CN114827085A - Root server correctness monitoring method, device, equipment and storage medium - Google Patents
Root server correctness monitoring method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114827085A CN114827085A CN202210721032.5A CN202210721032A CN114827085A CN 114827085 A CN114827085 A CN 114827085A CN 202210721032 A CN202210721032 A CN 202210721032A CN 114827085 A CN114827085 A CN 114827085A
- Authority
- CN
- China
- Prior art keywords
- target
- result
- root server
- domain name
- level domain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/22—Matching criteria, e.g. proximity measures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computational Linguistics (AREA)
- Databases & Information Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention belongs to the technical field of computers, and discloses a root server correctness monitoring method, a root server correctness monitoring device, root server correctness monitoring equipment and a storage medium. The method comprises the steps of obtaining a target resolution result of a target root server on a target top-level domain name and an authoritative resolution result of an authoritative root server on the target top-level domain name; selecting a reference analysis result from the authority analysis results; and comparing the target analysis result with the reference analysis result to obtain a correctness analysis result of the target root server. The DNS analysis results of the target root server and the authoritative server for the same top-level domain name are obtained and compared to quickly determine whether the DNS analysis service provided by the target root server is correct, and the target analysis result is compared with the selected reference analysis result instead of comparing the target analysis result with different authoritative analysis results one by one, so that the comparison process can be accelerated, and the domain name analysis correctness of the target root server can be quickly determined.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method, a device, equipment and a storage medium for monitoring correctness of a root server.
Background
The DNS (Domain Name System, Chinese: Domain Name System) is a basic service of the Internet, and the DNS root service is a basic service of the DNS and provides the address information of an authoritative server for a top-level Domain Name, so the correctness of the DNS root service is related to the correctness of the DNS service and finally influences the normal operation of the whole Internet. At present, global DNS root services are managed by foreign companies, 13 nodes are deployed around the world, and in order to avoid network constraints, a self-built DNS root server is also built domestically, but the correctness of DNS resolution results provided by such a self-built DNS root server needs to be further determined.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a method, a device, equipment and a storage medium for monitoring the correctness of a root server, and aims to solve the technical problem that the correctness of a DNS analysis result of a self-built DNS root server cannot be determined in the prior art.
In order to achieve the above object, the present invention provides a root server correctness monitoring method, which comprises the following steps:
acquiring a target resolution result of a target top-level domain name by a target root server and an authoritative resolution result of the target top-level domain name by an authoritative root server;
selecting a reference analysis result from the authority analysis results;
and comparing the target analysis result with the reference analysis result to obtain a correctness analysis result of the target root server.
Optionally, the step of obtaining a target resolution result of the target root server on the target top-level domain name and an authoritative resolution result of the authoritative root server on the target top-level domain name includes:
when a target top-level domain name is accessed, a DNS data packet generated in a target gateway is captured through a preset packet capturing tool;
analyzing the DNS data packet according to an unpacking program to obtain an analysis result;
and extracting a target resolution result of the target top-level domain name by the target root server and an authority resolution result of the target top-level domain name by the authority root server from the resolution result.
Optionally, the step of obtaining a target resolution result of the target root server on the target top-level domain name and an authoritative resolution result of the authoritative root server on the target top-level domain name includes:
reading a flow retention file from a target gateway;
analyzing the flow retention file to obtain a file analysis result;
and extracting a target resolution result of the target top-level domain name by the target root server and an authority resolution result of the target top-level domain name by the authority root server from the file resolution result.
Optionally, the step of selecting a reference resolution result from the authority resolution results includes:
grouping the authority analysis results according to the result consistency to obtain at least one result subset;
determining the result number ratio corresponding to each result subset according to the number of the authority set analytic results in each result subset;
taking the maximum value of the result number ratio corresponding to each result subset as a target result ratio;
and taking the authority analysis result in the result subset corresponding to the target result ratio as a reference analysis result.
Optionally, the step of taking an authority analysis result in the result subset corresponding to the target result ratio as a reference analysis result includes:
comparing the target result ratio with a preset ratio threshold;
and if the target result ratio is greater than the preset ratio threshold, taking an authoritative analysis result in the result subset corresponding to the target result ratio as a reference analysis result.
Optionally, after the step of comparing the target result ratio with a preset ratio threshold, the method further includes:
if the target result proportion is less than or equal to the preset proportion threshold, judging that the target top-level domain name is an abnormal domain name;
and reselecting the target top-level domain name, and returning to the steps of obtaining the target resolution result of the target root server on the target top-level domain name and the authoritative resolution result of the authoritative root server on the target top-level domain name.
Optionally, before the step of obtaining the target resolution result of the target root server on the target top-level domain name and the authoritative resolution result of the authoritative root server on the target top-level domain name, the method further includes:
selecting a target top-level domain name from a preset top-level domain name set;
generating a domain name query request according to the target top-level domain name;
and respectively sending the domain name query request to a target root server and an authoritative root server through a preset simulation tool so as to perform top-level domain name query.
In addition, in order to achieve the above object, the present invention further provides a root server correctness monitoring device, which includes the following modules:
the result acquisition module is used for acquiring a target resolution result of the target root server on the target top-level domain name and an authority resolution result of the authority root server on the target top-level domain name;
the result selection module is used for selecting a reference analysis result from the authority analysis results;
and the correct analysis module is used for comparing the target analysis result with the reference analysis result to obtain a correct analysis result of the target root server.
In addition, in order to achieve the above object, the present invention further provides a root server correctness monitoring device, including: the system comprises a processor, a memory and a root server correctness monitoring program stored on the memory and capable of running on the processor, wherein the root server correctness monitoring program realizes the steps of the root server correctness monitoring method when being executed by the processor.
In addition, to achieve the above object, the present invention further provides a computer readable storage medium, which stores a root server correctness monitoring program, and when the root server correctness monitoring program is executed by a processor, the root server correctness monitoring program implements the steps of the root server correctness monitoring method as described above.
The method comprises the steps of obtaining a target resolution result of a target root server on a target top-level domain name and an authoritative resolution result of an authoritative root server on the target top-level domain name; selecting a reference analysis result from the authority analysis results; and comparing the target analysis result with the reference analysis result to obtain a correctness analysis result of the target root server. The DNS analysis results of the target root server and the authoritative servers for the same top-level domain name are obtained and compared to quickly determine whether the DNS analysis service provided by the target root server is correct, and the target analysis results are compared with the selected reference analysis results instead of being compared with different authoritative analysis results one by one, so that the comparison process can be accelerated, and the domain name analysis correctness of the target root server can be quickly determined.
Drawings
Fig. 1 is a schematic structural diagram of an electronic device in a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a root server correctness monitoring method according to a first embodiment of the present invention;
FIG. 3 is a flowchart illustrating a root server correctness monitoring method according to a second embodiment of the present invention;
fig. 4 is a block diagram of a root server correctness monitoring apparatus according to a first embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a root server correctness monitoring device in a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the electronic device may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a Wireless interface (e.g., a Wireless-Fidelity (WI-FI) interface). The Memory 1005 may be a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration shown in fig. 1 does not constitute a limitation of the electronic device, and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a storage medium, may include therein an operating system, a network communication module, a user interface module, and a root server correctness monitoring program.
In the electronic device shown in fig. 1, the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the electronic device according to the present invention may be disposed in a root server correctness monitoring device, and the electronic device calls the root server correctness monitoring program stored in the memory 1005 through the processor 1001 and executes the root server correctness monitoring method provided in the embodiment of the present invention.
An embodiment of the present invention provides a method for monitoring correctness of a root server, and referring to fig. 2, fig. 2 is a schematic flow diagram of a first embodiment of the method for monitoring correctness of a root server according to the present invention.
In this embodiment, the method for monitoring the correctness of the root server includes the following steps:
step S10: and acquiring a target resolution result of the target root server on the target top-level domain name and an authority resolution result of the authority root server on the target top-level domain name.
It should be noted that, the execution main body of this embodiment may be the root server correctness monitoring device, which is referred to as a root monitoring device for short, and the root monitoring device may be an electronic device such as a personal computer, a server, and the like, or may be other devices that can achieve the same or similar functions.
It should be noted that the target root server may be a self-built DNS root server that needs to be monitored, and the target resolution result may be a DNS resolution result returned after the target root server resolves the target top-level domain name. The authoritative server may be 13 globally deployed service nodes currently operated by a foreign company, and the authoritative resolution result may be a DNS resolution result returned after the authoritative server resolves the target top-level domain name.
In practical use, when a domain name query request is initiated to a target root server or an authority server, a gateway connected to a server or a device accessing a target top-level domain name generates a corresponding data packet, and an authority resolution result and a target resolution result are obtained from the data packet, where the step S10 in this embodiment may include:
when a target top-level domain name is accessed, a DNS data packet generated in a target gateway is captured through a preset packet capturing tool;
analyzing the DNS data packet according to an unpacking program to obtain an analysis result;
and extracting a target resolution result of the target top-level domain name by the target root server and an authority resolution result of the target top-level domain name by the authority root server from the resolution result.
It should be noted that the target gateway may be a gateway to which a server or device accessing the target top-level domain name is connected. The preset packet grabbing tool can be a common packet grabbing tool such as wireshark, sniffer, httpwatch, iptool and the like. When a domain name query request is sent to a target root server or an authority server, the access to a target top-level domain name can be judged at the moment, a DNS data packet generated in a target gateway is captured through a preset packet capturing tool at the moment, and then the captured DNS data packet is analyzed through a packet unpacking program corresponding to the packet capturing tool, so that a target analysis result and an authority analysis result can be obtained.
In the specific implementation, because there is a packet loss situation in the real-time packet capturing when the access traffic is large, in the analysis process, if the situation of packet loss needs to be avoided, a real-time analysis means may not be taken, but a retention program is set in the target gateway, the retention program may continuously write the traffic into the traffic retention file, and when analysis is subsequently required again, the target analysis result and the authority analysis result may be directly obtained from the traffic retention file, then step S10 in this embodiment may include:
reading a flow retention file from a target gateway;
analyzing the flow retention file to obtain a file analysis result;
and extracting a target resolution result of the target top-level domain name by the target root server and an authority resolution result of the target top-level domain name by the authority root server from the file resolution result.
It should be noted that, when the retention program is set in the target gateway, a storage path of the traffic retention file may be specified, and therefore, reading the traffic retention file from the target gateway may be reading the traffic retention file from the target gateway according to the preset storage path, where the traffic retention file may be a file in the PCAP format.
It should be noted that, the analyzing the flow retention file to obtain the file analysis result may be to analyze the flow retention file by using a preset file analysis tool, and use data obtained by the analysis as the file analysis result. The file analysis tool can be set according to the type of the specified flow retention file when the retention program is set.
It can be understood that the traffic retention file includes all traffic data of the target gateway, which necessarily includes the target resolution result and the authority resolution result, and therefore, the target resolution result of the target root server on the target top-level domain name and the authority resolution result of the authority root server on the target top-level domain name can be extracted from the file resolution result.
In practical use, when the target analysis result and the authority analysis result are extracted from the file analysis result, the target top-level domain name can be used as a keyword to query the file analysis result, so that the target analysis result and the authority analysis result are obtained.
Further, in order to ensure that the target root server can be continuously monitored, before the step S10, the method may include:
selecting a target top-level domain name from a preset top-level domain name set;
generating a domain name query request according to the target top-level domain name;
and respectively sending the domain name query request to a target root server and an authoritative root server through a preset simulation tool so as to perform top-level domain name query.
It should be noted that the preset top-level domain name set may be a set in which a large number of top-level domain names are stored, and the preset top-level domain name set may be preset by a manager of the root service monitoring device.
In practical use, the step of collectively selecting the target top-level domain name from the preset top-level domain name set may be a step of randomly selecting a top-level domain name from the preset top-level domain name set as the target top-level domain name. In order to avoid repeated selection of the same top-level domain name in one period, the selected top-level domain name can be marked, when a target top-level domain name is selected from a preset top-level domain name set, the top-level domain name without the mark can be selected as the target top-level domain name, and when one monitoring period is finished, all marks of the top-level domain name can be removed.
In a specific implementation, the generating of the domain name query request according to the target top-level domain name may be to fill the target top-level domain name as a domain name to be resolved into a domain name query request template, so as to generate the domain name query request.
It should be noted that the preset simulation tool may be a Dnsperf tool, the Dnsperf tool may be installed on the recursive server, and the domain name query request is sent to the target root server and the authoritative root server through the preset simulation tool, so as to perform top-level domain name query, where the domain name query request is sent to the preset simulation tool by the preset simulation tool, so that the preset simulation tool sends the domain name query request to the target root server and the authoritative root server, respectively, so as to perform top-level domain name query.
In specific implementation, in order to avoid the mutual influence of the requests and the time error of the returned DNS resolution result, two recursive servers may be provided, preset simulation tools are installed on both the recursive servers, and then the generated domain name query request is sent to the preset simulation tools on the two recursive servers, so that the domain name query request is sent to the target root server and the authoritative root server, respectively.
Step S20: and selecting a reference analysis result from the authority analysis results.
The reference resolution result may be selected from authority resolution results of a plurality of different authority servers for the target top-level domain name, and the reference resolution result is selected from the authority resolution results with the smallest difference.
Step S30: and comparing the target analysis result with the reference analysis result to obtain a correctness analysis result of the target root server.
It should be noted that, comparing the target resolution result with the reference resolution result may be comparing the target resolution result with the response status, the authority service record and the additional record included in the reference resolution result, and determining whether the data included in the target resolution result and the data included in the reference resolution result are consistent, thereby determining whether the DNS resolution result of the target root server is correct.
In practical use, in order to perform comparison quickly, the target analysis result is compared with the reference analysis result, the analysis result can be divided into three parts, namely a response state, an authoritative record and an additional record, whether the response states are consistent or not can be determined firstly, and if the response states are not consistent, the DNS analysis result of the target root server can be directly judged to be wrong; and if the answer states are consistent, whether subsequent comparison is needed or not is determined according to the answer states, for example: if the answer states are consistent and are NOERROR, comparing the authoritative service record with the additional record, and if the answer states are consistent and are NXDOMAIN, indicating that the corresponding analysis result is not inquired, not comparing the authoritative service record with the additional record.
When comparing the authoritative service record and the additional record, because the authoritative service record and the additional record are multiple records, the comparison is too complex one by one, and the speed is slow, at the moment, a set object of python can be utilized, each element is defined as a Tuple type and comprises a top level domain, a query type, a mapping address and the like, the comparison length between the intersection result of the sets at the two sides and the sets at the two sides is judged to be consistent, if the length is consistent, the target analysis result can be judged to be consistent with the authoritative service record and the additional record in the reference analysis result, and at the moment, the DNS analysis result of the target root server can be judged to be correct; if the DNS analysis result is inconsistent with the authority service record or the additional record in the reference analysis result, the DNS analysis result of the target root server can be judged to be wrong.
In the embodiment, a target resolution result of a target root server on a target top-level domain name and an authoritative resolution result of an authoritative root server on the target top-level domain name are obtained; selecting a reference analysis result from the authority analysis results; and comparing the target analysis result with the reference analysis result to obtain a correctness analysis result of the target root server. The DNS analysis results of the target root server and the authoritative server for the same top-level domain name are obtained and compared to quickly determine whether the DNS analysis service provided by the target root server is correct, and the target analysis result is compared with the selected reference analysis result instead of comparing the target analysis result with different authoritative analysis results one by one, so that the comparison process can be accelerated, and the domain name analysis correctness of the target root server can be quickly determined.
Referring to fig. 3, fig. 3 is a flowchart illustrating a root server correctness monitoring method according to a second embodiment of the present invention.
Based on the first embodiment, the step S20 of the root server correctness monitoring method in this embodiment may include:
step S201: and grouping the authority analysis results according to the result consistency to obtain at least one result subset.
It should be noted that, grouping the authority parsing results according to the result consistency, and obtaining at least one result subset may be dividing the authority parsing results with completely consistent results into a result subset, thereby obtaining at least one result subset.
In actual use, when consistency of authority analysis results is determined, because the authority analysis results contain more data and may be multiple pieces of data, in order to quickly determine the consistency of the results, hash values corresponding to the authority analysis results can be calculated through a hash algorithm, and if the hash values corresponding to two authority analysis results are consistent, it indicates that the two authority analysis results are consistent.
Step S202: and determining the result number ratio corresponding to each result subset according to the number of the authority set analytic results in each result subset.
It is understood that, determining the result count ratio corresponding to the result subset according to the number of authority set parsing results in the result subset may be dividing the number of results in the result subset by the total number of authority set parsing results to obtain the corresponding result count ratio, for example: the total number of the authoritative resolution results is 13, and when there are 3 authoritative resolution results in a result subset, the percentage of the results corresponding to the result subset is 3/13= 23%.
Step S203: and taking the maximum value of the result number ratios corresponding to the result subsets as a target result ratio.
In practical use, the maximum value of the result number ratios corresponding to the result subsets may be used as the target result ratio, where the result number ratios corresponding to the result subsets are sorted from large to small, and then the first result number ratio is used as the target result ratio.
Step S204: and taking the authority analysis result in the result subset corresponding to the target result ratio as a reference analysis result.
It can be understood that, since the target result ratio is the maximum value among the result number ratios corresponding to the result subsets, it indicates that the authority resolution result in the result subset corresponding to the target result ratio is the authority resolution result returned by the majority of authority servers, and the authority resolution result is the domain name resolution result with the smallest difference, and therefore, the authority resolution result in the result subset corresponding to the target result ratio can be used as the reference resolution result.
Further, since the authoritative server also has a certain probability that an analysis exception may occur, and obviously, data of the analysis exception is that there is no way to monitor whether the DNS analysis of the target root server is correct, it is further required to determine whether the authoritative analysis result is an exception result before determining the reference analysis result, at this time, the step S204 in this embodiment may include:
comparing the target result ratio with a preset ratio threshold;
and if the target result ratio is greater than the preset ratio threshold, taking an authoritative analysis result in the result subset corresponding to the target result ratio as a reference analysis result.
It should be noted that the preset duty ratio threshold may be preset by a manager of the root monitoring device according to actual needs, for example: the preset duty threshold is set to 1/3.
It should be noted that, if the target result percentage is greater than the preset percentage threshold, it indicates that the authority analysis results returned by the plurality of authority servers are consistent, and at this time, it may be determined that the authority server is not abnormal in analysis, and therefore, the authority analysis result in the result subset corresponding to the target result percentage may be used as the reference analysis result.
In a specific implementation, if the target result proportion is less than or equal to the preset proportion threshold, it indicates that the number of authoritative servers returning the same authoritative resolution result is too small, and at this time, it may be determined that the authoritative servers are abnormal in resolution, and the authoritative resolution result cannot be used as a basis for determining the correctness of the target root server, and after the step of comparing the target result proportion with the preset proportion threshold, the method may further include:
if the target result proportion is less than or equal to the preset proportion threshold, judging that the target top-level domain name is an abnormal domain name;
and reselecting the target top-level domain name, and returning to the steps of obtaining the target resolution result of the target root server on the target top-level domain name and the authoritative resolution result of the authoritative root server on the target top-level domain name.
It should be noted that, if the target result ratio is less than or equal to the preset ratio threshold, it indicates that the resolution of the target top-level domain name by the authoritative server is abnormal, and at this time, the authoritative resolution result cannot be used as a basis for determining whether the DNS resolution of the target root server is correct, so that it may be determined that the target top-level domain name is an abnormal domain name, at this time, the target top-level domain name may be marked, and then the target top-level domain name is reselected, and a domain name resolution request is initiated to the target root server and the authoritative server according to the reselected target top-level domain name, and then the step S10 is returned to, and the monitoring of the target root server is continued.
In the embodiment, at least one result subset is obtained by grouping the authority analysis results according to the result consistency; determining the result number ratio corresponding to each result subset according to the number of the authority set analytic results in each result subset; taking the maximum value of the result number ratio corresponding to each result subset as a target result ratio; and taking the authority analysis result in the result subset corresponding to the target result ratio as a reference analysis result. As the authoritative analysis results are grouped according to the result consistency, the result number ratio corresponding to each grouped result subset is determined, and the authoritative analysis result with the minimum difference can be quickly determined according to the result number ratio, the reference analysis result can be quickly selected.
In addition, an embodiment of the present invention further provides a storage medium, where a root server correctness monitoring program is stored in the storage medium, and when the root server correctness monitoring program is executed by a processor, the steps of the root server correctness monitoring method described above are implemented.
Referring to fig. 4, fig. 4 is a block diagram illustrating a first embodiment of a root server correctness monitoring apparatus according to the present invention.
As shown in fig. 4, the root server correctness monitoring apparatus provided in the embodiment of the present invention includes:
the result obtaining module 10 is configured to obtain a target resolution result of the target top-level domain name by the target root server and an authoritative resolution result of the target top-level domain name by the authoritative root server;
a result selecting module 20, configured to select a reference analysis result from the authoritative analysis results;
and the correctness analysis module 30 is configured to compare the target analysis result with the reference analysis result to obtain a correctness analysis result of the target root server.
In the embodiment, a target resolution result of a target root server on a target top-level domain name and an authoritative resolution result of an authoritative root server on the target top-level domain name are obtained; selecting a reference analysis result from the authority analysis results; and comparing the target analysis result with the reference analysis result to obtain a correctness analysis result of the target root server. The DNS analysis results of the target root server and the authoritative server for the same top-level domain name are obtained and compared to quickly determine whether the DNS analysis service provided by the target root server is correct, and the target analysis result is compared with the selected reference analysis result instead of comparing the target analysis result with different authoritative analysis results one by one, so that the comparison process can be accelerated, and the domain name analysis correctness of the target root server can be quickly determined.
Further, the result obtaining module 10 is further configured to, when the target top-level domain name is accessed, capture a DNS packet generated in the target gateway by using a preset packet capturing tool; analyzing the DNS data packet according to an unpacking program to obtain an analysis result; and extracting a target resolution result of the target top-level domain name by the target root server and an authority resolution result of the target top-level domain name by the authority root server from the resolution result.
Further, the result obtaining module 10 is further configured to read a traffic retention file from the target gateway; analyzing the flow retention file to obtain a file analysis result; and extracting a target resolution result of the target root server on the target top-level domain name and an authority resolution result of the authority root server on the target top-level domain name from the file resolution result.
Further, the result selecting module 20 is further configured to group the authority analysis results according to the result consistency to obtain at least one result subset; determining the result number ratio corresponding to each result subset according to the number of the authority set analytic results in each result subset; taking the maximum value of the result number ratio corresponding to each result subset as a target result ratio; and taking the authority analysis result in the result subset corresponding to the target result ratio as a reference analysis result.
Further, the result selecting module 20 is further configured to compare the target result ratio with a preset ratio threshold; and if the target result ratio is greater than the preset ratio threshold, taking an authoritative analysis result in the result subset corresponding to the target result ratio as a reference analysis result.
Further, the result selecting module 20 is further configured to determine that the target top-level domain name is an abnormal domain name if the target result proportion is less than or equal to the preset proportion threshold; and reselecting the target top-level domain name, and returning to the steps of obtaining the target resolution result of the target root server on the target top-level domain name and the authoritative resolution result of the authoritative root server on the target top-level domain name.
Further, the result obtaining module 10 is further configured to select a target top-level domain name from a preset top-level domain name set; generating a domain name query request according to the target top-level domain name; and respectively sending the domain name query request to a target root server and an authoritative root server through a preset simulation tool so as to perform top-level domain name query.
It should be understood that the above is only an example, and the technical solution of the present invention is not limited in any way, and in a specific application, a person skilled in the art may set the technical solution as needed, and the present invention is not limited thereto.
It should be noted that the above-described work flows are only exemplary, and do not limit the scope of the present invention, and in practical applications, a person skilled in the art may select some or all of them to achieve the purpose of the solution of the embodiment according to actual needs, and the present invention is not limited herein.
In addition, the technical details that are not described in detail in this embodiment may refer to the method for monitoring the correctness of the root server provided in any embodiment of the present invention, and are not described herein again.
Further, it is to be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention or a part contributing to the prior art may be embodied in the form of a software product, where the computer software product is stored in a storage medium (e.g. Read Only Memory (ROM)/RAM, magnetic disk, optical disk), and includes several instructions for enabling a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A root server correctness monitoring method is characterized by comprising the following steps:
acquiring a target resolution result of a target top-level domain name by a target root server and an authoritative resolution result of the target top-level domain name by an authoritative root server;
selecting a reference analysis result from the authority analysis results;
and comparing the target analysis result with the reference analysis result to obtain a correctness analysis result of the target root server.
2. The method for monitoring the correctness of the root server according to claim 1, wherein the step of obtaining the target resolution result of the target root server on the target top-level domain name and the authoritative resolution result of the authoritative root server on the target top-level domain name includes:
when a target top-level domain name is accessed, a DNS data packet generated in a target gateway is captured through a preset packet capturing tool;
analyzing the DNS data packet according to an unpacking program to obtain an analysis result;
and extracting a target resolution result of the target top-level domain name by the target root server and an authority resolution result of the target top-level domain name by the authority root server from the resolution result.
3. The method for monitoring the correctness of the root server according to claim 1, wherein the step of obtaining the target resolution result of the target root server on the target top-level domain name and the authoritative resolution result of the authoritative root server on the target top-level domain name includes:
reading a flow retention file from a target gateway;
analyzing the flow retention file to obtain a file analysis result;
and extracting a target resolution result of the target top-level domain name by the target root server and an authority resolution result of the target top-level domain name by the authority root server from the file resolution result.
4. The root server correctness monitoring method of claim 1, wherein the step of selecting a benchmark resolution from the authoritative resolution comprises:
grouping the authority analysis results according to the result consistency to obtain at least one result subset;
determining the result number ratio corresponding to each result subset according to the number of authority set analysis results in each result subset;
taking the maximum value of the result number ratio corresponding to each result subset as a target result ratio;
and taking the authority analysis result in the result subset corresponding to the target result ratio as a reference analysis result.
5. The root server correctness monitoring method according to claim 4, wherein the step of using the authority resolution result of the target result in the corresponding result subset as a reference resolution result comprises:
comparing the target result ratio with a preset ratio threshold;
and if the target result ratio is greater than the preset ratio threshold, taking an authoritative analysis result in the result subset corresponding to the target result ratio as a reference analysis result.
6. The root server correctness monitoring method of claim 5, wherein the step of comparing the target result fraction to a preset fraction threshold value further comprises:
if the target result proportion is less than or equal to the preset proportion threshold, judging that the target top-level domain name is an abnormal domain name;
and reselecting the target top-level domain name, and returning to the steps of obtaining the target resolution result of the target root server on the target top-level domain name and the authoritative resolution result of the authoritative root server on the target top-level domain name.
7. The root server correctness monitoring method according to any one of claims 1 to 6, wherein before the step of obtaining the target resolution result of the target root server for the target top-level domain name and the authoritative resolution result of the authoritative root server for the target top-level domain name, the method further comprises:
selecting a target top-level domain name from a preset top-level domain name set;
generating a domain name query request according to the target top-level domain name;
and respectively sending the domain name query request to a target root server and an authoritative root server through a preset simulation tool so as to perform top-level domain name query.
8. A root server correctness monitoring device, comprising the following modules:
the result acquisition module is used for acquiring a target resolution result of the target root server on the target top-level domain name and an authority resolution result of the authority root server on the target top-level domain name;
the result selection module is used for selecting a reference analysis result from the authority analysis results;
and the correct analysis module is used for comparing the target analysis result with the reference analysis result to obtain a correct analysis result of the target root server.
9. A root server correctness monitoring device, comprising: a processor, a memory, and a root server correctness monitoring program stored on the memory and operable on the processor, which when executed by the processor, implements the steps of the root server correctness monitoring method of any of claims 1-7.
10. A computer readable storage medium, having stored thereon a root server correctness monitoring program which, when executed by a processor, implements the steps of a root server correctness monitoring method according to any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210721032.5A CN114827085B (en) | 2022-06-24 | 2022-06-24 | Root server correctness monitoring method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210721032.5A CN114827085B (en) | 2022-06-24 | 2022-06-24 | Root server correctness monitoring method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114827085A true CN114827085A (en) | 2022-07-29 |
| CN114827085B CN114827085B (en) | 2022-09-09 |
Family
ID=82520674
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210721032.5A Active CN114827085B (en) | 2022-06-24 | 2022-06-24 | Root server correctness monitoring method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114827085B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104320501A (en) * | 2014-10-28 | 2015-01-28 | 成都千牛信息技术有限公司 | Centralized DNS security monitoring method applied to router |
| CN104639388A (en) * | 2014-12-30 | 2015-05-20 | 中国科学院计算机网络信息中心 | DNS server availability detection method based on user perception |
| CN107135236A (en) * | 2017-07-06 | 2017-09-05 | 广州优视网络科技有限公司 | A kind of detection method and system of target Domain Hijacking |
| CN107528817A (en) * | 2016-06-22 | 2017-12-29 | 广州市动景计算机科技有限公司 | The detection method and device of Domain Hijacking |
| US20180034827A1 (en) * | 2016-07-28 | 2018-02-01 | Verisign, Inc. | Strengthening integrity assurances for dns data |
| CN108538311A (en) * | 2018-04-13 | 2018-09-14 | 腾讯音乐娱乐科技(深圳)有限公司 | Audio frequency classification method, device and computer readable storage medium |
| CN110572390A (en) * | 2019-09-06 | 2019-12-13 | 深圳平安通信科技有限公司 | Method, device, computer equipment and storage medium for detecting domain name hijacking |
| CN112995354A (en) * | 2021-02-08 | 2021-06-18 | 中国电子信息产业集团有限公司第六研究所 | Domain name resolution record reconstruction method and domain name resolution method |
-
2022
- 2022-06-24 CN CN202210721032.5A patent/CN114827085B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104320501A (en) * | 2014-10-28 | 2015-01-28 | 成都千牛信息技术有限公司 | Centralized DNS security monitoring method applied to router |
| CN104639388A (en) * | 2014-12-30 | 2015-05-20 | 中国科学院计算机网络信息中心 | DNS server availability detection method based on user perception |
| CN107528817A (en) * | 2016-06-22 | 2017-12-29 | 广州市动景计算机科技有限公司 | The detection method and device of Domain Hijacking |
| US20180034827A1 (en) * | 2016-07-28 | 2018-02-01 | Verisign, Inc. | Strengthening integrity assurances for dns data |
| CN107135236A (en) * | 2017-07-06 | 2017-09-05 | 广州优视网络科技有限公司 | A kind of detection method and system of target Domain Hijacking |
| CN108538311A (en) * | 2018-04-13 | 2018-09-14 | 腾讯音乐娱乐科技(深圳)有限公司 | Audio frequency classification method, device and computer readable storage medium |
| CN110572390A (en) * | 2019-09-06 | 2019-12-13 | 深圳平安通信科技有限公司 | Method, device, computer equipment and storage medium for detecting domain name hijacking |
| CN112995354A (en) * | 2021-02-08 | 2021-06-18 | 中国电子信息产业集团有限公司第六研究所 | Domain name resolution record reconstruction method and domain name resolution method |
Non-Patent Citations (2)
| Title |
|---|
| L. YUAN: "《A Proxy View of Quality of Domain Name Service》", 《IEEE INFOCOM 2007 - 26TH IEEE INTERNATIONAL CONFERENCE ON COMPUTER COMMUNICATIONS》 * |
| 邓诗钊: "《DNS域名安全实时检测的研究》", 《中国优秀硕士学位论文全文数据库-信息科技辑》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114827085B (en) | 2022-09-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109241461B (en) | User portrait construction method and device | |
| CN109347827B (en) | Method, device, equipment and storage medium for predicting network attack behavior | |
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| CN106878108B (en) | Network flow playback test method and device | |
| CN107426148B (en) | Crawler-resisting method and system based on running environment feature recognition | |
| CN112511561A (en) | Network attack path determination method, equipment, storage medium and device | |
| CN110704816A (en) | Interface cracking recognition method, device, equipment and storage medium | |
| CN106713242B (en) | Data request processing method and processing device | |
| CN104980421A (en) | Method and system for processing batch requests | |
| CN108650123B (en) | Fault information recording method, device, equipment and storage medium | |
| CN112511384B (en) | Flow data processing method and device, computer equipment and storage medium | |
| CN107704494B (en) | User information collection method and system based on application software | |
| CN111314326B (en) | Method, device, equipment and medium for confirming HTTP vulnerability scanning host | |
| CN110691090B (en) | Website detection method, device, equipment and storage medium | |
| CN114827085B (en) | Root server correctness monitoring method, device, equipment and storage medium | |
| CN116248393A (en) | Intranet data transmission loophole scanning device and system | |
| CN115001724B (en) | Network threat intelligence management method, device, computing equipment and computer readable storage medium | |
| CN115987549A (en) | Abnormal behavior detection method and device of mobile terminal and storage medium | |
| CN115643044A (en) | Data processing method, device, server and storage medium | |
| CN112671615B (en) | Method, system and storage medium for collecting front-end user operation behavior data | |
| CN111541675B (en) | Network security protection method, device and equipment based on white list | |
| CN110061864B (en) | Method and system for automatically verifying domain name configuration | |
| CN114499911A (en) | Attack user identification method, equipment, storage medium and device based on test machine | |
| CN107305610B (en) | Access path processing method and device, and automaton identification method, device and system | |
| CN111291044A (en) | Sensitive data identification method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |