of domain name mapping |
| CN109597568A (en) * | 2018-09-18 | 2019-04-09 | 天津字节跳动科技有限公司 | A kind of date storage method, device, terminal device and storage medium |
| CN111294415A (en) * | 2018-12-10 | 2020-06-16 | 北京京东金融科技控股有限公司 | Domain name resolution method and device |
-
2021
- 2021-01-26 CN CN202110100557.2A patent/CN112929463A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160072847A1 (en) * | 2010-03-18 | 2016-03-10 | Nominum, Inc. | Internet mediation |
| CN103678181A (en) * | 2013-12-10 | 2014-03-26 | 桂林长海科技有限责任公司 | Cache data protection method |
| CN103929507A (en) * | 2014-04-28 | 2014-07-16 | 广东睿江科技有限公司 | Method and device capable of achieving off-line DNS services |
| CN106657426A (en) * | 2015-11-04 | 2017-05-10 | 中兴通讯股份有限公司 | Processing method and device for domain name parsing request, and server |
| CN106331212A (en) * | 2016-08-25 | 2017-01-11 | 北京润通丰华科技有限公司 | Domain name server (DNS) cache camping-based domain name resolution method and system |
| CN106506715A (en) * | 2016-10-14 | 2017-03-15 | 乐视控股(北京)有限公司 | Domain name analytic method and device |
| CN108769284A (en) * | 2018-05-04 | 2018-11-06 | 网宿科技股份有限公司 | A kind of domain name analytic method, server and system |
| CN109067936A (en) * | 2018-09-05 | 2018-12-21 | 网宿科技股份有限公司 | A kind of method and device of domain name mapping |
| CN109597568A (en) * | 2018-09-18 | 2019-04-09 | 天津字节跳动科技有限公司 | A kind of date storage method, device, terminal device and storage medium |
| CN111294415A (en) * | 2018-12-10 | 2020-06-16 | 北京京东金融科技控股有限公司 | Domain name resolution method and device |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113452808A (en) * | 2021-06-29 | 2021-09-28 | 百果园技术(新加坡)有限公司 | Domain name resolution method, device, equipment and storage medium |
| CN113766046A (en) * | 2021-09-09 | 2021-12-07 | 牙木科技股份有限公司 | Iterative traffic tracking method, DNS server, and computer-readable storage medium |
| CN113766046B (en) * | 2021-09-09 | 2023-10-13 | 牙木科技股份有限公司 | Iterative traffic tracking method, DNS server and computer readable storage medium |
| CN114465982A (en) * | 2021-11-12 | 2022-05-10 | 中山大学 | Autonomous defense method and device for disappearing risk of authoritative domain name |
| CN116708041A (en) * | 2023-08-07 | 2023-09-05 | 烽台科技(北京)有限公司 | Camouflage proxy method, device, equipment and medium |
| CN116708041B (en) * | 2023-08-07 | 2023-11-03 | 烽台科技(北京)有限公司 | Camouflage proxy method, device, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11909639B2 (en) | Request routing based on class | |
| CN112929463A (en) | Traffic proxy method, server and system based on DNS (Domain name System) | |
| US11194719B2 (en) | Cache optimization | |
| US20210021692A1 (en) | Translation of resource identifiers using popularity information upon client request | |
| JP5697675B2 (en) | System and method for increasing data communication speed and efficiency | |
| US8156243B2 (en) | Request routing | |
| US8756341B1 (en) | Request routing utilizing popularity information | |
| CN111970315A (en) | Method, device and system for pushing message | |
| CN102984286B (en) | Method and device and system of domain name server (DNS) for buffering updating | |
| CN110049503B (en) | Method and equipment for acquiring data | |
| US20150006622A1 (en) | Web contents transmission method and apparatus | |
| CN112597039A (en) | Virtual machine access method, system, device and computer readable storage medium | |
| CN111770123A (en) | Communication method, apparatus and storage medium | |
| CN110324436B (en) | Proxy method and device for transport layer proxy | |
| CN109788075B (en) | Private network system, data acquisition method and edge server | |
| WO2017000669A1 (en) | Centralised management control method, apparatus, and related device for domain name resource record caching | |
| CN113709232B (en) | Data packet loading method, client agent, device and storage medium | |
| CN113612735B (en) | Secure storage system | |
| CN106254576B (en) | Message forwarding method and device | |
| CN115242882A (en) | Method and device for accessing k8s container environment based on transport layer route | |
| US9860171B2 (en) | Large scale message routing in a distributed network | |
| CN113254203B (en) | Service degradation processing method and device | |
| US20240195781A1 (en) | Systems and methods for cloud resolving and internet path finding | |
| JP6487870B2 (en) | Name resolution device, name resolution method, and name resolution program | |
| CN116248632A (en) | File acquisition method, device, system and equipment, medium and product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210608 |
|
| RJ01 | Rejection of invention patent application after publication |