CN113992759B - Combined analysis device and method applied to local area network and electronic equipment - Google Patents
Combined analysis device and method applied to local area network and electronic equipment Download PDFInfo
- Publication number
- CN113992759B CN113992759B CN202111232848.3A CN202111232848A CN113992759B CN 113992759 B CN113992759 B CN 113992759B CN 202111232848 A CN202111232848 A CN 202111232848A CN 113992759 B CN113992759 B CN 113992759B
- Authority
- CN
- China
- Prior art keywords
- rule
- dns
- resolving
- service
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 122
- 238000000034 method Methods 0.000 title claims description 25
- 238000012546 transfer Methods 0.000 claims abstract description 23
- 238000012545 processing Methods 0.000 claims description 25
- 230000002457 bidirectional effect Effects 0.000 abstract description 6
- 239000003999 initiator Substances 0.000 description 11
- 238000010586 diagram Methods 0.000 description 9
- 238000004590 computer program Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Abstract
The application provides a joint analysis device, a joint analysis method and electronic equipment applied to a local area network, wherein the joint analysis device comprises a rule storage module, a rule transfer module and a rule analysis module; the rule storage module is configured to: storing a routing rule; the rule transit module is configured to: reading the routing rule from the rule storage module and forwarding the read routing rule to the rule analysis module; the rule parsing module is configured to: responding to a target DNS resolution request initiated by a service in a first environment or a second environment, requesting to query a routing rule from a rule transfer module, and triggering the rule transfer module to read and forward the routing rule from a rule storage module; receiving and analyzing the routing rule forwarded by the rule transfer module; and forwarding the DNS analysis request to a corresponding DNS analysis device according to the analysis result of the routing rule. The application can stably ensure bidirectional cross-environment DNS analysis.
Description
Technical Field
The present application relates to the field of information technologies, and in particular, to a joint analysis device and method applied to a local area network, and an electronic device.
Background
In a communication network, a service as an initiator wants to access another service, and DNS (Domain Name System ) resolution is performed by a DNS resolution device to obtain an IP address of the other service, so that the initiator accesses the other service according to the IP address resolved by the DNS resolution device. In a local area network, generally, a plurality of DNS resolution devices for service operation are respectively configured for each other, and each DNS resolution device is only responsible for resolving DNS resolution requests for services in the corresponding environment, so that services in different environments cannot be accessed mutually.
In the prior art, in order to enable a service in one environment to access a service in another environment, a DNS forward function of a DNS resolver is generally enabled, so that the DNS resolver forwards a DNS resolution request which cannot be resolved by itself to another DNS resolver. However, the method can only realize unidirectional cross-environment DNS resolution, or can not stably realize bidirectional cross-environment DNS resolution due to dead circulation when a certain DNS resolution request cannot be resolved by any DNS resolution device, so that bidirectional cross-environment service access cannot be stably ensured.
Disclosure of Invention
The application aims to provide a joint analysis device, a joint analysis method and electronic equipment applied to a local area network, which can stably ensure bidirectional cross-environment DNS analysis.
According to an aspect of the embodiment of the application, a joint resolution device applied to a local area network is disclosed, a first DNS resolution device is arranged in a first environment of the local area network, a second DNS resolution device is arranged in a second environment of the local area network, the first DNS resolution device is used for resolving a DNS resolution request pointing to a service in the first environment, the second DNS resolution device is used for resolving the DNS resolution request pointing to the service in the second environment, and the joint resolution device comprises a rule storage module, a rule transit module and a rule resolution module;
the rule storage module is configured to: storing a routing rule, wherein the routing rule is used for describing a domain name which is responsible for resolving by the first DNS resolving device and a domain name which is responsible for resolving by the second DNS resolving device;
the rule transit module is configured to: reading the routing rule from the rule storage module and forwarding the read routing rule to the rule analysis module;
the rule parsing module is configured to: responding to a target DNS resolution request initiated by a service in the local area network, requesting to query the routing rule from the rule transfer module so as to trigger the rule transfer module to read and forward the routing rule from the rule storage module; receiving and analyzing the routing rule forwarded by the rule transfer module; if the target DNS analysis request is determined to be directed to the service in the first environment according to the analysis result of the routing rule, forwarding the target DNS analysis request to the first DNS analysis device; and if the target DNS analysis request is determined to be directed to the service in the second environment according to the analysis result of the routing rule, forwarding the DNS analysis request to the second DNS analysis device.
In an embodiment, the service in the first environment runs on a virtual machine or a physical server, and the service in the second environment runs on a kubernetes cluster after being containerized.
In an embodiment, the rule relay module is further configured to: and carrying out deserialization processing on the read routing rule and then forwarding the routing rule to the rule analysis module.
In an embodiment, the public network DNS resolver is configured to resolve a DNS resolution request for a service directed to a public network, the routing rule is further configured to describe a domain name that the public network DNS resolver is responsible for resolving, and the rule resolution module is further configured to: and if the target DNS analysis request is determined to point to the service in the public network according to the analysis result of the routing rule, forwarding the target DNS analysis request to the public network DNS analysis device.
In an embodiment, the rule relay module is further configured to: and receiving a new routing rule written by a background administrator, and writing the new routing rule into the rule storage module to trigger the rule storage module to update the stored routing rule according to the new routing rule.
According to an aspect of the embodiments of the present application, a joint resolution method applied to a local area network is disclosed, a first DNS resolution device is provided in a first environment of the local area network, a second DNS resolution device is provided in a second environment of the local area network, the first DNS resolution device is used for resolving a DNS resolution request directed to a service in the first environment, the second DNS resolution device is used for resolving a DNS resolution request directed to a service in the second environment, and the joint resolution method includes:
storing a routing rule, wherein the routing rule is used for describing a domain name which is responsible for resolving by the first DNS resolving device and a domain name which is responsible for resolving by the second DNS resolving device;
responding to a target DNS resolution request initiated by a service in the local area network, and inquiring and resolving the routing rule;
if the target DNS analysis request is determined to be directed to the service in the first environment according to the analysis result of the routing rule, forwarding the target DNS analysis request to the first DNS analysis device;
and if the target DNS analysis request is determined to be directed to the service in the second environment according to the analysis result of the routing rule, forwarding the DNS analysis request to the second DNS analysis device.
In an embodiment, the method further comprises: and carrying out deserialization processing on the read routing rule and then forwarding the routing rule to the rule analysis module.
In an embodiment, the public network DNS resolver is configured to resolve a DNS resolution request for a service directed to a public network, the routing rule is further configured to describe a domain name that the public network DNS resolver is responsible for resolving, and the method further includes: and if the target DNS analysis request is determined to point to the service in the public network according to the analysis result of the routing rule, forwarding the target DNS analysis request to the public network DNS analysis device.
In an embodiment, the method further comprises: and receiving a new routing rule written by a background administrator, and issuing the new routing rule to the storage module to trigger the storage module to update the stored routing rule according to the new routing rule.
According to an aspect of an embodiment of the present application, an electronic device is disclosed, including: one or more processors; storage means for storing one or more programs that, when executed by the one or more processors, cause the electronic device to implement any of the embodiments above.
According to an aspect of an embodiment of the present application, there is disclosed a computer program medium having computer-readable instructions stored thereon, which, when executed by a processor of a computer, cause the computer to perform any of the above embodiments.
According to an aspect of embodiments of the present application, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The computer instructions are read from the computer-readable storage medium by a processor of a computer device, and executed by the processor, cause the computer device to perform the methods provided in the various alternative implementations described above.
In the embodiment of the application, whether the service in the first environment initiates the target DNS analysis request pointing to the service in the second environment or the service in the second environment initiates the target DNS analysis request pointing to the service in the first environment, the joint analysis device applied to the local area network can accurately forward the target DNS analysis request to the DNS analysis device capable of analyzing the target DNS analysis request, so that bidirectional cross-environment DNS analysis can be stably ensured.
Other features and advantages of the application will be apparent from the following detailed description, or may be learned by the practice of the application.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application as claimed.
Drawings
The above and other objects, features and advantages of the present application will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings.
FIG. 1 illustrates a global data processing schematic of a joint resolution device according to one embodiment of the application.
FIG. 2 illustrates a global data processing schematic of a joint resolution device according to one embodiment of the application.
Fig. 3 shows a schematic diagram of data processing by the joint resolution device for a target DNS resolution request from a first environment to a second environment according to an embodiment of the present application.
Fig. 4 illustrates a data processing schematic of a joint resolution device for a target DNS resolution request inside a first environment according to an embodiment of the present application.
Fig. 5 shows a schematic diagram of data processing by the joint resolution device for a target DNS resolution request from the second environment to the first environment according to an embodiment of the present application.
Fig. 6 illustrates a data processing schematic of a joint resolution device for a target DNS resolution request inside a second environment according to an embodiment of the present application.
FIG. 7 shows a hardware diagram of an electronic device according to one embodiment of the application.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these example embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The drawings are merely schematic illustrations of the present application and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more example embodiments. In the following description, numerous specific details are provided to give a thorough understanding of example embodiments of the application. One skilled in the relevant art will recognize, however, that the application may be practiced without one or more of the specific details, or with other methods, components, steps, etc. In other instances, well-known structures, methods, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the application.
Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor devices and/or microcontroller devices.
The application provides a joint analysis device applied to a local area network, which mainly aims to enable DNS analysis requests crossing environments in the same local area network to be successfully analyzed in a two-way mode, so that services which are originally in different environments and cannot be mutually accessed in the same local area network can be mutually accessed.
In detail, the local area network of the present application comprises at least two environments, each provided with a DNS resolution means. The description will be given by way of example with a first DNS resolver provided in a first environment and a second DNS resolver provided in a second environment.
After receiving a DNS resolution request directed to a service in a first environment, the first DNS resolution device resolves an IP address of the service required to be accessed by the DNS resolution request, so that an initiator of the DNS resolution request can access the service in the first environment according to the IP address resolved by the first DNS resolution device.
Similarly, after receiving a DNS resolution request directed to a service in a second environment, the second DNS resolution device resolves an IP address of the service required to be accessed by the DNS resolution request, so that an initiator of the DNS resolution request can access the service in the second environment according to the IP address resolved by the second DNS resolution device.
Typically, a computer device can only initiate DNS resolution requests to a single DNS resolution device. In this case, if the present application does not propose the joint resolution device, the service in the first environment can only initiate a DNS resolution request to the first DNS resolution device in the same environment, and the service in the second environment can only initiate a DNS resolution request to the second DNS resolution device in the same environment. That is, if a service in the first environment needs to access another service, only the DNS resolution request can be sent to the first DNS resolution device, and the first DNS resolution device resolves the corresponding IP address. Since the first DNS resolution means and the second DNS resolution means are in different environments, the first DNS resolution means cannot resolve DNS resolution requests directed to traffic in the second environment in general, and thus traffic in the first environment cannot access traffic in the second environment in this case. Similarly, in this case the traffic in the second environment cannot access the traffic in the first environment.
In order to enable a DNS resolution request from a first environment to a second environment to be resolved and to enable a DNS resolution request from the second environment to be resolved to the first environment, the present application proposes a joint resolution device applied to a local area network, and referring to a global data processing schematic diagram of the joint resolution device shown in fig. 1, the joint resolution device mainly includes three modules: the system comprises a rule storage module, a rule transfer module and a rule analysis module.
The rule storage module is mainly used for storing routing rules, and the routing rules are used for describing the mapping relation between the domain name and the DNS resolution device.
The rule transfer module is mainly used for transferring the routing rule.
The rule analysis module is mainly used for receiving a target DNS analysis request initiated by a service in the local area network, analyzing the routing rule and forwarding the target DNS analysis request to a DNS analysis device capable of analyzing the target DNS analysis request according to the analysis result.
Specifically, through the pre-configuration of the local area network, the initiator of the target DNS resolution request is enabled to send the target DNS resolution request to the rule resolution module of the joint resolution device, whether the initiator is located in the first environment of the local area network or the second environment of the local area network.
And the rule resolving module responds to the target DNS resolving request and requests the query routing rule to the rule transit module.
The rule transfer module responds to the query request of the rule analysis module and requests the query routing rule from the rule storage module.
And the rule storage module responds to the query request of the rule transfer module and returns the stored routing rule to the rule transfer module.
And after receiving the routing rule, the rule transfer module returns the routing rule to the rule analysis module.
The rule resolving module can directly extract the domain name of the target access service of the initiator from the target DNS resolving request after receiving the target DNS resolving request, so that the rule resolving module can determine which DNS resolving device is responsible for resolving the target DNS resolving request according to resolving results after resolving the received routing rule, and can also determine which service in which environment the target DNS resolving request specifically points to.
If the target DNS resolution request is directed to a service in the first environment, the rule resolution module forwards the target DNS resolution request to the first DNS resolution device, and the first DNS resolution device resolves the target DNS resolution request, so that the initiator can access the service in the first environment.
If the target DNS resolution request is directed to a service in the second environment, the rule resolution module forwards the target DNS resolution request to the second DNS resolution device, and the second DNS resolution device resolves the target DNS resolution request, regardless of whether the initiator is a service in the first environment or a service in the second environment, so that the initiator can access the service in the second environment.
Therefore, in the embodiment of the application, whether the service in the first environment initiates the target DNS analysis request pointing to the service in the second environment or the service in the second environment initiates the target DNS analysis request pointing to the service in the first environment, the joint analysis device applied to the local area network can accurately forward the target DNS analysis request to the DNS analysis device capable of analyzing the target DNS analysis request, so that bidirectional cross-environment DNS analysis can be stably ensured.
In an embodiment, the rule transfer module performs deserialization processing on the routing rule before returning the routing rule to the rule analysis module, and then returns the routing rule after the deserialization processing to the rule analysis module.
In an embodiment, the rule relay module may also be used to update the routing rules stored in the rule storage module.
Specifically, if the routing rule stored in the rule storage module is to be updated, the background administrator may send the new routing rule to the rule transfer module, and then the rule transfer module writes the new routing rule into the rule storage module, so that the rule storage module updates the stored routing rule according to the new routing rule.
In an embodiment, the target DNS resolution request may be directed to traffic in the public network in addition to traffic in the first environment or traffic in the second environment. In this case, the routing rule is further used for describing a domain name that the public network DNS resolution device is responsible for resolving, so that the rule resolution module determines, according to a resolution result of the routing rule, that the target DNS resolution request points to a service in the public network, and then forwards the target DNS resolution request to the public network DNS resolution device, and the public network DNS resolution device resolves the target DNS resolution request, so that the initiator can access the service in the public network.
In an embodiment, referring to the global data processing schematic of the joint resolution device shown in fig. 2, the service in the first environment runs on a virtual machine or a physical server, in which case the first DNS resolution device may be an AD-DNS resolution device.
Wherein AD (Active Directory) is a form of computer network in which all user accounts, computers, printers and other security principals are registered in a central database located on one or more central computer clusters of the domain controller. Authentication takes place on the domain controller. Each computer maintains its own secure body database in the AD domain.
A Virtual Machine (Virtual Machine) is a complete computer system running in a completely isolated environment with complete hardware system functionality emulated by software. Work that can be done in a physical computer can be done in a virtual machine.
In an embodiment, referring to the data processing schematic diagram of the joint resolution device shown in fig. 2, the service in the second environment runs on the kubernetes cluster after being containerized, where in this case, the second DNS resolution device may be a Kube-DNS resolution device of the kubernetes cluster.
The container is obtained by extracting the bottom details of the business, making the bottom details into a platform and providing a certain interface. The container is typically located within an application server, which is responsible for loading and maintenance. One container can only exist within one application server, and one application server can build and maintain multiple containers.
kubernetes is an open-source container orchestration engine that supports automated deployment, large-scale scalability, business containerization management.
The Kube-DNS resolver monitors the change between the service and the container of the kuubernets cluster at any time, records the mapping relation between the service domain name and the service IP, and provides domain name resolution service for the container in the kuubernets cluster.
Referring to the schematic data processing diagram of the joint resolution device shown in fig. 3 for a target DNS resolution request from a first environment to a second environment, in one embodiment, a service on a virtual machine or a physical server can access a service on a kubernetes cluster.
Specifically, the service on the virtual machine or the physical server requires to access the service on the kubernetes cluster, generates a corresponding target DNS resolution request, and sends the request to a rule resolution module in the joint resolution device. The rule analysis module analyzes the routing rule after receiving the routing rule stored by the rule storage module through the rule transfer module, and can determine that the target DNS analysis request points to the second DNS analysis device according to the analysis result. And the rule resolving module forwards the target DNS resolving request to the second DNS resolving device, so that the service on the virtual machine or the physical server can access the service on the kubernetes cluster.
Referring to the data processing schematic of the joint resolution device shown in fig. 4 for a target DNS resolution request inside the first environment, in one embodiment, the service on the virtual machine or the physical server can still be accessed.
Specifically, one service on the virtual machine or the physical server requires access to another service on the virtual machine or the physical server, generates a corresponding target DNS resolution request, and sends the corresponding target DNS resolution request to a rule resolution module in the joint resolution device. The rule analysis module analyzes the routing rule after receiving the routing rule stored by the rule storage module through the rule transfer module, and can determine that the target DNS analysis request points to the first DNS analysis device according to the analysis result. And the rule resolving module forwards the target DNS resolving request to the first DNS resolving device, so that the service on the virtual machine or the physical server can still access the service on the virtual machine or the physical server.
Referring to the schematic data processing diagram of the joint resolution device shown in fig. 5 for a target DNS resolution request from a second environment to a first environment, in one embodiment, services on a kubernetes cluster can access services on a virtual machine or a physical server.
Specifically, the service on the kubernetes cluster requires access to the service on the virtual machine or the physical server, generates a corresponding target DNS resolution request, and sends the request to a rule resolution module in the joint resolution device. The rule analysis module analyzes the routing rule after receiving the routing rule stored by the rule storage module through the rule transfer module, and can determine that the target DNS analysis request points to the first DNS analysis device according to the analysis result. And the rule resolving module forwards the target DNS resolving request to the first DNS resolving device, so that the service on the kubernetes cluster can access the service on the virtual machine or the physical server.
Referring to the data processing schematic diagram of the joint resolution device shown in fig. 6 for the target DNS resolution request inside the second environment, in an embodiment, the service on the kubernetes cluster can still access the service on the kubernetes cluster.
Specifically, one service on the kubernetes cluster requires access to another service on the kubernetes cluster, generates a corresponding target DNS resolution request, and sends the request to a rule resolution module in the joint resolution device. The rule analysis module analyzes the routing rule after receiving the routing rule stored by the rule storage module through the rule transfer module, and can determine that the target DNS analysis request points to the second DNS analysis device according to the analysis result. And the rule resolving module forwards the target DNS resolving request to the second DNS resolving device, so that the service on the kubernetes cluster can still access the service on the kubernetes cluster.
An electronic device 30 according to an embodiment of the present application is described below with reference to fig. 7. The electronic device 30 shown in fig. 7 is only an example and should not be construed as limiting the functionality and scope of use of embodiments of the present application.
As shown in fig. 7, the electronic device 30 is in the form of a general purpose computing device. Components of electronic device 30 may include, but are not limited to: the at least one processing unit 310, the at least one memory unit 320, and a bus 330 connecting the various system components, including the memory unit 320 and the processing unit 310.
Wherein the storage unit stores program code that is executable by the processing unit 310 such that the processing unit 310 performs the steps according to various exemplary embodiments of the present application described in the description of the exemplary methods described above in this specification.
Storage unit 320 may include readable media in the form of volatile storage units, such as Random Access Memory (RAM) 3201 and/or cache memory 3202, and may further include Read Only Memory (ROM) 3203.
The storage unit 320 may also include a program/utility 3204 having a set (at least one) of program modules 3205, such program modules 3205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 330 may be one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 30 may also communicate with one or more external devices 400 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a user to interact with the electronic device 30, and/or any device (e.g., router, modem, etc.) that enables the electronic device 30 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 350. An input/output (I/O) interface 350 is connected to the display unit 340. Also, electronic device 30 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 360. As shown, the network adapter 360 communicates with other modules of the electronic device 30 over the bus 330. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 30, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a terminal device, or a network device, etc.) to perform the method according to the embodiments of the present application.
In an exemplary embodiment of the application, there is also provided a computer-readable storage medium having stored thereon computer-readable instructions, which, when executed by a processor of a computer, cause the computer to perform the method described in the method embodiments section above.
According to an embodiment of the present application, there is also provided a program product for implementing the method in the above method embodiment, which may employ a portable compact disc read only memory (CD-ROM) and comprise program code and may be run on a terminal device, such as a personal computer. However, the program product of the present application is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functions of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the application. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
Furthermore, although the steps of the methods of the present application are depicted in the accompanying drawings in a particular order, this is not required to either imply that the steps must be performed in that particular order, or that all of the illustrated steps be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present application.
Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
Claims (7)
1. The combined resolving device is characterized in that a first DNS resolving device is arranged in a first environment of the local area network, a second DNS resolving device is arranged in a second environment of the local area network, the first DNS resolving device is used for resolving a DNS resolving request pointing to a service in the first environment, the second DNS resolving device is used for resolving the DNS resolving request pointing to the service in the second environment, the service in the first environment operates on a virtual machine or a physical server, the service in the second environment operates on a kubernetes cluster after being containerized, and the public network DNS resolving device is used for resolving the DNS resolving request pointing to the service of the public network and comprises a rule storage module, a rule transit module and a rule resolving module;
the rule storage module is configured to: storing a routing rule, wherein the routing rule is used for describing a domain name which is responsible for resolving by the first DNS resolving device, a domain name which is responsible for resolving by the public network DNS resolving device and a domain name which is responsible for resolving by the second DNS resolving device;
the rule transit module is configured to: reading the routing rule from the rule storage module and forwarding the read routing rule to the rule analysis module;
the rule parsing module is configured to: responding to a target DNS resolution request initiated by a service in the first environment or the second environment, requesting to query the routing rule from the rule transfer module to trigger the rule transfer module to read and forward the routing rule from the rule storage module; receiving and analyzing the routing rule forwarded by the rule transfer module; if the target DNS analysis request is determined to be directed to the service in the first environment according to the analysis result of the routing rule, forwarding the target DNS analysis request to the first DNS analysis device; if the target DNS analysis request is determined to be directed to the service in the second environment according to the analysis result of the routing rule, forwarding the DNS analysis request to the second DNS analysis device; and if the target DNS analysis request is determined to point to the service in the public network according to the analysis result of the routing rule, forwarding the target DNS analysis request to the public network DNS analysis device.
2. The joint resolution device of claim 1, wherein the rule relay module is further configured to: and carrying out deserialization processing on the read routing rule and then forwarding the routing rule to the rule analysis module.
3. The joint resolution device according to any one of claims 1-2, wherein the rule relay module is further configured to: and receiving a new routing rule written by a background administrator, and writing the new routing rule into the rule storage module to trigger the rule storage module to update the stored routing rule according to the new routing rule.
4. The joint analysis method applied to the local area network is characterized in that a first DNS analysis device is arranged in a first environment of the local area network, a second DNS analysis device is arranged in a second environment of the local area network, the first DNS analysis device is used for analyzing a DNS analysis request pointing to a service in the first environment, the second DNS analysis device is used for analyzing the DNS analysis request pointing to the service in the second environment, the service in the first environment operates on a virtual machine or a physical server, the service in the second environment operates on a kubernetes cluster after being containerized, and the public network DNS analysis device is used for analyzing the DNS analysis request pointing to the service of the public network, and the joint analysis method comprises:
storing a routing rule, wherein the routing rule is used for describing a domain name which is responsible for resolving by the first DNS resolving device, a domain name which is responsible for resolving by the public network DNS resolving device and a domain name which is responsible for resolving by the second DNS resolving device;
responding to a target DNS resolution request initiated by a service in the local area network, and inquiring and resolving the routing rule;
if the target DNS analysis request is determined to be directed to the service in the first environment according to the analysis result of the routing rule, forwarding the target DNS analysis request to the first DNS analysis device;
if the target DNS analysis request is determined to be directed to the service in the second environment according to the analysis result of the routing rule, forwarding the DNS analysis request to the second DNS analysis device;
and if the target DNS analysis request is determined to point to the service in the public network according to the analysis result of the routing rule, forwarding the target DNS analysis request to the public network DNS analysis device.
5. The joint resolution method of claim 4, wherein the method further comprises: and carrying out deserialization processing on the read routing rule and then forwarding the routing rule to a rule analysis module.
6. The joint resolution method according to any one of claims 4 to 5, wherein the method further comprises: and receiving a new routing rule written by a background administrator, and issuing the new routing rule to a storage module to trigger the storage module to update the stored routing rule according to the new routing rule.
7. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs which, when executed by the one or more processors, cause the electronic device to implement the method of any of claims 4 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111232848.3A CN113992759B (en) | 2021-10-22 | 2021-10-22 | Combined analysis device and method applied to local area network and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111232848.3A CN113992759B (en) | 2021-10-22 | 2021-10-22 | Combined analysis device and method applied to local area network and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113992759A CN113992759A (en) | 2022-01-28 |
| CN113992759B true CN113992759B (en) | 2023-12-15 |
Family
ID=79740365
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111232848.3A Active CN113992759B (en) | 2021-10-22 | 2021-10-22 | Combined analysis device and method applied to local area network and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113992759B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11811730B1 (en) * | 2022-10-11 | 2023-11-07 | International Business Machines Corporation | Determining domain name system forwarding rules in a multi-cloud environment |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102780584A (en) * | 2012-07-25 | 2012-11-14 | 杭州华三通信技术有限公司 | Method and device for quickly accessing network management system of Ethernet equipment |
| CN106953945A (en) * | 2017-05-26 | 2017-07-14 | 北京奇虎科技有限公司 | Domain name intelligently parsing method and device, server based on SDN realizations |
| CN107948314A (en) * | 2017-12-21 | 2018-04-20 | 泰康保险集团股份有限公司 | Method for processing business, device and the server of rule-based file |
| CN108566446A (en) * | 2018-04-09 | 2018-09-21 | 广州热点软件科技股份有限公司 | LAN domain name analytic method, device and system |
| CN110324435A (en) * | 2019-06-19 | 2019-10-11 | 厦门网宿有限公司 | A kind of network request processing method and system, entrance and egress network equipment |
| CN110719343A (en) * | 2019-09-12 | 2020-01-21 | 厦门网宿有限公司 | Service acceleration processing method and system, and entrance and exit network equipment |
| WO2020060826A1 (en) * | 2018-09-21 | 2020-03-26 | Cisco Technology, Inc. | Segment routing with fast reroute for container networking |
| CN111614738A (en) * | 2020-05-07 | 2020-09-01 | 北京金山云网络技术有限公司 | Service access method, device, equipment and storage medium based on Kubernetes cluster |
| CN111866206A (en) * | 2020-06-24 | 2020-10-30 | 北京金山云网络技术有限公司 | Distributed domain name resolution method, device and equipment |
| CN113438307A (en) * | 2021-06-22 | 2021-09-24 | 北京金山安全软件有限公司 | Domain name resolution method, server, system and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10033691B1 (en) * | 2016-08-24 | 2018-07-24 | Amazon Technologies, Inc. | Adaptive resolution of domain name requests in virtual private cloud network environments |
-
2021
- 2021-10-22 CN CN202111232848.3A patent/CN113992759B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102780584A (en) * | 2012-07-25 | 2012-11-14 | 杭州华三通信技术有限公司 | Method and device for quickly accessing network management system of Ethernet equipment |
| CN106953945A (en) * | 2017-05-26 | 2017-07-14 | 北京奇虎科技有限公司 | Domain name intelligently parsing method and device, server based on SDN realizations |
| CN107948314A (en) * | 2017-12-21 | 2018-04-20 | 泰康保险集团股份有限公司 | Method for processing business, device and the server of rule-based file |
| CN108566446A (en) * | 2018-04-09 | 2018-09-21 | 广州热点软件科技股份有限公司 | LAN domain name analytic method, device and system |
| WO2020060826A1 (en) * | 2018-09-21 | 2020-03-26 | Cisco Technology, Inc. | Segment routing with fast reroute for container networking |
| CN110324435A (en) * | 2019-06-19 | 2019-10-11 | 厦门网宿有限公司 | A kind of network request processing method and system, entrance and egress network equipment |
| CN110719343A (en) * | 2019-09-12 | 2020-01-21 | 厦门网宿有限公司 | Service acceleration processing method and system, and entrance and exit network equipment |
| CN111614738A (en) * | 2020-05-07 | 2020-09-01 | 北京金山云网络技术有限公司 | Service access method, device, equipment and storage medium based on Kubernetes cluster |
| CN111866206A (en) * | 2020-06-24 | 2020-10-30 | 北京金山云网络技术有限公司 | Distributed domain name resolution method, device and equipment |
| CN113438307A (en) * | 2021-06-22 | 2021-09-24 | 北京金山安全软件有限公司 | Domain name resolution method, server, system and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| "DNS协议隐蔽信道的构建和检测技术研究";谷传征;《中国优秀硕士学位论文全文数据库(电子期刊)信息科技辑》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113992759A (en) | 2022-01-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108370391A (en) | Shared multi-tenant domain name system (DNS) server for virtual network | |
| US20180295194A1 (en) | Techniques for supporting remote micro-services as native functions in spreadsheet applications | |
| CN103843308A (en) | Execution of applications distributed across a plurality of computing devices | |
| CN101401085A (en) | Selective address translation for a resource such as a hardware device | |
| US11388164B2 (en) | Distributed application programming interface whitelisting | |
| CN109669787B (en) | Data transmission method and device, storage medium and electronic equipment | |
| US10558710B2 (en) | Sharing server conversational context between multiple cognitive engines | |
| CN109656886B (en) | Key value pair-based file system implementation method, device, equipment and storage medium | |
| CN114385091A (en) | Method and device for realizing network disk drive character, network disk and storage medium | |
| CN112073448A (en) | Service isolation method and device for dual-system terminal | |
| CN113765988A (en) | Information processing method, information processing device, electronic equipment and storage medium | |
| CN104866976A (en) | Multi-tenant-oriented information managing system | |
| CN110990081A (en) | Microservice registration and discovery method and device, storage medium and electronic equipment | |
| CN111343262B (en) | Distributed cluster login method, device, equipment and storage medium | |
| CN113992759B (en) | Combined analysis device and method applied to local area network and electronic equipment | |
| CN111124299A (en) | Data storage management method, device, equipment, system and storage medium | |
| US20140280667A1 (en) | Scalable data transfer in and out of analytics clusters | |
| CN114296646B (en) | Caching method and device based on IO service, server and storage medium | |
| CN114371914A (en) | Container IP address configuration method and device, storage medium and electronic equipment | |
| CN112243045A (en) | Service data processing method and device, node structure and electronic equipment | |
| CN109923835B (en) | Local and off-site communications | |
| CN112492060B (en) | Service resource processing method and system, proxy equipment and request equipment | |
| CN113992382A (en) | Service data processing method and device, electronic equipment and storage medium | |
| US9891929B2 (en) | System and method for redirecting input/output (I/O) sequences | |
| KR102124954B1 (en) | IoT PLATFORM SYSTEM FOR SUPPORTING HETEROGENEOUS DATABASE MANAGEMENT SYSTEM SIMULTANEOUSLY AND OPERATING METHOD THEREOF |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |