CN114553827B - VPN client proxy DNS analysis method and device - Google Patents
VPN client proxy DNS analysis method and device Download PDFInfo
- Publication number
- CN114553827B CN114553827B CN202210171349.6A CN202210171349A CN114553827B CN 114553827 B CN114553827 B CN 114553827B CN 202210171349 A CN202210171349 A CN 202210171349A CN 114553827 B CN114553827 B CN 114553827B
- Authority
- CN
- China
- Prior art keywords
- vpn
- domain name
- dns
- request message
- resource domain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Abstract
The disclosure relates to a VPN client proxy DNS resolution method and device, wherein the method comprises the following steps: receiving and analyzing a DNS query request message, and obtaining a destination domain name of the DNS query request message; inquiring a VPN resource domain name Map table based on a destination domain name of the DNS inquiry request message, and confirming whether the destination domain name of the DNS inquiry request message is contained in the VPN resource domain name Map table, wherein the VPN resource domain name Map table contains VPN resource domain names which can be subjected to DNS analysis by a VPN side DNS server; forwarding the DNS query request message to a VPN side DNS server when the destination domain name of the DNS query request message is queried in the VPN resource domain name Map table, or forwarding the DNS query request message to a user side DNS server when the destination domain name of the DNS query request message is not queried in the VPN resource domain name Map table; and replying with a DNS query response message received from the VPN side DNS server or the user side DNS server for the DNS query request message.
Description
Technical Field
The disclosure relates to the technical field of data communication, in particular to a VPN client proxy DNS analysis method and device.
Background
A DNS server is built in a general user office network, a host computer carries out DNS domain name resolution by configuring an intranet DNS address and a public network DNS, so that when the intranet DNS server has a problem, the public network DNS server is adopted for resolving, and the intranet DNS server can resolve a private domain name and a public network domain name of a client network.
When a user uses VPN, because part of VPN resources are released in the form of domain names, the DNS server at the original network user side of the user cannot analyze the VPN domain name resources, and the VPN resource domain name requires to be analyzed by the DNS server at the VPN server side. The public domain name can be resolved by a VPN server side DNS server or by an original network user side DNS server of the client, but the private domain name in the client needs to be resolved by the original network user side DNS server.
The user VPN virtual network card DNS server is configured as a VPN side DNS server, the priority of the network card is modified by conventional methods such as modifying a registry, network card jump points and the like, and therefore the priority of analyzing the DNS request by using the intranet DNS server is realized. However, part of the operating systems cannot modify the priority of the network card by using the conventional method, so that the priority of the original network side DNS server is higher than that of the VPN side DNS server after the VPN is normally connected, and the VPN resource domain name is resolved into a public network address or cannot be resolved, so that the user cannot access the VPN resource correctly.
If the VPN side DNS server does not support resolution of the public network domain name, the VPN side DNS server is then used for resolving after resolving failure, and the domain name is resolved twice, so that resolving speed is low, and user experience is seriously affected.
If the VPN side DNS server supports resolution of the public network domain name, however, the geographic locations of the user and the VPN side DNS server, the operators, etc. are different, which results in the resolved IP having the problems of cross operators, CDNs, etc.
If all DNS requests sent by the terminal application program are sent to the VPN side DNS server, the DNS requests need to be sent to the VPN side DNS server through a tunnel by virtual network card encryption, so that the cross-network VPN flow is increased, and a large amount of DNS server resources are consumed.
Therefore, there is a need for a VPN client proxy DNS resolution method and apparatus that does not require modification of network card priority.
Disclosure of Invention
In view of this, the disclosure provides a VPN client proxy DNS resolution method and apparatus. According to an aspect of the present disclosure, a VPN client proxy DNS resolution method is provided, including: receiving and analyzing a DNS query request message, and obtaining a destination domain name of the DNS query request message; inquiring a VPN resource domain name Map table based on a destination domain name of the DNS inquiry request message, and confirming whether the destination domain name of the DNS inquiry request message is contained in the VPN resource domain name Map table, wherein the VPN resource domain name Map table contains VPN resource domain names which can be subjected to DNS analysis by a VPN side DNS server; forwarding the DNS query request message to a VPN side DNS server when the destination domain name of the DNS query request message is queried in the VPN resource domain name Map table, or forwarding the DNS query request message to a user side DNS server when the destination domain name of the DNS query request message is not queried in the VPN resource domain name Map table; and replying with a DNS query response message received from the VPN side DNS server or the user side DNS server for the DNS query request message.
A VPN client proxy DNS resolution method according to the present disclosure, further comprising: the VPN client receives configuration containing VPN resource domain names sent by a VPN side DNS server which is subjected to connection authentication, wherein the VPN resource domain names are obtained by the VPN side DNS server based on VPN resource calculation issued by a VPN user; and the VPN client analyzes the received configuration and generates a VPN resource domain name Map table based on the VPN resource domain name obtained through analysis.
A VPN client proxy DNS resolution method according to the present disclosure, further comprising: the VPN client periodically receives the configuration containing the VPN resource domain name sent from the VPN side DNS server, and updates the VPN resource domain name Map table based on the VPN resource domain name obtained after the configuration containing the VPN resource domain name is resolved.
The VPN client proxy DNS resolution method according to the present disclosure, wherein the configuration containing the VPN resource domain name is synchronously pushed to the VPN client in a JSON format.
The VPN client proxy DNS resolution method according to the present disclosure, wherein the new configuration containing the VPN resource domain name is a configuration after the VPN side DNS server adds, deletes or modifies part of the VPN resource domain name.
According to another aspect of the present disclosure, there is provided a VPN client proxy DNS resolution device, including: and a DNS query request message receiving and analyzing component: the method comprises the steps of receiving and analyzing a DNS query request message, and obtaining a destination domain name of the DNS query request message; the query component is used for querying a VPN resource Map table based on the destination domain name of the DNS query request message, and confirming whether the destination domain name of the DNS query request message is contained in the VPN resource Map table or not, wherein the VPN resource Map table contains VPN resource domain names which can be subjected to DNS analysis by a VPN side DNS server; a forwarding component, configured to forward the DNS query request message to a VPN side DNS server when the destination domain name of the DNS query request message is queried in the VPN resource domain name Map table, or forward the DNS query request message to a user side DNS server when the destination domain name of the DNS query request message is not queried in the VPN resource domain name Map table; and a response component for responding with a DNS query response message received from the VPN side DNS server or the user side DNS server for the DNS query request message.
A VPN client proxy DNS resolution device according to the present disclosure, further comprising: a configuration receiving component for receiving configuration including VPN resource domain name sent from VPN side DNS server which is connected with the configuration receiving component and authenticated, wherein the VPN resource domain name is obtained by the VPN side DNS server based on VPN resource computation issued by VPN user; the configuration analysis component is used for analyzing the received configuration; and the VPN resource Map table generation component is used for generating a VPN resource Map table based on the VPN resource domain name obtained through analysis.
The VPN client proxy DNS resolution device according to the present disclosure, wherein the configuration receiving component further periodically receives a new configuration including a VPN resource domain name sent from a VPN side DNS server and the configuration resolving component further resolves the new configuration including a VPN resource domain name, so that the VPN resource domain name Map table generating component updates the VPN resource domain name Map table based on the VPN resource domain name obtained after resolving the new configuration including a VPN resource domain name.
The VPN client proxy DNS resolution device according to the present disclosure, wherein the configuration including the VPN resource domain name is synchronously pushed to the VPN client in JSON format.
The VPN client proxy DNS resolver according to the present disclosure, wherein the new configuration including the VPN resource domain name is a configuration in which the VPN side DNS server adds, deletes or modifies a part of the VPN resource domain name.
In summary, by adopting the method and the device for proxy DNS resolution of the VPN client disclosed by the present disclosure, no network card priority needs to be set, and the local port is monitored through the VPN client, so that all DNS query requests of the local are proxy, and DNS request resolution is completed. Specifically, when a user side initiates a DNS query request, the VPN client receives a DNS request message and parses the request message, and the request message is forwarded to a VPN side DNS server across the internet to be parsed only when detecting that a destination domain name for DNS request parsing is a VPN resource domain name, and a non-VPN resource domain name is directly parsed by the user side DNS server, thereby reducing DNS traffic of the VPN tunnel and relieving the burden of the VPN side DNS server. In addition, the non-VPN resource domain name does not need to be resolved by a VPN side DNS server, does not need to wait for failure in resolving of the VPN side DNS server, and is directly resolved by a user side DNS server, so that the speed of resolving the public network domain name is high, a user can quickly access the network, and the user experience is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are merely examples of the present disclosure and other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
Fig. 1 is a schematic diagram illustrating an application example of a VPN client proxy DNS resolution method and apparatus according to an embodiment of the present disclosure.
Fig. 2 is a flow diagram illustrating a VPN client proxy DNS resolution method according to an embodiment of the present disclosure.
Fig. 3 is a schematic diagram of a VPN side DNS server publishing VPN resource domain name procedure in an embodiment of the present disclosure.
Fig. 4 is a schematic diagram of a process for synchronously updating a Map table of VPN resource in the embodiment of the present disclosure.
Fig. 5 is a schematic diagram of a VPN client proxy DNS resolution device according to an embodiment of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments can be embodied in many forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the disclosed aspects may be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, systems, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
Those skilled in the art will appreciate that the drawings are schematic representations of example embodiments and that the modules or flows in the drawings are not necessarily required to practice the present disclosure, and therefore, should not be taken to limit the scope of the present disclosure.
Fig. 1 is a schematic diagram illustrating an application example of a VPN client proxy DNS resolution method and apparatus according to an embodiment of the present disclosure. As shown in fig. 1, in the application environment of VPN (virtual private network), since some VPN resources are published in the form of domain names, users access these resources need to access a VPN-side DNS (domain name system) server to resolve the domain name of the VPN resource. Accessing resources on public and private networks inside the user requires accessing DNS servers on the user side of the original network to resolve the public and private network domain names.
When configuring DNS servers, the host configures an address of a VPN side DNS server and an address of a public network DNS server. The VPN resource domain name requires resolution using a VPN side DNS server, which cannot resolve. The public network domain name may be resolved by a VPN side DNS server or by a user side DNS server, but the private network domain name of the user needs to be resolved by the user side DNS server.
When using VPN, the intranet domain name requires to use VPN DNS resolution, and the public domain name requires to use public DNS resolution. Therefore, in some VPN environments, people modify the priority of the network card by modifying the registry, the number of network card hops, and other conventional methods, so as to implement that the DNS request is resolved by preferentially using the intranet DNS server. The network card priority is difficult to modify by using the conventional method, the public network DNS priority is higher than the VPN DNS priority after the VPN is normally connected, and the intranet domain name can be resolved into a public network address or can not be resolved, so that a user can not access the intranet domain name correctly. This brings a bad experience for people, and modifying the priority of the network card is a technical obstacle which is difficult for the ordinary users to overcome. Accordingly, the present disclosure proposes a VPN client proxy DNS resolution method.
Fig. 2 is a flow chart illustrating a VPN client proxy DNS resolution method according to an embodiment of the present disclosure. Domain name resolution can be generally divided into two steps: firstly, a local machine sends a DNS request message to a domain name server, wherein the message carries a domain name to be queried; and then, the domain name server responds a DNS response message to the local machine, wherein the DNS response message contains the IP address corresponding to the domain name. In VPN environment, VPN client will proxy itself to forward DNS query request message to domain name server and accept DNS response message from domain name server.
In VPN environment, after VPN client starts, VPN client starts to monitor local 53 port to proxy all DNS resolutions of the local because default port number of DNS protocol is 53. The VPN client saves the address of the DNS server at the user side, and after the VPN server passes authentication on connection, the DNS server addresses of the physical network card and the virtual network card are set to 127.0.0.1.
Fig. 2 is a flow diagram illustrating a VPN client proxy DNS resolution method according to an embodiment of the present disclosure. As shown in fig. 2, in step S202, a DNS query request message is received and parsed. More specifically, after the VPN client monitors that the client application program sends a DNS query request message to the local port No. 53, the VPN client receives the DNS query request message through newly creating a UDP Socket 1. And then, the VPN client analyzes the DNS query request message and acquires a destination domain name to be analyzed contained in the DNS query request message.
If all DNS query requests sent by the client application program are sent to the VPN side DNS server, the DNS query requests need to be encrypted by the virtual network card and then sent to the VPN side DNS server through the tunnel, so that the cross-network VPN traffic is increased, and a large amount of DNS server resources are consumed. The VPN client proxy DNS analysis method of the embodiment of the disclosure only forwards the DNS query request which can be analyzed by the VPN side DNS server to the VPN side DNS server.
Because the Map table stores only keys in the data structure, no duplication is allowed, so the speed is very fast when inquiring or modifying according to keys in the Map table. The VPN client proxy DNS resolution method of the embodiment of the disclosure stores VPN resource domain names which can be resolved by the VPN side DNS server in the Map table. More specifically, the Map table uses the VPN resource domain name as the Key, and the corresponding Value may be set to 1.
As shown in fig. 2, in step S204, a Map table of VPN resource domain names is queried based on the destination domain name of the DNS query request message, and it is confirmed whether the destination domain name of the DNS query request message is included in the VPN resource domain name table.
In step S206, it is determined whether the destination domain name of the DNS query request packet enters step S208 when the result of querying the Map table of VPN resource domain names is yes, and in step S208, the DNS query request packet is forwarded to a VPN side DNS server. More specifically, if the query is successful, it indicates that the destination domain name of the DNS query request is a resource domain name issued by the VPN server, a UDP Socket2 is newly created, and the DNS request packet is forwarded to the VPN side DNS server through the tunnel established by the VPN virtual network card by using the UDP Socket 2. In step S210, the response is made using the DNS query response message received from the VPN side DNS server. More specifically, in step S208, after forwarding the DNS request packet to the VPN side DNS server through the UDP Socket2, when the UDP Socket2 receives a DNS query response packet returned by the VPN side DNS server, the DNS query response packet is forwarded to the client application.
In step S206, it is determined whether the destination domain name of the DNS query request packet is "no" in the VPN resource domain name Map table, and step S212 is entered, where in step S212, the DNS query request packet is forwarded to the DNS server on the user side. More specifically, if the query is unsuccessful, it indicates that the DNS query request destination domain name is not a VPN resource domain name issued by the VPN side DNS server, and the user side DNS server needs to perform resolution, then a UDP Socket2 is newly created, and the DNS request message is forwarded to the user side DNS server through the UDP Socket 2. In step S214, the DNS query response message received from the user side DNS server is used for the reply. More specifically, in step S212, after forwarding the DNS request packet to the DNS server at the user side through the UDP Socket2, when the UDP Socket2 receives a DNS query response packet returned by the DNS server at the user side, the DNS query response packet is forwarded to the application at the user side.
In VPN environment, there are two modes of releasing VPN resources by a VPN side DNS server, one is an IP mode, and the other is a domain name, and because the domain name mode needs DNS resolution, the domain name of the VPN resources released by the VPN side DNS server needs to be synchronized to a VPN client in real time.
According to the VPN client proxy DNS resolution method of the embodiment of the present disclosure, the VPN client receives the configuration including the VPN resource domain name, which is obtained by the VPN side DNS server based on the VPN resource computation issued by the VPN user, sent from the VPN side DNS server with which the VPN client is authenticated through connection.
Fig. 3 is a schematic diagram of a VPN side DNS server publishing VPN resource domain name procedure in an embodiment of the present disclosure. As shown in fig. 3, in step S302, t=0, and the timer starts counting. In step S304, the user publishes VPN resources; in step S306, the VPN side DNS server calculates a VPN resource domain name based on the VPN resource issued by the user, and stores the VPN resource domain name; in step S308, the VPN side DNS server generates a configuration containing the VPN resource domain name; in step S310, sending a configuration containing the VPN resource domain name to a VPN client; in step S312, it is determined whether T is equal to nT, where T is a preset periodic constant other than 0 and n is a positive integer; when the result of determining whether t is equal to nT is yes, proceeding to step S314; in step S314, it is detected whether the VPN resource domain name issued by the user is updated; when the result of detecting whether the VPN resource domain name issued by the user is updated in step S312 is yes, the VPN side DNS server sends a new configuration including the VPN resource domain name to the VPN client sequentially through step S308 and step S310.
After receiving the configuration containing the VPN resource domain name sent by the VPN side DNS server, the VPN client analyzes the received configuration and generates a VPN resource domain name Map table based on the VPN resource domain name obtained by analysis.
Fig. 4 is a schematic diagram of a process for synchronously updating a Map table of VPN resource in the embodiment of the present disclosure. As shown in fig. 4, in step S402, the VPN client receives a configuration including a VPN resource domain name transmitted from the VPN side DNS server. More specifically, after the VPN client is authenticated by connection with the VPN-side DNS server, the VPN-side DNS server sends the configuration to the VPN client, which receives the configuration. In step S404, the VPN client parses the received configuration to extract the VPN resource domain name included in the configuration. In step S406, the VPN client generates a VPN resource domain name Map table based on the VPN resource domain name obtained by the parsing configuration. Specifically, the VPN resource domain name may be used as the Key of the Map table, and the Value corresponding to the VPN resource domain name may be set to 1.
In step S408, the VPN client determines whether or not a new configuration including a VPN resource domain name is received, and when the result of determining whether or not the new configuration including a VPN resource domain name is received is yes, proceeds to step S410. In step S410, the Map table is updated based on the VPN resource domain name. More specifically, after receiving the new configuration, the VPN clears the data in the Map table of VPN resource domain names, and adds the VPN resource domain name included in the new configuration to the Map table of VPN resource domain names again.
According to the VPN client proxy DNS resolution method of the embodiment of the disclosure, the new configuration containing the VPN resource domain name is the configuration after the VPN side DNS server adds, deletes or modifies part of the VPN resource domain name. More specifically, when the VPN resource domain name issued by the user changes, for example, adds, modifies or deletes the VPN resource domain name, the VPN side DNS server generates a new configuration including the VPN resource domain name based on the VPN resource domain name issued by the user update, and sends the new configuration including the VPN resource domain name to the VPN client.
Optionally, the VPN client periodically receives a new configuration including a VPN resource domain name sent from the VPN side DNS server, and updates the VPN resource domain name Map table based on a VPN resource domain name obtained after resolving the new configuration including the VPN resource domain name.
Alternatively, the configuration of VPN resource domain names is pushed synchronously to VPN clients in JSON format. More specifically, when the VPN-side DNS server sends a configuration including a VPN resource domain name to the VPN client, the configuration may include a plurality of VPN resource domain names. For example, if the VPN side DNS server publishes 3 VPN resource domain names: the 3 VPN resource domain names may be synchronized to VPN clients using the following JSON format.
Fig. 5 is a schematic diagram of a VPN client proxy DNS resolution device according to an embodiment of the present disclosure. As shown in fig. 5, the VPN client proxy DNS resolution means includes: a DNS query request message receiving and resolving component 502, a querying component 504, a forwarding component 506, and a responding component 508. The DNS query request message receiving and resolving component 502 is configured to receive and resolve a DNS query request message, and obtain a destination domain name of the DNS query request message; a query component 504, configured to query a VPN resource Map table based on a destination domain name of the DNS query request message, and determine whether the destination domain name of the DNS query request message is included in the VPN resource Map table, where the VPN resource Map table includes VPN resource domain names that can be subjected to DNS resolution by a VPN side DNS server; a forwarding component 506, configured to forward the DNS query request message to a VPN side DNS server when the destination domain name of the DNS query request message is queried in the VPN resource domain name Map table, or forward the DNS query request message to a user side DNS server when the destination domain name of the DNS query request message is not queried in the VPN resource domain name Map table; and a reply component 508 for replying with a DNS query response message received from the VPN side DNS server or the user side DNS server for the DNS query request message.
Optionally, the VPN client proxy DNS resolution device of the embodiment of the present disclosure further includes: a configuration receiving component 510, a configuration parsing component 512, and a VPN resource domain name Map table generating component 514. The configuration receiving component 510 is configured to receive a configuration including a VPN resource domain name sent from a VPN side DNS server with which connection authentication is performed, where the VPN resource domain name is obtained by the VPN side DNS server based on VPN resource computation issued by a VPN user; a configuration parsing component 512, configured to parse the received configuration; the VPN resource Map table generating component 514 is configured to generate a VPN resource Map table based on the resolved VPN resource domain name.
Optionally, the configuration receiving component 510 further periodically receives a new configuration including a VPN resource domain name sent from the VPN side DNS server, and the configuration resolving component 512 further resolves the new configuration including a VPN resource domain name, so that the VPN resource domain name Map table generating component 514 updates the VPN resource domain name Map table based on the VPN resource domain name obtained after resolving the new configuration including a VPN resource domain name.
Alternatively, the configuration containing VPN resource domain names in the VPN client proxy DNS resolution device in the embodiments of the present disclosure is synchronously pushed to the VPN client in JSON format.
Optionally, the new configuration including the VPN resource domain name in the VPN client proxy DNS resolution device in the embodiments of the present disclosure is a configuration after the VPN side DNS server adds, deletes or modifies a part of the VPN resource domain name.
In summary, by adopting the method and the device for proxy DNS resolution of the VPN client disclosed by the present disclosure, no network card priority needs to be set, and the local port is monitored through the VPN client, so that all DNS query requests of the local are proxy, and DNS request resolution is completed. Specifically, when a user side initiates a DNS query request, the VPN client receives a DNS request message and parses the request message, and the request message is forwarded to a VPN side DNS server across the internet to be parsed only when detecting that a destination domain name for DNS request parsing is a VPN resource domain name, and a non-VPN resource domain name is directly parsed by the user side DNS server, thereby reducing DNS traffic of the VPN tunnel and relieving the burden of the VPN side DNS server. In addition, the non-VPN resource domain name does not need to be resolved by a VPN side DNS server, does not need to wait for failure in resolving of the VPN side DNS server, and is directly resolved by a user side DNS server, so that the speed of resolving the public network domain name is high, a user can quickly access the network, and the user experience is improved.
In general, the problem to be solved by the present disclosure is that a part of the operating system cannot modify the priority of the network card by using a conventional method, and the priority of the original network DNS server is higher than that of the VPN server side DNS server after the VPN is normally connected, so that the VPN resource domain name is resolved into a public network address or cannot be resolved, and thus the user cannot access the VPN resource correctly. If the VPN side DNS server does not support resolution of the public network domain name, after the VPN side DNS server fails to resolve, the original network DNS server is used for resolving, and the domain name is resolved twice, so that the resolving speed is low, and the user experience is seriously affected. If the VPN side DNS server supports to analyze the public network domain name, the analyzed IP has the problems of crossing operators, CDNs and the like due to different geographic positions of the user and the VPN side DNS server, operators and the like. All DNS requests sent by the terminal application program are sent to the DNS server side DNS server, and the DNS requests are sent to the DNS server side DNS server through a tunnel by virtual network card encryption, so that the cross-network VPN flow is increased, and a large amount of DNS server resources are consumed. Therefore, after the VPN client in the present disclosure is started, the local 53-port proxy DNS request message is monitored, then the DNS address of the network DNS server in the user side is saved, and after the VPN server authentication is passed, the physical network card and the virtual network card DNS are set to 127.0.0.1. The VPN server pushes the resource domain name issued by the VPN to the VPN client to support a plurality of domain names, and the VPN client stores the domain name issued by the VPN into a VPN client domain name map table. When a client application program initiates a DNS request, a VPN client process receives the DNS request message, analyzes the request message, searches the analyzed domain name in a domain name map table, and if the domain name is found, the DNS needs to be forwarded to a VPN server side DNS server for analysis. If not, resolution to the user side DNS server is required. And then the VPN client acts as a DNS client, forwards the DNS request to a corresponding DNS server, and forwards the DNS response message to the client if the DNS server returns the DNS response message, thereby realizing DNS request resolution.
Specifically, the present disclosure includes the following two flows, namely, a resource domain name synchronization flow and a DNS request resolution flow issued by a VPN server. Resource domain name synchronization process issued by VPN server: generally, there are two modes of releasing resources by VPN, one is IP mode and the other is domain name mode, and because the domain name mode requires DNS resolution, the patent needs to synchronize the resources released by VPN server to VPN client in real time. And the VPN server calculates the domain name of the released resource according to the resource released by the user, and stores the domain name of the resource required to be released. After the VPN server authentication is passed on the connection of the VPN client, the VPN server pushes the resource domain name issued by the VPN to the VPN client. After receiving the push configuration, the VPN client analyzes the configuration and stores the domain name issued by the VPN into a VPN client domain name map table. Wherein the domain name is used as a key and the value is 1. When receiving DNS request message, VPN client first searches in map table according to domain name, if found, transmits DNS request message to VPN DNS server for analysis. Such as VPN server publishing 3 resource domains oa.myvpn.com, mail.myvpn.com, hr.myvpn.com, the resources are synchronized to the client in JSON format. The VPN server side program periodically detects the issued resource domain name, if the issued resource domain name changes, such as adding, modifying and deleting part of the resource domain name, the issued resource domain name is synchronized to the VPN client in real time, after the VPN client receives configuration, data in a domain name map table is cleared, the issued resource domain name is re-added to the VPN client domain name map table, the VPN client starts and monitors a local 53 port proxy DNS request message, then a DNS address of a user side network DNS server is saved, a physical network card and a virtual network card DNS are set to 127.0.0.1, when the user side application program initiates a DNS request, the DNS request message is sent to a local 53 port, and at the moment, the VPN client receives the DNS request message of the local 53 port through a UDP Socket 1. The VPN client analyzes the DNS request message, analyzes DNS message data, extracts a domain name, searches the analyzed domain name in a domain name map table, if the domain name is found and indicated to be a domain name resource issued by the VPN server, establishes UDP Socket2, then sends the DNS request message to the VPN side DNS server through a tunnel established by the VPN virtual network card through the UDP Socket2, and the VPN side DNS server replies a response message, and the VPN client receives the DNS reply message through the UDP Socket2 and sends the DNS reply message to the client application program through the UDP Socket 1. If the domain name is not found, the domain name of the resource which is not issued by the VPN needs to be analyzed by the DNS server at the user side, the VPN client serves as the DNS client, the UDP Socket2 is newly established, and the DNS request message is sent to the DNS server at the user side through the UDP Socket 2. The DNS server at the user side replies a response message, and the VPN client receives the DNS response message through UDP Socket2 and sends the DNS response message to the application program at the user side through UDP Socket 1. According to the scheme, network card priority is not required to be set, a VPN client monitors a local 53 port, all DNS requests of the local are proxy, and DNS request analysis is completed. Avoiding error of accessing VPN intranet resources caused by a DNS server preferential mechanism of part of the operating system, and not affecting accessing public network domain names. In addition, by pushing the VPN resource domain name to the VPN client, when the user side application program initiates the DNS request, the VPN client process receives the DNS request message, detects whether the domain name analyzed by the DNS request is the VPN resource domain name or other domain names, only the VPN resource domain name is forwarded to the VPN server side DNS server for analysis through the VPN tunnel across the Internet, and other domain names are directly analyzed through the user side DNS server, so that the DNS flow of the VPN tunnel is reduced, and the burden of the VPN DNS server is lightened.
And the resolution of the non-VPN resource domain name such as the public network domain name does not need to be performed by a DNS server side of the VPN server, does not need to wait for the failure of the resolution of the DNS server side of the VPN server, but directly performs the resolution by a DNS server on the user side, so that the speed of resolving the public network domain name is high, a user can quickly access the network, and the user experience is improved.
While the basic principles of the present disclosure have been described above in connection with specific embodiments, it should be noted that all or any steps or components of the methods and apparatus of the present disclosure can be implemented in hardware, firmware, software, or combinations thereof in any computing device (including processors, storage media, etc.) or network of computing devices, as would be apparent to one of ordinary skill in the art upon reading the present disclosure.
Thus, the objects of the present disclosure may also be achieved by running a program or set of programs on any computing device. The computing device may be a well-known general purpose device. Thus, the objects of the present disclosure may also be achieved by simply providing a program product containing program code for implementing the method or apparatus. That is, such a program product also constitutes the present disclosure, and a storage medium storing such a program product also constitutes the present disclosure. It is apparent that the storage medium may be any known storage medium or any storage medium developed in the future.
It should also be noted that in the apparatus and methods of the present disclosure, it is apparent that the components or steps may be disassembled and/or assembled. Such decomposition and/or recombination should be considered equivalent to the present disclosure. The steps of executing the series of processes may naturally be executed in chronological order in the order described, but are not necessarily executed in chronological order. Some steps may be performed in parallel or independently of each other.
The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives can occur depending upon design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.
Claims (10)
1. A VPN client proxy DNS resolution method, comprising:
receiving and analyzing a DNS query request message, and obtaining a destination domain name of the DNS query request message;
inquiring a VPN resource domain name Map table based on a destination domain name of the DNS inquiry request message, and confirming whether the destination domain name of the DNS inquiry request message is contained in the VPN resource domain name Map table, wherein the VPN resource domain name Map table contains VPN resource domain names which can be subjected to DNS analysis by a VPN side DNS server;
forwarding the DNS query request message to a VPN side DNS server when the destination domain name of the DNS query request message is queried in the VPN resource domain name Map table, or forwarding the DNS query request message to a user side DNS server when the destination domain name of the DNS query request message is not queried in the VPN resource domain name Map table; and
and responding by adopting a DNS query response message which is received from the VPN side DNS server or the user side DNS server and is aiming at the DNS query request message.
2. The VPN client proxy DNS resolution method as recited in claim 1, further comprising:
the VPN client receives configuration containing VPN resource domain names sent by a VPN side DNS server which is subjected to connection authentication, wherein the VPN resource domain names are obtained by the VPN side DNS server based on VPN resource calculation issued by a VPN user; and
and the VPN client analyzes the received configuration and generates a VPN resource domain name Map table based on the VPN resource domain name obtained through analysis.
3. The VPN client proxy DNS resolution method as recited in claim 2, further comprising:
the VPN client periodically receives the configuration containing the VPN resource domain name sent from the VPN side DNS server, and updates the VPN resource domain name Map table based on the VPN resource domain name obtained after the configuration containing the VPN resource domain name is resolved.
4. A VPN client proxy DNS resolution method according to claim 2 or 3, wherein the configuration containing VPN resource domain names is synchronously pushed to VPN clients in JSON format.
5. A VPN client proxy DNS resolution method as defined in claim 3, wherein the new configuration containing VPN resource domain name is a configuration after the VPN side DNS server adds, deletes or modifies part of the VPN resource domain name.
6. A VPN client proxy DNS resolution device, comprising:
and a DNS query request message receiving and analyzing component: the method comprises the steps of receiving and analyzing a DNS query request message, and obtaining a destination domain name of the DNS query request message;
the query component is used for querying a VPN resource Map table based on the destination domain name of the DNS query request message, and confirming whether the destination domain name of the DNS query request message is contained in the VPN resource Map table or not, wherein the VPN resource Map table contains VPN resource domain names which can be subjected to DNS analysis by a VPN side DNS server;
a forwarding component, configured to forward the DNS query request message to a VPN side DNS server when the destination domain name of the DNS query request message is queried in the VPN resource domain name Map table, or forward the DNS query request message to a user side DNS server when the destination domain name of the DNS query request message is not queried in the VPN resource domain name Map table; and
and the response component is used for responding by adopting a DNS query response message which is received from the VPN side DNS server or the user side DNS server and is aimed at the DNS query request message.
7. The VPN client proxy DNS resolution device of claim 6, further comprising:
a configuration receiving component for receiving configuration including VPN resource domain name sent from VPN side DNS server which is connected with the configuration receiving component and authenticated, wherein the VPN resource domain name is obtained by the VPN side DNS server based on VPN resource computation issued by VPN user; and
the configuration analysis component is used for analyzing the received configuration;
and the VPN resource Map table generation component is used for generating a VPN resource Map table based on the VPN resource domain name obtained through analysis.
8. The VPN client proxy DNS resolution device of claim 7, wherein,
the configuration receiving component also periodically receives a new configuration including a VPN resource domain name sent from a VPN side DNS server and the configuration resolving component also resolves the new configuration including a VPN resource domain name, so that the VPN resource domain name Map table generating component updates the VPN resource domain name Map table based on the VPN resource domain name obtained after resolving the new configuration including a VPN resource domain name.
9. The VPN client proxy DNS resolution device according to claim 7 or 8, wherein the configuration containing VPN resource domain names is synchronously pushed to VPN clients in JSON format.
10. The VPN client proxy DNS resolution device of claim 8, wherein the new configuration containing VPN resource domain name is a configuration after the VPN side DNS server adds, deletes or modifies a part of the VPN resource domain name.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210171349.6A CN114553827B (en) | 2022-02-24 | 2022-02-24 | VPN client proxy DNS analysis method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210171349.6A CN114553827B (en) | 2022-02-24 | 2022-02-24 | VPN client proxy DNS analysis method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114553827A CN114553827A (en) | 2022-05-27 |
| CN114553827B true CN114553827B (en) | 2023-10-20 |
Family
ID=81676824
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210171349.6A Active CN114553827B (en) | 2022-02-24 | 2022-02-24 | VPN client proxy DNS analysis method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114553827B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115297088A (en) * | 2022-08-03 | 2022-11-04 | 中电云数智科技有限公司 | Domain name resolution system and method in cloud computing environment |
| CN115378906B (en) * | 2022-08-16 | 2024-02-13 | 北京轻网科技股份有限公司 | Local DNS proxy method, device, equipment and medium based on VPN framework |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101238453A (en) * | 2003-09-19 | 2008-08-06 | 摩托罗拉公司 | Setting up a name resolution system for home-to-home communications |
| CN103067417A (en) * | 2011-10-19 | 2013-04-24 | 华耀(中国)科技有限公司 | Web service mapping method and system of security agent in virtual private network (VPN) |
| CN107995321A (en) * | 2017-11-17 | 2018-05-04 | 杭州迪普科技股份有限公司 | A kind of VPN client acts on behalf of the method and device of DNS |
| CN108093098A (en) * | 2018-01-31 | 2018-05-29 | 杭州迪普科技股份有限公司 | A kind of domain name mapping request sending method and device |
| CN108270881A (en) * | 2018-01-23 | 2018-07-10 | 杭州迪普科技股份有限公司 | A kind of method and device of domain name mapping |
| EP3557822A1 (en) * | 2018-04-20 | 2019-10-23 | Pulse Secure, LLC | Fully qualified domain name-based traffic control for virtual private network access control |
| CN112887444A (en) * | 2021-01-19 | 2021-06-01 | 网宿科技股份有限公司 | VPN (virtual private network) request processing method, client device and system |
| CN114050943A (en) * | 2022-01-13 | 2022-02-15 | 北京安博通科技股份有限公司 | Threat information matching method and system based on DNS proxy mode |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180336109A1 (en) * | 2017-05-22 | 2018-11-22 | Synology Incorporated | Method for providing network-based services to user of network storage server, associated network storage server and associated storage system |
-
2022
- 2022-02-24 CN CN202210171349.6A patent/CN114553827B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101238453A (en) * | 2003-09-19 | 2008-08-06 | 摩托罗拉公司 | Setting up a name resolution system for home-to-home communications |
| CN103067417A (en) * | 2011-10-19 | 2013-04-24 | 华耀(中国)科技有限公司 | Web service mapping method and system of security agent in virtual private network (VPN) |
| CN107995321A (en) * | 2017-11-17 | 2018-05-04 | 杭州迪普科技股份有限公司 | A kind of VPN client acts on behalf of the method and device of DNS |
| CN108270881A (en) * | 2018-01-23 | 2018-07-10 | 杭州迪普科技股份有限公司 | A kind of method and device of domain name mapping |
| CN108093098A (en) * | 2018-01-31 | 2018-05-29 | 杭州迪普科技股份有限公司 | A kind of domain name mapping request sending method and device |
| EP3557822A1 (en) * | 2018-04-20 | 2019-10-23 | Pulse Secure, LLC | Fully qualified domain name-based traffic control for virtual private network access control |
| CN112887444A (en) * | 2021-01-19 | 2021-06-01 | 网宿科技股份有限公司 | VPN (virtual private network) request processing method, client device and system |
| CN114050943A (en) * | 2022-01-13 | 2022-02-15 | 北京安博通科技股份有限公司 | Threat information matching method and system based on DNS proxy mode |
Non-Patent Citations (2)
| Title |
|---|
| Maziar Janbeglou ; Mazdak Zamani ; Suhaimi Ibrahim.Redirecting network traffic toward a fake DNS server on a LAN.2010 3rd International Conference on Computer Science and Information Technology.2010,全文. * |
| 基于虚拟服务的SSL VPN研究;欧阳凯;周敬利;夏涛;余胜生;;小型微型计算机系统(02);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114553827A (en) | 2022-05-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114553827B (en) | VPN client proxy DNS analysis method and device | |
| CN114553821B (en) | VPN client proxy DNS analysis method and device | |
| US7228359B1 (en) | Methods and apparatus for providing domain name service based on a client identifier | |
| US9961164B2 (en) | DNS overriding-based methods of accelerating content delivery | |
| Vu et al. | Dmap: A shared hosting scheme for dynamic identifier to locator mappings in the global internet | |
| US9130970B2 (en) | Systems for accelerating content delivery via DNS overriding | |
| US8214537B2 (en) | Domain name system using dynamic DNS and global address management method for dynamic DNS server | |
| US8732298B2 (en) | Method and apparatus for maintaining routing information | |
| US9319377B2 (en) | Auto-split DNS | |
| CN109729183B (en) | Request processing method, device, equipment and storage medium | |
| JP2001508258A (en) | Replica routing | |
| WO2012089013A1 (en) | Domain name system caching method, authorized domain name server and caching domain name server | |
| EP2638686A1 (en) | Method and apparatus for enabling dns redirection in mobile telecommunication systems | |
| CN112217856A (en) | Address acquisition method, device, equipment and storage medium of application example | |
| US8055795B2 (en) | Systems and methods for proxy resolution of domain name service (DNS) requests | |
| CN112583952A (en) | Redirection scheduling processing method, device and system, related equipment and storage medium | |
| CN115297088A (en) | Domain name resolution system and method in cloud computing environment | |
| CN102970387A (en) | Domain name resolution method, device and system | |
| US7219161B1 (en) | Techniques for network address and port translation for network protocols that do not use translated ports when requesting network resources | |
| CN112532764A (en) | Data acquisition method and device | |
| CN116566945A (en) | Access method and device for decentralised application, electronic equipment and storage medium | |
| CN115225606A (en) | Domain name access method and system of cross-network protocol of container cloud platform | |
| Zhang et al. | Relay discovery and selection for large-scale P2P streaming | |
| CN114363288A (en) | Message processing method and device, link load balancing equipment and storage medium | |
| CN112866437A (en) | Data processing method and domain name resolution architecture |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |