CN114500450B - Domain name resolution method, device and computer readable storage medium - Google Patents
Domain name resolution method, device and computer readable storage medium Download PDFInfo
- Publication number
- CN114500450B CN114500450B CN202111577642.4A CN202111577642A CN114500450B CN 114500450 B CN114500450 B CN 114500450B CN 202111577642 A CN202111577642 A CN 202111577642A CN 114500450 B CN114500450 B CN 114500450B
- Authority
- CN
- China
- Prior art keywords
- domain name
- tenant
- name resolution
- dns node
- target dns
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Abstract
The present application relates to the field of computer technologies, and in particular, to a domain name resolution method, device, and computer readable storage medium, for accurately resolving a tenant domain name based on a multi-tenant architecture. According to the embodiment of the application, the target DNS node creates the VXLAN tunnel according to the VPC configuration information corresponding to the tenant; the VPC configuration information is configured by the tenant through the cloud network platform, and the target DNS node is one of at least two DNS nodes distributed to the tenant by a controller corresponding to the cloud network platform; receiving a domain name resolution request sent by a tenant through an ECS through the created VXLAN tunnel; and carrying out domain name resolution on the domain name information of the tenant in the domain name resolution request, and returning the IP address obtained by the resolution to the ECS. The embodiment of the application provides a scheme for accurately carrying out domain name resolution based on a multi-tenant architecture.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a domain name resolution method, a domain name resolution device, and a computer readable storage medium.
Background
Multi-tenant technology (multi-tenancy technology), or multi-tenancy technology, is a software architecture technology that is used to explore and implement how to share the same system or program components in a multi-user environment, and yet ensure data isolation between users.
Multi-tenant simply means that a single instance can serve multiple organizations. Multi-tenant technology provides the same or even customizable services as most clients with a single system architecture and services within a common data center, and still can guarantee data isolation for the clients. A system supporting multi-tenant technology requires virtual partitioning of its data and configuration in design, so that each tenant or organization of the system can use a single system instance, and each tenant can individually configure the rented system instance according to its own needs.
Because the multi-tenant technology can enable a plurality of tenants to share one application program or operation environment, the cost of environment construction can be effectively reduced for a provider, and the multi-tenant technology specifically comprises a hardware system, an operating system and the like; how to resolve tenant domain names based on a multi-tenant architecture becomes a problem to be solved.
Disclosure of Invention
The application provides a domain name resolution method, device and computer readable storage medium, which are used for accurately resolving tenant domain names based on a multi-tenant architecture.
In a first aspect, a domain name resolution method according to an embodiment of the present application includes:
the target DNS node creates a VXLAN tunnel according to VPC configuration information corresponding to the tenant; the VPC configuration information is configured by the tenant through a cloud network platform, and the target DNS node is one of at least two DNS nodes distributed to the tenant by a controller corresponding to the cloud network platform;
the target DNS node receives a domain name resolution request sent by a tenant through an ECS through the created VXLAN tunnel; the domain name resolution request comprises domain name information of the tenant;
and the target DNS node carries out domain name resolution on the domain name information of the tenant in the domain name resolution request, and returns the IP address obtained by resolution to the ECS.
Optionally, the target DNS node performs domain name resolution on domain name information of the tenant in the domain name resolution request, specifically including:
the target DNS node performs domain name resolution according to the domain name information of the tenant;
if the target DNS node resolves the IP address corresponding to the domain name information of the tenant, taking the IP address corresponding to the domain name information of the tenant as the resolved IP address; otherwise, the target DNS node performs domain name resolution according to the shared domain name information;
if the target DNS node resolves the IP address corresponding to the shared domain name information, taking the IP address corresponding to the shared domain name information as the resolved IP address; otherwise, the target DNS node performs domain name resolution according to public network domain name information;
and the target DNS node takes the IP address corresponding to the public network domain name information as the resolved IP address.
Optionally, the target DNS node performs domain name resolution according to public network domain name information, and specifically includes:
the target DNS node searches whether the IP address corresponding to the public network domain name information exists in a cache module, if so, the IP address corresponding to the public network domain name information stored in the cache module is used as an IP address obtained through analysis;
otherwise, the target DNS node accesses an external network server through a forwarding module, and takes the received IP address corresponding to the public network domain name information returned by the external network server as the resolved IP address.
In a second aspect, an embodiment of the present application further provides a domain name resolution method, including:
responding to domain name resolution operation triggered by a tenant, and sending a domain name resolution request containing domain name information of the tenant to a target DNS node by an ECS (virtual extensible local area network) through a VXLAN (virtual extensible local area network) tunnel so as to enable the target DNS node to conduct domain name resolution on the domain name information of the tenant; the target DNS node is one of at least two DNS nodes distributed to the tenant by a controller corresponding to the cloud network platform, and the VXLAN tunnel is created by the target DNS node according to VPC configuration information configured by the tenant cloud network platform;
and the ECS receives the resolved IP address returned by the target DNS node.
Optionally, the method further comprises:
if the IP address obtained by the analysis returned by the target DNS node is not received or the ECS determines that the target DNS node fails, the ECS sends the domain name analysis request to other DNS nodes except the target DNS node in at least two DNS nodes distributed by the controller for the tenant, so that the other DNS nodes conduct domain name analysis on domain name information of the tenant;
and the ECS receives the resolved IP addresses returned by the other DNS nodes.
In a third aspect, an embodiment of the present application provides a domain name resolution apparatus, including:
the creating unit is used for creating the VXLAN tunnel according to the VPC configuration information corresponding to the tenant; the VPC configuration information is configured by the tenant through a cloud network platform, and the target DNS node is one of at least two DNS nodes distributed to the tenant by a controller corresponding to the cloud network platform;
a first sending unit, configured to receive, through the created VXLAN tunnel, a domain name resolution request sent by a tenant through an ECS; the domain name resolution request comprises domain name information of the tenant;
and the domain name resolution unit is used for performing domain name resolution on the domain name information of the tenant in the domain name resolution request and returning the IP address obtained by resolution to the ECS.
In a fourth aspect, an embodiment of the present application provides a domain name resolution apparatus, including:
a second sending unit, configured to send, to a target DNS node through a VXLAN tunnel, a domain name resolution request including domain name information of a tenant in response to a domain name resolution operation triggered by the tenant, so that the target DNS node performs domain name resolution on the domain name information of the tenant; the target DNS node is one of at least two DNS nodes distributed to the tenant by a controller corresponding to the cloud network platform, and the VXLAN tunnel is created by the target DNS node according to VPC configuration information configured by the tenant cloud network platform;
and the receiving unit is used for receiving the resolved IP address returned by the target DNS node.
In a fifth aspect, an embodiment of the present application provides a target DNS node, the target DNS node comprising:
a memory for storing program instructions;
and a processor for calling program instructions stored in the memory and executing the method according to the first aspect according to the obtained program.
In a sixth aspect, an embodiment of the present application provides a cloud server ECS, the ECS including:
a memory for storing program instructions;
and a processor for calling program instructions stored in the memory and executing the method according to the second aspect according to the obtained program.
In a seventh aspect, embodiments of the present application provide a computer-readable storage medium storing computer-executable instructions for causing a computer to perform the method according to the first or second aspect.
The multi-tenant DNS node is convenient to deploy, and can be flexibly deployed in a complex cloud network environment without installing excessive component services (mysql, OVS and the like) and complex containers (k 8s, dock and the like). Based on the multi-user architecture, the domain name resolution method provided by the embodiment of the application is that the DNS node creates a VXLAN tunnel according to VPC configuration information corresponding to the tenant; the VPC configuration information is configured by a tenant through a cloud network platform, and the DNS node is one of at least two DNS nodes distributed to the tenant by a controller corresponding to the cloud network platform; the DNS node receives a domain name resolution request sent by a tenant through an ECS through the created VXLAN tunnel; the domain name resolution request contains domain name information of the tenant; the DNS node performs domain name resolution on the domain name information of the tenant in the domain name resolution request, and returns the IP address obtained by the resolution to the ECS, so that the domain name of the tenant can be accurately resolved.
Drawings
FIG. 1 is a schematic diagram of a control plane network topology according to an embodiment of the present application;
fig. 2 is a schematic diagram of a controller assigning DNS nodes according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a network topology of a data plane according to an embodiment of the present application;
FIG. 4 is a flowchart illustrating a domain name resolution method according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a domain name resolution process according to an embodiment of the present application;
fig. 6 is a schematic diagram of a domain name resolution process of a target DNS node according to an embodiment of the present application;
FIG. 7 is a schematic diagram of a system architecture according to an embodiment of the present application;
FIG. 8 is a schematic diagram of a multi-process model according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a target DNS node according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of an ECS according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a domain name resolution device according to an embodiment of the present application;
fig. 12 is a schematic structural diagram of another domain name resolution device according to an embodiment of the present application;
FIG. 13 is a flow chart of a domain name resolution method according to an embodiment of the present application;
fig. 14 is a flowchart of another domain name resolution method according to an embodiment of the application.
Detailed Description
In the embodiment of the application, the term "and/or" describes the association relation of the association objects, which means that three relations can exist, for example, a and/or B can be expressed as follows: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.
The term "plurality" in embodiments of the present application means two or more, and other adjectives are similar.
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The embodiment of the application provides a scheme for isolating and analyzing a multi-tenant private domain based on DPDK (Data Plane Development Kit ).
The embodiment of the application carries out control plane related deployment according to the operation information of the tenant:
the cloud network platform provides a relevant configuration interface for the tenant to access the cloud platform intranet DNS (Domain Name Server, domain name resolution), and the tenant needs to have the authority to log in the cloud network platform;
after the tenant logs in the cloud network platform, the tenant domain name information and the VPC configuration information can be configured in the cloud network platform; the cloud network platform associates domain name information of tenant configuration with VPC (Virtual Private Cloud ) configuration information, stores the information, and adds a host record to the domain.
After acquiring the configuration information of the tenant, the cloud network platform sends the operation information of the tenant to the controller; the configuration information of the tenant comprises domain name information and VPC configuration information;
the controller stores the configuration information sent by the cloud network platform, calls an API (Application Programming Interface, application program interface) of the DNS network element node, and issues the configuration information of the tenant; the controller allocates at least two DNS nodes from the DNS node set for the tenant, and is used for balancing load and ensuring that DNS service of a subsequent tenant ECS (Elastic Compute Service, cloud server) operates normally.
As shown in the control plane network topology diagram of fig. 1, communication is performed among the cloud network platform, the controller and the DNS node; the cloud network platform sends the configuration information of the tenant to the controller; corresponding to the controller IP:10.0.0.150 and DNS IP: 10.0.1-10.0.0.4 direct communication; currently, a full-volume issuing strategy is adopted, one-to-one communication between a controller and all DNS nodes in FIG. 1 is required, and an API is called; the configuration information of the tenant is ensured to be successfully issued to each DNS node, so that the failure of the main DNS is avoided, a large amount of configuration migration is realized when the standby DNS is switched, the operation and maintenance workload is reduced, and the probability of sending synchronous configuration errors is reduced.
In implementation, when a controller allocates DNS nodes for tenants, a polling allocation mode is adopted to allocate at least two DNS nodes for the tenants, wherein one of the DNS nodes is used as a main DNS node, and the other DNS nodes are used as standby DNS nodes;
as shown in fig. 2, in the embodiment of the present application, a controller allocates a schematic diagram of DNS nodes, and the controller sequentially polls and obtains 2 DNS nodes from all DNS nodes, allocates the DNS nodes to a new tenant for use, and effectively reduces the probability of DNS service failure. For example tenant 1 configures DNS nodes a and B; tenant 2 configures DNS nodes B and C; tenant 3 configures DNS nodes C and D; tenant 4 configures DNS nodes D and a. And in the whole domain, ECS of corresponding tenants is more, and the minimum granularity is adopted for distributing DNS nodes, so that the tenant experience is facilitated. Meanwhile, the distribution strategy also effectively balances the load of the DNS service flow.
And after receiving the configuration information of the tenant, the DNS node informs the named process of loading the changed configuration, namely incremental loading, so as to meet the requirement of hot data synchronization.
The embodiment of the application adopts a hierarchical directory structure to store domain name information and VPC configuration information of tenants; therefore, information isolation among tenants can be ensured, meanwhile, data are clear, and maintenance and deployment are easy.
For example, the tenant domain name directory may be: conf/{ tent_id }/zone/{ zone_id }/{ zone_name };
{ tenant_id } in the catalog is the ID of the tenant, and is globally unique to distinguish different tenants;
the { zone_id } in the catalog is a zone configured by the corresponding tenant, is a randomly produced 32-bit sixteen-process character string, and is globally unique and used for distinguishing different zones;
{ zone_name } in the directory is the domain of the corresponding tenant configuration for association to the VPC, while domains of different tenants may appear the same name, distinguished by { zone_id }.
The storage format is as follows:
86400
A,7200,www.test.com,192.168.1.2
A,7200,www.test.com,192.168.1.3
A,7200,www.test.com,192.168.1.4
AAAA,7200,test.com,::1
CNAME,7200,cname.test.com,www.test.com
CNAME,7200,cname1.test.com,cname.test.com
CNAME,7200,cname2.test.com,cname1.test.com
CNAME,7200,cname3.test.com,cname2.test.com
MX,7200,mx.test.com,10,192.168.1.4
MX,7200,mx.test.com,9,192.168.1.3
SRV,7200,_rdap._tcp.test.com,10,200,80,server.test.com
TXT,7200,txt.test.com,this is txt record
for different types of DNS, each type of DNS supports multiple storage formats; formats such as DNS supported include, but are not limited to: TXT, CNAME, MX, SRV, A, AAAA.
For example, the tenant VPC directory may be: conf/{ tenant_id }/vpc/{ vni };
{ tenant_id } in the catalog is the ID of the tenant, and is globally unique to distinguish different tenants;
{ VNI } in the directory is a VNI for building a VXLAN (Virtual Extensible Local Area Network, virtual expansion local area network) tunnel for the corresponding tenant VPC, and is the basis of the Overlay network, and the universe is unique to distinguish different VPCs;
it should be noted that one tenant may correspond to multiple VPCs, i.e., multiple VNIs; the method is mainly used for associating the use of the zone, and the zone and the VPC can be in a many-to-many relationship; however, from the implementation, only the associated zone is recorded in the VPC object, and no information of the associated VPC is required to be recorded in the zone record, so that the structure is clear and the implementation is easy.
In addition, the embodiment of the application can also carry out data plane related deployment:
a network topology diagram of the data plane as shown in fig. 3, for example, 2 DNS nodes are configured for each ECS; one of which is a primary DNS and one of which is a backup DNS; it should be noted that DNS nodes IP configured by ECS are 100.64.0.1 and 100.64.0.2, as IP of the Overlay network; IP of DNS node: 10.0.0.1 is VXLAN vtep for constructing an Overlay network; the DNS node will typically provide 2 IPs and support configuration, the data plane need only care about the inner IP.
The embodiment of the application provides a domain name resolution method, as shown in fig. 4, which comprises the following steps:
step S401, a target DNS node creates a VXLAN tunnel according to VPC configuration information corresponding to a tenant;
the VPC configuration information is configured by the tenant through a cloud network platform, and the target DNS node is one of at least two DNS nodes allocated to the tenant by a controller corresponding to the cloud network platform.
The DNS node automatically loads and creates VXLAN tunnel related information according to VPC configuration information configured by the tenant, and the VXLAN tunnel related information is used for accessing the tenant domain name by the subsequent ECS;
when the controller distributes two DNS nodes for the tenant, an optional mode is that the two DNS nodes corresponding to the tenant are both loaded and created automatically according to VPC configuration information configured by the tenant;
when the ECS corresponding to the tenant side is started, 2 DNS nodes which are pre-allocated according to the controller are automatically loaded into the/etc/resolv.conf file.
Step S402, responding to domain name resolution operation triggered by the tenant, and sending a domain name resolution request containing domain name information of the tenant to a target DNS node by the ECS through a VXLAN tunnel;
when the tenant needs to resolve the domain name, triggering domain name resolution operation, and when the primary DNS node fails, attempting to access the backup DNS node to play a disaster recovery mechanism by the ECS of the tenant side to access the primary DNS node by default to obtain the resolution result;
wherein the ECS access DNS node is a VXLAN tunnel established through the host's OVS component to the DNS node.
In implementation, the ECS sends a domain name resolution request to the master DNS node through the VXLAN tunnel, and if the ECS does not receive the IP address obtained by the resolution returned by the target DNS node, or the ECS determines that the target DNS node fails, the ECS sends the domain name resolution request to other DNS nodes except for the target DNS node in at least two DNS nodes allocated to the tenant by the controller, so that the other DNS nodes perform domain name resolution on domain name information of the tenant.
Step S403, the target DNS node performs domain name resolution on the domain name information of the tenant in the domain name resolution request;
and step S404, the target DNS node returns the IP address obtained by the analysis to the ECS.
As shown in fig. 5, the domain name resolution request of the ECS reaches the DNS node through the VXLAN tunnel, and the domain name resolution request is automatically processed as the NVE to the corresponding VXLAN; after receiving the domain name resolution request, the DNS node sequentially passes through the tenant domain name, the shared domain name, the cache domain name, the forwarding module and the upstream server, and finally returns a reasonable domain name resolution result to the ECS;
in implementation, the target DNS node may perform domain name resolution on the domain name information of the tenant in the domain name resolution request according to the following manner, such as the domain name resolution flow shown in fig. 6:
step S601, performing domain name resolution by a target DNS node according to domain name information of the tenant;
step S602, judging whether to analyze to obtain an IP address; if not, go to step S603; if yes, go to step S609;
step S603, the target DNS node carries out domain name resolution according to the shared domain name information;
step S604, judging whether to analyze to obtain an IP address; if not, go to step S605; if yes, go to step S609;
step S605, the target DNS node searches an IP address corresponding to the public network domain name information from the cache module;
step S606, judging whether to find the IP address corresponding to the public network domain name information; if not, go to step S607; if yes, go to step S609;
step S607, the target DNS node accesses the external network server through the forwarding module;
step 608, the target DNS node receives the IP address corresponding to the public network domain name information returned by the external network server;
step S609, the obtained IP address is packaged, and a response message for returning to the ECS is obtained.
When the DNS node performs domain name resolution, the DNS node accesses the domain name of the tenant preferentially, and if the DNS node hits, the DNS node directly returns an IP address; and if the tenant configuration domain name is the same as the public network domain name, returning the tenant configuration domain name with the tenant domain name preferentially. For example, if the tenant configuration www.baidu.com is 192.168.1.1, the tenant query www.baidu.com a records return 192.168.1.1, and if the tenant domain name is not hit, the shared domain name is accessed, which is the shared domain name of all tenants, typically the OSS related domain name inside the cloud network, and is used for ensuring that the intranet IP is returned instead of the public network IP, so that the access efficiency is improved and the delay is reduced. If the shared domain name is missed, the cache domain name is queried, the cache domain names are public network domain names and are tightly combined with the forwarding modules, and the response results of all the forwarding modules can record the domain name results to the cache module for efficient recovery of frequently accessed domain names and reasonable utilization of resources, because the forwarding modules consume resources, and the relative performance is much lower than that of the cache.
The shared domain name is used for meeting the requirement of all tenants on sharing the domain name, namely, corresponding to logic such as OSS intranet domain name storage and the like, if the internal shared domain name is needed, the tenant name is cndns, zone_id is all 0, the domain name is public, corresponding host records are explicitly recorded in a FQDN mode, the tenant domain name format is completely compatible, and code logic related to the tenant domain name is also completely taken in codes.
The public network domain name is used for accessing the public network, the public recursion server is required to be accessed through the forwarding module to obtain the result, and meanwhile, the record is cached in the caching module for the next quick access, so that the performance and the customer experience are improved. The forwarding module supports configuration of a plurality of upstream servers, randomly selects one access for DNS, and when the access fails, the next upstream server is tried to acquire a result, so that service continuity and program robustness are ensured.
The cache module stores similar roots, top-level domains, second-level domains and the like of the step-by-step records which are completely compatible with the Internet domain name format in a domain name tree mode; the data structure adopts a hash bucket and a binary tree, so that the query efficiency is improved; the cache timeout mechanism is also supported, so that the domain names which are not accessed for a long time are cleared in time, resources are released, limited resources are used for caching domain names which are frequently accessed, and the access efficiency is improved.
The DPDK architecture according to the embodiment of the present application is described below:
1. the DPDK system architecture adopts two layers of message receiving and transmitting, and the performance is ensured by the DPDK of an open source;
2. the network and the transmission layer adopt a freeBSD protocol stack, so that the requirements of various complex service scenes are met, and the stability is ensured;
3. the service codes meet the requirements of an intranet domain name, a public network domain name and a shared domain name;
4. the application layer is in butt joint with the protocol stack, and based on the API of the f-stack of the open source, the transmission of the bottom layer data message to the service layer is realized;
5. in order to meet the multi-tenant scenario, the protocol stack is adjusted, the scenario of tenant session isolation is met, the advantages of the multi-process architecture are fully exerted, and the session scope of each process needs to be strictly distinguished in a scheduling strategy by adopting lock-free processing; the configuration change of the control plane is considered, and the data plane reloads the configuration to realize the update of the user hot data;
6. the service of the data plane and the control plane are split and developed in parallel, so that the efficiency is improved, and the difficulty of the later online investigation is greatly reduced.
The system architecture diagram shown in fig. 7 is a core implementation of the DNS node, and the bottom layer adopts DPDK to send and receive messages, so as to ensure performance. Before being sent to the protocol stack, traffic is split according to port information, namely, the vxlan4789 and DNS 53 ports are sent to the freeBSD protocol stack, and the http 80 ports are sent to the linux protocol stack. The freeBSD protocol stack processes the vxlan to extract the VNI and transmits the VNI to the DNS query service in a penetrating way, so as to ensure the domain name isolation of the tenant; the adding and deleting service of the Agent process directly modifies the configuration information and stores the configuration information to the disk, and then informs the DNS of the configuration of the change of the main process, so that the effects of hot data loading, no service interruption and no perception of clients are achieved.
The multi-process model shown in FIG. 8 avoids cache miss in order to guarantee performance. Related services are required to be processed and sent in a packet receiving process, and are currently realized by DPDK RSS or software HASH; the multi-process model realizes complete concurrent execution, the highest single process can reach 10WQPS, and under the condition of absolute equilibrium of received messages, the performance QPS linearly grows along with the increase of system resources;
among the system resources include, but are not limited to: CPU and memory.
As shown in fig. 9, an embodiment of the present application provides a target DNS node, which includes a memory 901 and a processor 902;
a memory 901 for storing program instructions;
a processor 902, configured to call the program instructions stored in the memory 901, and execute the following operations according to the obtained program:
creating a VXLAN tunnel according to VPC configuration information corresponding to the tenant; the VPC configuration information is configured by the tenant through a cloud network platform, and the target DNS node is one of at least two DNS nodes distributed to the tenant by a controller corresponding to the cloud network platform;
receiving a domain name resolution request sent by a tenant through an ECS through the created VXLAN tunnel; the domain name resolution request comprises domain name information of the tenant;
and carrying out domain name resolution on the domain name information of the tenant in the domain name resolution request, and returning the IP address obtained by resolution to the ECS.
Optionally, the processor 902 is specifically configured to:
performing domain name resolution according to the domain name information of the tenant;
if the IP address corresponding to the domain name information of the tenant is obtained through analysis, the IP address corresponding to the domain name information of the tenant is used as the IP address obtained through analysis; otherwise, the target DNS node performs domain name resolution according to the shared domain name information;
if the IP address corresponding to the shared domain name information is obtained through analysis, the IP address corresponding to the shared domain name information is used as the IP address obtained through analysis; otherwise, the target DNS node performs domain name resolution according to public network domain name information;
and taking the IP address corresponding to the public network domain name information as the IP address obtained by analysis.
Optionally, the processor 902 is specifically configured to:
searching whether the IP address corresponding to the public network domain name information exists in a cache module, if so, taking the IP address corresponding to the public network domain name information stored in the cache module as an IP address obtained through analysis;
otherwise, accessing an external network server through a forwarding module, and taking the IP address corresponding to the public network domain name information returned by the external network server as the IP address obtained by analysis.
As shown in fig. 10, an embodiment of the present application provides a cloud server ECS, which includes a memory 1001 and a processor 1002;
a memory 1001 for storing program instructions;
a processor 1002 for calling the program instructions stored in the memory 1001, and executing the following operations according to the obtained program:
responding to domain name resolution operation triggered by a tenant, and sending a domain name resolution request containing domain name information of the tenant to a target DNS node through a VXLAN tunnel so that the target DNS node carries out domain name resolution on the domain name information of the tenant; the target DNS node is one of at least two DNS nodes distributed to the tenant by a controller corresponding to the cloud network platform, and the VXLAN tunnel is created by the target DNS node according to VPC configuration information configured by the tenant cloud network platform;
and receiving the resolved IP address returned by the target DNS node.
Optionally, the processor 1002 is further configured to:
if the IP address obtained by analysis returned by the target DNS node is not received or the ECS determines that the target DNS node fails, sending the domain name analysis request to other DNS nodes except the target DNS node in at least two DNS nodes distributed by the controller for the tenant, so that the other DNS nodes conduct domain name analysis on domain name information of the tenant;
and receiving the resolved IP addresses returned by the other DNS nodes.
As shown in fig. 11, an embodiment of the present application provides a domain name resolution apparatus, which includes:
a creating unit 1101, configured to create a VXLAN tunnel according to VPC configuration information corresponding to a tenant; the VPC configuration information is configured by the tenant through a cloud network platform, and the target DNS node is one of at least two DNS nodes distributed to the tenant by a controller corresponding to the cloud network platform;
a first sending unit 1102, configured to receive, through the created VXLAN tunnel, a domain name resolution request sent by a tenant through an ECS; the domain name resolution request comprises domain name information of the tenant;
the domain name resolution unit 1103 is configured to perform domain name resolution on domain name information of the tenant in the domain name resolution request, and return an IP address obtained by resolution to the ECS.
Optionally, the domain name resolution unit 1103 is specifically configured to:
performing domain name resolution according to the domain name information of the tenant;
if the IP address corresponding to the domain name information of the tenant is obtained through analysis, the IP address corresponding to the domain name information of the tenant is used as the IP address obtained through analysis; otherwise, the target DNS node performs domain name resolution according to the shared domain name information;
if the IP address corresponding to the shared domain name information is obtained through analysis, the IP address corresponding to the shared domain name information is used as the IP address obtained through analysis; otherwise, the target DNS node performs domain name resolution according to public network domain name information;
and taking the IP address corresponding to the public network domain name information as the IP address obtained by analysis.
Optionally, the domain name resolution unit 1103 is specifically configured to:
searching whether the IP address corresponding to the public network domain name information exists in a cache module, if so, taking the IP address corresponding to the public network domain name information stored in the cache module as an IP address obtained through analysis;
otherwise, accessing an external network server through a forwarding module, and taking the IP address corresponding to the public network domain name information returned by the external network server as the IP address obtained by analysis.
As shown in fig. 12, an embodiment of the present application provides a domain name resolution apparatus, which includes:
a second sending unit 1201, in response to a domain name resolution operation triggered by a tenant, sends a domain name resolution request containing domain name information of the tenant to a target DNS node through a VXLAN tunnel, so that the target DNS node performs domain name resolution on the domain name information of the tenant; the target DNS node is one of at least two DNS nodes distributed to the tenant by a controller corresponding to the cloud network platform, and the VXLAN tunnel is created by the target DNS node according to VPC configuration information configured by the tenant cloud network platform;
and a receiving unit 1202 for receiving the resolved IP address returned by the target DNS node.
Optionally, the second sending unit 1201 is further configured to: if the IP address obtained by analysis returned by the target DNS node is not received or the ECS determines that the target DNS node fails, sending the domain name analysis request to other DNS nodes except the target DNS node in at least two DNS nodes distributed by the controller for the tenant, so that the other DNS nodes conduct domain name analysis on domain name information of the tenant;
the receiving unit 1202 is further configured to: and receiving the resolved IP addresses returned by the other DNS nodes.
The embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores a computer program, and the computer program is used for enabling the computer to execute the domain name resolution method.
Based on the same inventive concept, the embodiment of the present application further provides a domain name resolution method, which is applied to the target DNS node side, as shown in fig. 13, and the method includes:
step S1301, a target DNS node creates a VXLAN tunnel according to VPC configuration information corresponding to a tenant; the VPC configuration information is configured by the tenant through a cloud network platform, and the target DNS node is one of at least two DNS nodes distributed to the tenant by a controller corresponding to the cloud network platform;
step S1302, the target DNS node receives, through the created VXLAN tunnel, a domain name resolution request sent by a tenant through an ECS; the domain name resolution request comprises domain name information of the tenant;
step S1303, the target DNS node performs domain name resolution on the domain name information of the tenant in the domain name resolution request, and returns the IP address obtained by the resolution to the ECS.
Optionally, the target DNS node performs domain name resolution on domain name information of the tenant in the domain name resolution request, specifically including:
the target DNS node performs domain name resolution according to the domain name information of the tenant;
if the target DNS node resolves the IP address corresponding to the domain name information of the tenant, taking the IP address corresponding to the domain name information of the tenant as the resolved IP address; otherwise, the target DNS node performs domain name resolution according to the shared domain name information;
if the target DNS node resolves the IP address corresponding to the shared domain name information, taking the IP address corresponding to the shared domain name information as the resolved IP address; otherwise, the target DNS node performs domain name resolution according to public network domain name information;
and the target DNS node takes the IP address corresponding to the public network domain name information as the resolved IP address.
Optionally, the target DNS node performs domain name resolution according to public network domain name information, and specifically includes:
the target DNS node searches whether the IP address corresponding to the public network domain name information exists in a cache module, if so, the IP address corresponding to the public network domain name information stored in the cache module is used as an IP address obtained through analysis;
otherwise, the target DNS node accesses an external network server through a forwarding module, and takes the received IP address corresponding to the public network domain name information returned by the external network server as the resolved IP address.
Based on the same inventive concept, the embodiment of the present application further provides a domain name resolution method, applied to the ECS side, as shown in fig. 14, where the method includes:
step S1401, responding to a domain name resolution operation triggered by a tenant, and sending, by the ECS, a domain name resolution request containing domain name information of the tenant to a target DNS node through a VXLAN tunnel, so that the target DNS node performs domain name resolution on the domain name information of the tenant; the target DNS node is one of at least two DNS nodes distributed to the tenant by a controller corresponding to the cloud network platform, and the VXLAN tunnel is created by the target DNS node according to VPC configuration information configured by the tenant cloud network platform;
step S1402, the ECS receives the resolved IP address returned by the target DNS node.
Optionally, the method further comprises:
if the IP address obtained by the analysis returned by the target DNS node is not received or the ECS determines that the target DNS node fails, the ECS sends the domain name analysis request to other DNS nodes except the target DNS node in at least two DNS nodes distributed by the controller for the tenant, so that the other DNS nodes conduct domain name analysis on domain name information of the tenant;
and the ECS receives the resolved IP addresses returned by the other DNS nodes.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (10)
1. A method for domain name resolution, the method comprising:
the target domain name resolution DNS node creates a virtual extension local area network VXLAN tunnel according to Virtual Private Cloud (VPC) configuration information corresponding to the tenant; the VPC configuration information is configured by the tenant through a cloud network platform, and the target DNS node is one of at least two DNS nodes distributed to the tenant by a controller corresponding to the cloud network platform;
the target DNS node receives a domain name resolution request sent by a tenant through a cloud server ECS through the created VXLAN tunnel; the domain name resolution request comprises domain name information of the tenant;
and the target DNS node carries out domain name resolution on the domain name information of the tenant in the domain name resolution request, and returns the IP address obtained by resolution to the ECS.
2. The method of claim 1, wherein the target DNS node performs domain name resolution on the domain name information of the tenant in the domain name resolution request, specifically comprising:
the target DNS node performs domain name resolution according to the domain name information of the tenant;
if the target DNS node resolves the IP address corresponding to the domain name information of the tenant, taking the IP address corresponding to the domain name information of the tenant as the resolved IP address; otherwise, the target DNS node performs domain name resolution according to the shared domain name information;
if the target DNS node resolves the IP address corresponding to the shared domain name information, taking the IP address corresponding to the shared domain name information as the resolved IP address; otherwise, the target DNS node performs domain name resolution according to public network domain name information;
and the target DNS node takes the IP address corresponding to the public network domain name information as the resolved IP address.
3. The method of claim 2, wherein the target DNS node performs domain name resolution according to public network domain name information, specifically including:
the target DNS node searches whether the IP address corresponding to the public network domain name information exists in a cache module, if so, the IP address corresponding to the public network domain name information stored in the cache module is used as an IP address obtained through analysis;
otherwise, the target DNS node accesses an external network server through a forwarding module, and takes the received IP address corresponding to the public network domain name information returned by the external network server as the resolved IP address.
4. A method for domain name resolution, the method comprising:
responding to domain name resolution operation triggered by a tenant, and sending a domain name resolution request containing domain name information of the tenant to a target DNS node by a cloud server ECS through a VXLAN tunnel so that the target DNS node carries out domain name resolution on the domain name information of the tenant; the target DNS node is one of at least two DNS nodes distributed to the tenant by a controller corresponding to the cloud network platform, and the VXLAN tunnel is created by the target DNS node according to VPC configuration information configured by the tenant cloud network platform;
and the ECS receives the resolved IP address returned by the target DNS node.
5. The method of claim 4, wherein the method further comprises:
if the IP address obtained by the analysis returned by the target DNS node is not received or the ECS determines that the target DNS node fails, the ECS sends the domain name analysis request to other DNS nodes except the target DNS node in at least two DNS nodes distributed by the controller for the tenant, so that the other DNS nodes conduct domain name analysis on domain name information of the tenant;
and the ECS receives the resolved IP addresses returned by the other DNS nodes.
6. A domain name resolution device, the device comprising:
the creating unit is used for creating the VXLAN tunnel according to the VPC configuration information corresponding to the tenant; the VPC configuration information is configured by the tenant through a cloud network platform, and the domain name resolution device is one of at least two DNS nodes distributed to the tenant by a controller corresponding to the cloud network platform;
a receiving unit, configured to receive, through the created VXLAN tunnel, a domain name resolution request sent by a tenant through an ECS; the domain name resolution request comprises domain name information of the tenant;
and the domain name resolution unit is used for performing domain name resolution on the domain name information of the tenant in the domain name resolution request and returning the IP address obtained by resolution to the ECS.
7. A domain name resolution device, the device comprising:
a sending unit, configured to send, to a target DNS node through a VXLAN tunnel, a domain name resolution request including domain name information of a tenant in response to a domain name resolution operation triggered by the tenant, so that the target DNS node performs domain name resolution on the domain name information of the tenant; the target DNS node is one of at least two DNS nodes distributed to the tenant by a controller corresponding to the cloud network platform, and the VXLAN tunnel is created by the target DNS node according to VPC configuration information configured by the tenant cloud network platform;
and the receiving unit is used for receiving the resolved IP address returned by the target DNS node.
8. A destination DNS node, the destination DNS node comprising:
a memory for storing program instructions;
a processor for invoking program instructions stored in said memory and for performing the method according to any of claims 1-3 in accordance with the obtained program.
9. A cloud server ECS, the ECS comprising:
a memory for storing program instructions;
a processor for invoking program instructions stored in said memory to perform the method according to claim 4 or 5 in accordance with the obtained program.
10. A computer-readable storage medium storing computer-executable instructions for causing a computer to perform the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111577642.4A CN114500450B (en) | 2021-12-22 | 2021-12-22 | Domain name resolution method, device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111577642.4A CN114500450B (en) | 2021-12-22 | 2021-12-22 | Domain name resolution method, device and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114500450A CN114500450A (en) | 2022-05-13 |
| CN114500450B true CN114500450B (en) | 2023-10-10 |
Family
ID=81493149
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111577642.4A Active CN114500450B (en) | 2021-12-22 | 2021-12-22 | Domain name resolution method, device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114500450B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115037720A (en) * | 2022-07-28 | 2022-09-09 | 北京有竹居网络技术有限公司 | Method and device for processing domain name resolution request, electronic equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051740A (en) * | 2012-12-13 | 2013-04-17 | 上海牙木通讯技术有限公司 | Domain name resolution method, domain name system (DNS) server and domain name resolution system |
| US10009443B1 (en) * | 2017-06-06 | 2018-06-26 | IP Company 8, LLC | Provisioning remote application servers on a service provider infrastructure as a service platform |
| CN108886540A (en) * | 2018-06-13 | 2018-11-23 | 深圳前海达闼云端智能科技有限公司 | Domain name resolution method, device and computer readable storage medium |
| CN109245984A (en) * | 2018-07-13 | 2019-01-18 | 华为技术有限公司 | A kind of message transmitting method, a kind of information processing method and its relevant device |
| CN111756612A (en) * | 2019-03-29 | 2020-10-09 | 瞻博网络公司 | Extensible multi-tenant underlying network supporting multi-tenant overlay network |
| CN112437170A (en) * | 2020-11-26 | 2021-03-02 | 新华三大数据技术有限公司 | Domain name information processing method and device, computer equipment and computer storage medium |
| CN113676390A (en) * | 2021-07-21 | 2021-11-19 | 北京网聚云联科技有限公司 | VXLAN-based trigger type dynamic security channel method, user side and central console |
-
2021
- 2021-12-22 CN CN202111577642.4A patent/CN114500450B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051740A (en) * | 2012-12-13 | 2013-04-17 | 上海牙木通讯技术有限公司 | Domain name resolution method, domain name system (DNS) server and domain name resolution system |
| US10009443B1 (en) * | 2017-06-06 | 2018-06-26 | IP Company 8, LLC | Provisioning remote application servers on a service provider infrastructure as a service platform |
| CN108886540A (en) * | 2018-06-13 | 2018-11-23 | 深圳前海达闼云端智能科技有限公司 | Domain name resolution method, device and computer readable storage medium |
| CN109245984A (en) * | 2018-07-13 | 2019-01-18 | 华为技术有限公司 | A kind of message transmitting method, a kind of information processing method and its relevant device |
| CN111756612A (en) * | 2019-03-29 | 2020-10-09 | 瞻博网络公司 | Extensible multi-tenant underlying network supporting multi-tenant overlay network |
| CN112437170A (en) * | 2020-11-26 | 2021-03-02 | 新华三大数据技术有限公司 | Domain name information processing method and device, computer equipment and computer storage medium |
| CN113676390A (en) * | 2021-07-21 | 2021-11-19 | 北京网聚云联科技有限公司 | VXLAN-based trigger type dynamic security channel method, user side and central console |
Non-Patent Citations (2)
| Title |
|---|
| Kyuho Jeong ; Renato Figueiredo ; Kohei Ichikawa.PARES: Packet Rewriting on SDN-Enabled Edge Switches for Network Virtualization in Multi-Tenant Cloud Data Centers.2017 IEEE 10th International Conference on Cloud Computing (CLOUD).2017,全文. * |
| 一种面向多租户的Linux容器集群组网方法;朱瑜坚;马俊明;安博;曹东刚;;计算机科学(09);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114500450A (en) | 2022-05-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10715485B2 (en) | Managing dynamic IP address assignments | |
| US10911528B2 (en) | Managing replication of computing nodes for provided computer networks | |
| CN107947961B (en) | SDN-based Kubernetes network management system and method | |
| CN109196474B (en) | Distributed operation control in a computing system | |
| CN109032755B (en) | Container service hosting system and method for providing container service | |
| WO2021052132A1 (en) | Network edge computing method and device, apparatus, and storage medium | |
| US10148736B1 (en) | Executing parallel jobs with message passing on compute clusters | |
| US7792944B2 (en) | Executing programs based on user-specified constraints | |
| RU2653292C2 (en) | Service migration across cluster boundaries | |
| US10992575B2 (en) | Assignment of internet protocol addresses to services | |
| US11368407B2 (en) | Failover management using availability groups | |
| CN113746887A (en) | Cross-cluster data request processing method, device and storage medium | |
| US20100146148A1 (en) | Using routing protocols to optimize resource utilization | |
| US10673694B2 (en) | Private network mirroring | |
| US20070118632A1 (en) | System and method for providing a directory service network | |
| CN112882726B (en) | Hadoop and Docker-based deployment method of environment system | |
| CN112256399B (en) | Docker-based Jupitter Lab multi-user remote development method and system | |
| CN111404628B (en) | Time synchronization method and device | |
| CN111327668B (en) | Network management method, device, equipment and storage medium | |
| CN113810230A (en) | Method, device and system for carrying out network configuration on containers in container cluster | |
| CN111124589A (en) | Service discovery system, method, device and equipment | |
| CN114500450B (en) | Domain name resolution method, device and computer readable storage medium | |
| US8819198B2 (en) | Using static routing to migrate a hosted account | |
| CN111404978A (en) | Data storage method and cloud storage system | |
| CN114172853B (en) | Configuration method and device of traffic forwarding and bare computer server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |