CN114979071A - Dynamic domain name configuration method and device, electronic equipment and storage medium - Google Patents

Dynamic domain name configuration method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114979071A
CN114979071A CN202210687463.4A CN202210687463A CN114979071A CN 114979071 A CN114979071 A CN 114979071A CN 202210687463 A CN202210687463 A CN 202210687463A CN 114979071 A CN114979071 A CN 114979071A
Authority
CN
China
Prior art keywords
domain name
information
client device
name server
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210687463.4A
Other languages
Chinese (zh)
Other versions
CN114979071B (en
Inventor
潘蓝兰
王欢
叶海玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN202210687463.4A priority Critical patent/CN114979071B/en
Publication of CN114979071A publication Critical patent/CN114979071A/en
Application granted granted Critical
Publication of CN114979071B publication Critical patent/CN114979071B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a dynamic domain name configuration method, a dynamic domain name configuration device, a mobile terminal and a storage medium. The method is applied to the client device and comprises the following steps: encrypting a first digital digest of the first information based on a private key in the first key pair to obtain second information; the first information at least comprises a first IP address and a first check value; the first check value is issued to the client device by an authoritative domain name server; sending the first information and the second information to the authoritative domain name server; the authoritative domain name server configures the first IP address for the dynamic domain name of the client equipment under the condition that the first digital abstract and the second digital abstract of the first information are checked to be consistent; and the first digital digest is obtained by decrypting the second information by the authoritative domain name server based on the public key in the first key pair.

Description

Dynamic domain name configuration method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of network technologies, and in particular, to a method and an apparatus for configuring a dynamic domain name, an electronic device, and a storage medium.
Background
The IP address allocated to the client device by the operator may be dynamically adjusted, and the client device needs to send the latest IP address of the client device to the server for updating through the stored server account and password, so that the account and password of the server are easily revealed, and the IP address of the dynamic domain name is updated with safety problems.
Disclosure of Invention
In view of this, embodiments of the present application provide a method, an apparatus, an electronic device, and a storage medium for dynamic domain name configuration, so as to at least solve the security problem existing in the IP address update of the dynamic domain name in the related art.
The technical scheme of the embodiment of the application is realized as follows:
the embodiment of the application provides a dynamic domain name configuration method, which is applied to client equipment and comprises the following steps:
encrypting a first digital digest of the first information based on a private key in the first key pair to obtain second information; the first information at least comprises a first IP address and a first check value; the first check value is issued to the client device by an authoritative domain name server;
sending the first information and the second information to the authoritative domain name server; wherein the content of the first and second substances,
the authoritative domain name server configures the first IP address for the dynamic domain name of the client equipment under the condition that the first digital abstract and the second digital abstract of the first information are checked to be consistent; and the first digital digest is obtained by decrypting the second information by the authoritative domain name server based on the public key in the first key pair.
The embodiment of the application also provides another dynamic domain name configuration method, which is applied to an authoritative domain name server and comprises the following steps:
receiving first information and second information sent by client equipment; the first information at least comprises a first IP address and a first check value; the second information represents an encryption result of the client device encrypting the first digital digest of the first information based on a private key of a first key pair;
decrypting the second information based on a public key in the first key pair to obtain the first digital abstract;
under the condition that the first digital abstract is consistent with the second digital abstract, correspondingly configuring the first IP address for the dynamic domain name of the client equipment; the second digital digest is obtained based on the received first information.
The embodiment of the present application further provides a dynamic domain name configuration device, which is applied to a client device, and the device includes:
the encryption unit is used for encrypting the first digital abstract of the first information based on the private key in the first key pair to obtain second information; the first information at least comprises a first IP address and a first check value; the first check value is issued to the client device by an authoritative domain name server;
a sending unit, configured to send the first information and the second information to the authoritative domain name server; wherein the content of the first and second substances,
the authoritative domain name server configures the first IP address for the dynamic domain name of the client equipment under the condition that the first digital abstract and the second digital abstract of the first information are checked to be consistent; and the first digital digest is obtained by the authority domain name server through decryption of the second information based on the public key in the first key pair.
The embodiment of the present application further provides another dynamic domain name configuration device, which is applied to an authoritative domain name server, and the device includes:
the receiving unit is used for receiving first information and second information sent by the client equipment; the first information at least comprises a first IP address and a first check value; the second information represents an encryption result of the client device encrypting the first digital digest of the first information based on a private key of a first key pair;
the decryption unit is used for decrypting the second information based on the public key in the first key pair to obtain the first digital abstract;
a configuration unit, configured to, when the first digital digest is consistent with the second digital digest, correspondingly configure the first IP address for the dynamic domain name of the client device; the second digital digest is obtained based on the received first information.
An embodiment of the present application further provides an electronic device, including: a processor and a memory for storing a computer program capable of running on the processor,
wherein the processor is configured to perform the steps of any of the above methods when running the computer program.
Embodiments of the present application further provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of any of the above methods.
In this embodiment of the application, the client device may encrypt the first digital digest of the first information based on a secret key in the first secret key pair to obtain second information, and send the first information and the second information to the authoritative domain server, so that the authoritative domain server configures the first IP address for the dynamic domain name of the client device when the first digital digest of the first information is checked to be consistent with the second digital digest of the first information, and the private key and the public key in the first secret key pair generated by the client device enable the authoritative domain server to configure the corresponding IP address for the dynamic domain name, thereby ensuring the security of the dynamic domain name configuration and avoiding leakage of security information.
Drawings
Fig. 1 is a schematic diagram of a dynamic domain name configuration system in the related art;
fig. 2 is a schematic flow chart illustrating remote control of home devices by using a dynamic domain name in the related art;
fig. 3 is a schematic diagram illustrating an implementation process of dynamic domain name configuration according to an embodiment of the present application;
fig. 4 is a schematic diagram illustrating an implementation flow of dynamic domain name configuration according to another embodiment of the present application;
fig. 5 is a schematic flowchart illustrating a process of receiving, by a client device, a first check value issued by an authoritative domain name server according to an embodiment of the present application;
fig. 6 is a schematic diagram illustrating an implementation process of dynamic domain name configuration according to an embodiment of the present application;
fig. 7 is a flowchart illustrating a process of verifying the second information by the authoritative dns according to an embodiment of the present application;
fig. 8 is a schematic flow chart illustrating an implementation of dynamic domain name configuration according to an embodiment of the present application;
fig. 9 is a schematic flow chart illustrating an implementation of dynamic domain name configuration according to another embodiment of the present application;
fig. 10 is a schematic flowchart of public key registration according to an embodiment of the present application;
fig. 11 is a flowchart illustrating a dynamic domain name configuration according to an embodiment of the present application;
fig. 12 is a schematic structural diagram of a dynamic domain name configuration apparatus according to an embodiment of the present application;
fig. 13 is a schematic structural diagram of a dynamic domain name configuration apparatus according to yet another embodiment of the present application;
fig. 14 is a schematic diagram of a hardware structure of a mobile terminal according to an embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and specific embodiments.
In the following description, for purposes of explanation and not limitation, specific details are set forth such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. However, it will be apparent to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
The technical means described in the embodiments of the present application may be arbitrarily combined without conflict.
In addition, in the embodiments of the present application, "first", "second", and the like are used for distinguishing similar objects, and are not necessarily used for describing a specific order or a sequential order.
Before the technical solution of the embodiment of the present application is explained in detail, first, a simple explanation is given to a dynamic domain name configuration in the related art.
Fig. 1 is a schematic diagram of a dynamic domain name configuration system in the related art, where the dynamic domain name configuration system includes a client device, a website server, and an authoritative domain name server. The specific dynamic domain name configuration process is as follows:
step 1: the User registers an account (denoted as DDNS _ User), a Password (denoted as DDNS _ passed), and a dynamic domain name (denoted as xxx.
Step 2: and storing the DDNS _ User and the DDNS _ Passsword in the client device.
And step 3: when a client device is networked using the service of the operator, the operator assigns an IP address (denoted as IP _ a) to the client device.
And 4, step 4: the client device logs in a website server by using the stored DDNS _ User and DDNS _ Passsword, and registers the IP address of the dynamic domain name xxx.
And 5: the local domain name server returns the registration result of the dynamic domain name to the client device.
Step 6: com requests an update of the IP address of the dynamic domain name xxx.
And 7: com updates the IP address of xxx.
And 8: and the authoritative domain name server returns the updating result to the website server.
Assuming that the operator assigns a new IP address (denoted as IP _ B) to the client device, the client device will register IP _ B to the website server, and the corresponding dynamic domain name configuration process is as follows:
step 1: the client device logs in a website server by using the stored DDNS _ User and DDNS _ Passsword, and registers the IP address of the dynamic domain name xxx.
Step 2: the local domain name server returns the registration result of the dynamic domain name to the client device.
And step 3: com requests an update of the IP address of the dynamic domain name xxx.
And 7: com updates the IP address of xxx.
And 8: and the authoritative domain name server returns the updating result to the local domain name server.
In an application scenario, a user may use a mobile terminal to remotely control a home device (e.g., a sweeping robot) through a client device, and due to a situation that an IP address allocated to the client device by an operator is dynamically adjusted, the mobile terminal must obtain a latest IP address of the client device in real time, so that the home device can be remotely controlled. As shown in fig. 2, fig. 2 is a flow chart illustrating remote control of home devices by using a dynamic domain name.
Step 1: the home control service queries a local domain name server for the IP address of xxx.
Step 2: the local domain name server queries an authoritative domain name server for the IP address of xxx.
And step 3: the authoritative domain name server returns the IP address of xxx.
And 4, step 4: the local server returns the IP address of xxx.
And 5: the mobile terminal is connected with the client equipment according to the IP address of xxx.someddns.com of the domain name of the client equipment, establishes remote safe connection with the client equipment and issues a control instruction for controlling the household equipment.
Step 6: and the client equipment forwards the control instruction data packet of the mobile terminal to the household equipment.
And 7: the household equipment executes the control instruction and returns an execution result data packet to the client equipment.
And 8: and the client equipment sends the execution result data packet to the mobile terminal.
In the prior art, a client device is required to store an account and a password of a user on a website server to perform dynamic domain name configuration, and when security holes occur in the client device, the stored account and password of the website server are easily leaked, so that a security problem exists in updating an IP address of a dynamic domain name. In the process of dynamic domain name configuration, a website server and an authoritative domain name server need to be matched together, and when the website server and the authoritative domain name server are deployed in different areas, the problem of updating delay is easy to occur, so that the IP address of the dynamic domain name is unsuccessfully updated.
Therefore, in the embodiment of the application, the client device does not need to apply for registering or updating the IP address of the dynamic domain name to the server based on the account number and the password of the server, and the security of the dynamic domain name configuration is ensured.
The present application will be described in further detail with reference to the following drawings and specific embodiments.
An embodiment of the present application provides a dynamic domain name configuration method, and fig. 3 is a flowchart of the dynamic domain name configuration method according to the embodiment of the present application. As shown in fig. 3, the method is applied to a client device, and includes:
s301: and encrypting the first digital digest of the first information based on a private key in the first key pair to obtain second information.
The client device processes the first information through the one-way hash function, a 128-bit first digital digest can be obtained, a corresponding relation exists between the first information and the first digital digest, if the first information changes, the correspondingly generated first digital digest also changes, and therefore the first information can be identified through the first digital digest. In practical applications, the second information is substantially a digital signature of the first information, and the encryption of the first digital digest of the first information may be performed by selecting different digital signature algorithms.
In this embodiment, the first check value is issued by the authoritative domain name server to the client device, and the authoritative domain name server can check the client device through the first check value, so as to determine whether the communication between the authoritative domain name server and the client device is safe.
In a case where the authoritative domain name server may determine the dynamic domain name of the client device, for example, the authoritative domain name server may determine the dynamic domain name of the client device communicating with the authoritative domain name server through device information of the client device, and in this case, when the authoritative domain name server configures the dynamic domain name of the client device, the first information provided by the client device needs to include the first IP address and the first check value.
When the authoritative domain name server cannot determine the dynamic domain name of the client device and configures the dynamic domain name of the client device, the first information provided by the client device needs to include a first IP address, the dynamic domain name of the client device, and a first check value.
In this embodiment, the first IP address is an IP address of a dynamic domain name assigned to the client device by the operator.
The client device encrypts the first digital digest by using a private key in the first key pair to obtain second information, wherein the second information is a copy of the encrypted first digital digest.
S302: and sending the first information and the second information to the authoritative domain name server.
The client device packages and sends first information and second information to the authoritative domain name server, wherein the first information at least comprises a first IP address and a first check value of the dynamic domain name of the client device, the second information is an encryption result of a first digital abstract of the first information, thereby, the authoritative domain name server can verify the second information, the communication safety of the client device and the authoritative domain name server is ensured, wherein, the authority domain name server verifies the second information substantially to the digital signature, and the authority domain name server decrypts the second information based on the public key of the first key pair to obtain the first digital digest, verifying with a second digital digest generated by the authoritative domain name server based on the received first information, and under the condition that the first digital abstract is consistent with the second digital abstract, the authoritative domain name server configures a first IP address for the dynamic domain name of the client equipment by utilizing the first information.
In a home control scene, the client device may be a home router, the home router sends first information and second information to the authoritative domain name server, and the authoritative domain name server can register an IP address of a dynamic domain name of the home router through the first information and the second information, so that the mobile terminal can establish connection with the home router through the IP address of the home router, and further, remote control of different home devices can be achieved.
In this embodiment, the client device directly communicates with the authoritative domain name server, and the authoritative domain name server configures the IP address for the dynamic domain name of the client device, so that the communication overhead between the local domain name server and the authoritative domain name server can be avoided in the dynamic domain name configuration process.
In the above embodiment, the client device encrypts the first digital digest of the first information based on the private key in the first key pair to obtain the second information, sends the first information and the second information to the authoritative domain name server, so that the authoritative domain name server verifies the second information based on the public key in the first key pair, and configures an IP address for the dynamic domain name of the client device by the authoritative domain name server under the condition that the first digital digest is consistent with the second digital digest, without storing an account and a password of the server on the client device, and by configuring the dynamic domain name by the key pair, the security of communication between the client device and the dynamic domain name server can be ensured, the security of the dynamic domain name configuration is ensured, and the leakage of security information is avoided.
In an embodiment, as shown in fig. 4, before encrypting the first digital digest of the first information based on the private key of the first key pair to obtain the second information, the method further includes:
s401: a first key pair is generated.
The first key pair generated by the client device is used for dynamic domain name configuration, and the client device may generate the first key pair through an algorithm of the key pair, such as RSA encryption algorithm (RSA), Elliptic encryption algorithm (ECC).
S402: the public key of the first key pair is issued.
The client device sends out the public key in the first key pair, so that the authoritative domain name server can bind the dynamic domain name of the client device with the public key, and the authoritative domain name server can check the second information by using the public key to complete the configuration of the first IP address for the dynamic domain name of the client device.
In practical application, a first public key pair may be generated at any time according to user requirements, and the public key is sent out to enable the authoritative domain name server to register the public key, for example, in a scenario where a user changes a client device, the user may generate a new first secret key pair by using the changed client device, and configure a dynamic domain name of the client device by using the new first secret key pair.
In an embodiment, the client device may send the first key pair to a local domain name server, and the local domain name server may forward the public key and the dynamic domain name of the client device to an authoritative domain name server, so that the authoritative domain name server stores the public key and the dynamic domain name of the client device, and the authoritative domain name server may configure the first IP address for the dynamic domain name of the client device by using the public key.
In another embodiment, the client device may directly send the public key in the first key pair to the authoritative domain name server, that is, the authoritative domain name server directly receives the public key sent by the client device, so that the authoritative domain name server can bind the public key with the dynamic domain name of the client device.
In an embodiment, fig. 5 is a schematic flowchart of a process in which a client device receives a first check value issued by an authoritative domain name server, where the process includes:
s501: a first request is sent to an authoritative domain name server.
When the client device needs to register an IP address corresponding to a dynamic domain name of the client device through the authoritative domain name server, or when the IP address corresponding to the dynamic domain name of the client device changes, the client device needs to update the IP address corresponding to the dynamic domain name of the client device through the authoritative domain name server, and the client device sends a first request to the authoritative domain name server to request the authoritative domain name server to configure the IP address corresponding to the dynamic domain name of the client device.
S502: and receiving a first check value issued by the authoritative domain name server based on the first request.
An embodiment of the present application further provides another dynamic domain name configuration method, as shown in fig. 6, where the method is applied to an authoritative domain name server, and the method includes:
s601: and receiving first information and second information sent by the client equipment.
The authoritative domain name server is responsible for resolving the dynamic domain name, configuring a corresponding IP address for the dynamic domain name, and enabling the user to access a corresponding site through the dynamic domain name.
In a case where the authoritative domain name server may determine the dynamic domain name of the client device, for example, the authoritative domain name server may determine the dynamic domain name of the client device communicating with the authoritative domain name server through device information of the client device, and in this case, the first information received by the authoritative domain name server includes the first IP address and the first check value.
Under the condition that the authoritative domain name server cannot determine the dynamic domain name of the client device, the first information received by the authoritative domain name server comprises a first IP address, the dynamic domain name of the client device and a first check value.
The authoritative domain name server also receives second information sent by the client equipment, wherein the second information is a result of the client encrypting the first digital digest of the first information based on the private key in the first key pair.
S602: and decrypting the second information based on the public key in the first key pair to obtain the first digital abstract.
In practical application, the second information received by the authoritative domain name server is substantially the digital signature of the first information, and the authoritative domain name server verifies the second information to determine whether the received first information is changed, so that the safety of dynamic domain name configuration can be ensured.
The second information is obtained by encrypting the first digital digest through a private key in the first key pair, and the authoritative domain name server can decrypt the second information by utilizing a public key in the first key pair to obtain the first digital digest.
S603: and under the condition that the first digital abstract is consistent with the second digital abstract, correspondingly configuring a first IP address for the dynamic domain name of the client equipment.
The first digital digest is transmitted from the client device to the authoritative domain name server in an encrypted form, and the first digital digest decrypted by the authoritative domain name server is generated on the basis of first information (denoted as first information A) on the client device side, wherein the first information A is unchanged and has integrity.
The authoritative domain name server processes the received first information (denoted as first information B) through a one-way hash function, and can obtain a 128-bit second digital digest. In practical application, the digital abstract and the processed file have a corresponding relationship, when the processed file changes, the generated digital abstract also changes, and based on the corresponding relationship between the digital abstract and the processed file, whether the first information a of the client device is consistent with the first information B received by the authoritative domain name server can be judged by comparing the first digital abstract with the second digital abstract.
As shown in fig. 7, fig. 7 illustrates a verification process of the second information by the authoritative domain name server.
Step 1: the client device processes the first information using a one-way hash function to obtain a first digital digest.
Step 2: the client device encrypts the first digital digest by using a private key in the first key pair to obtain second information.
And step 3: the client device sends the first information and the second information to an authoritative domain name server.
And 4, step 4: and the authoritative domain name server processes the received first information by using a one-way hash function to obtain a second digital abstract.
And 5: and the authoritative domain name server decrypts the second information by using the public key in the first key pair to obtain the first digital abstract.
Step 6: the authoritative domain name server verifies whether the first digital digest is consistent with the second digital digest.
When the first digital abstract is verified to be consistent with the second digital abstract by the authoritative domain name server, the first information received by the authoritative domain name server is not changed, and the authoritative domain name server can use the first IP address in the first information to configure the IP address for the dynamic domain name of the client device.
And when the first digital abstract is inconsistent with the second digital abstract, the first information received by the authoritative domain name server is changed, and the authoritative domain name server stops configuring the IP address for the dynamic domain name of the client device. In practical application, relevant information of configuration errors can also be returned to the client device.
In the above embodiment, the authoritative domain name server receives the first information and the second information sent by the client device, decrypts the second information based on the public key in the first key pair to obtain the first digital abstract, and configures the first IP address for the dynamic domain name of the client device in correspondence with the second digital abstract, so that the authoritative domain name server configures the corresponding IP address for the dynamic domain name of the client device directly through communication with the client device, thereby reducing communication overhead, and the authoritative domain name server can also verify the information sent by the client device, thereby ensuring the security of the dynamic domain name configuration and avoiding leakage of security information.
In an embodiment, as shown in fig. 8, before receiving the first information and the second information sent by the client device, the method further includes:
s801: a first request sent by a client device is received.
The first request is used for requesting the authoritative domain name server to configure the IP address corresponding to the dynamic domain name of the client device, and comprises registering the IP address corresponding to the dynamic domain name of the client device and updating the IP address corresponding to the dynamic domain name of the client device.
S802: issuing a first check value based on the first request.
In practical application, the first check value issued by the authoritative domain name server is a randomly generated numerical value.
In an embodiment, the authoritative domain name server verifies the first check value in the received first information, specifically, verifies whether the first check value issued by the authoritative domain name server based on the first request is consistent with the first check value in the first information. Under the condition that the first check value issued based on the first request is consistent with the first check value in the first information, the possibility that the first information is changed in the transmission process is low, and the first digital abstract and the second digital abstract are further used for verification, so that the safety of the first information can be ensured through double verification, and the data safety of dynamic domain name configuration is ensured.
Under the condition that a first check value issued based on the first request is inconsistent with a first check value in the first information, it is indicated that the first information is changed in the transmission process, the maximum probability of a first IP address included in the first information is not an IP address allocated to the client device by an operator, and the authoritative domain name server does not configure a corresponding IP address for the dynamic domain name of the client device according to the first IP address in the first information.
In an embodiment, as shown in fig. 9, before receiving the first information and the second information sent by the client device, the method further includes:
s901: a public key of a first key pair issued by a client device is received.
The client device generates a first key pair, and then the client device needs to store the public key to the authoritative domain name server, so that the authoritative domain name server decrypts the second information by using the public key to obtain the first digital digest.
In one example, the public key received by the authoritative domain name server is issued by the client device directly to the authoritative domain name server.
In another example, the public key sent by the client device is received by the local domain name server, and then forwarded to the authoritative domain name server by the local domain name server.
S902: the public key is bound with a dynamic domain name of the client device.
The authoritative domain name server binds the dynamic domain name of the client device with the public key, and when the authoritative domain name server receives the second information sent by the client device, the authoritative domain name server can call the stored public key to decrypt the second information according to the dynamic domain name of the client device to obtain a first digital abstract, and then the first digital abstract is verified.
As shown in fig. 10, fig. 10 shows a flow chart of public key registration.
Step 1: the user registers an account number and a password on a local domain name server, and registers a dynamic domain name.
Step 2: the client device generates a key pair.
And step 3: the user logs in the local domain name server by using the account number and the password of the local domain name server, and registers the public key in the key pair.
And 4, step 4: the local domain name server synchronizes the domain name and the public key of the client device with the authoritative domain name server.
And 5: the authoritative domain name server stores the domain name and the public key of the client device.
Step 6: and the authoritative domain name server returns the registration result to the local domain name server.
And 7: the local domain name server returns the registration result to the client device.
An application embodiment is further provided, and as shown in fig. 11, fig. 11 shows a flow diagram of dynamic domain name configuration.
Step 1: the client device obtains a first IP address from an operator.
Step 2: the client device requests the authoritative domain name server to configure an IP address for the dynamic domain name of the client device.
And step 3: the authoritative domain name server returns the first check value to the client device.
And 4, step 4: the client device encrypts a first digital digest of first information based on a private key in a first key pair to obtain second information, wherein the first information at least comprises a first IP address and a first check value.
And 5: the client device sends the first information and the second information to an authoritative domain name server.
Step 6: the authoritative domain name server compares the first check value.
And 7: and decrypting the second information by using the public key to obtain the first digital abstract.
And step 8: and processing the first information to obtain a second digital abstract.
And step 9: determining that the first digital digest is consistent with the second digital digest.
Step 10: and configuring the IP address of the dynamic domain name of the client according to the IP address in the first information.
In order to implement the above dynamic domain name configuration method, as shown in fig. 12, an embodiment of the present application further provides a dynamic domain name configuration device, which is applied to a client device, where the device includes:
an encrypting unit 1201, configured to encrypt a first digital digest of the first information based on a private key in the first key pair to obtain second information; the first information at least comprises a first IP address and a first check value; the first check value is issued to the client device by an authoritative domain name server;
a sending unit 1202, configured to send the first information and the second information to the authoritative domain name server; wherein the content of the first and second substances,
the authoritative domain name server configures the first IP address for the dynamic domain name of the client equipment under the condition that the first digital abstract and the second digital abstract of the first information are checked to be consistent; and the first digital digest is obtained by decrypting the second information by the authoritative domain name server based on the public key in the first key pair.
In one embodiment, the apparatus further comprises:
a generating unit configured to generate the first key pair;
the sending unit 1202 is further configured to send out a public key in the first key pair, so that the authoritative domain name server binds the dynamic domain name of the client device with the public key.
In an embodiment, the sending unit 1202, when sending out the public key of the first key pair, is further configured to:
sending a public key of the first key pair to a local domain name server to cause the local domain name server to forward the public key to the authoritative domain name server, or,
and sending the public key in the first key pair to the authoritative domain name server.
In an embodiment, the sending unit 1202 is further configured to send a first request to the authoritative domain name server; the first request is used for requesting to configure an IP address corresponding to a dynamic domain name of the client device;
the device further comprises:
a receiving unit, configured to receive the first check value issued by the authoritative domain name server based on the first request.
In practical applications, the encryption unit 1201 and the sending unit 1202 may be implemented by a processor in the dynamic domain name configuration apparatus. Of course, the processor needs to run the program stored in the memory to realize the functions of the above-described program modules.
It should be noted that, when performing dynamic domain name configuration, the dynamic domain name configuration provided in the embodiment of fig. 12 is only illustrated by dividing the program modules, and in practical applications, the above processing allocation may be completed by different program modules according to needs, that is, the internal structure of the device is divided into different program modules to complete all or part of the above-described processing. In addition, the dynamic domain name configuration device provided by the above embodiment and the dynamic domain name configuration method embodiment belong to the same concept, and specific implementation processes thereof are detailed in the method embodiment and are not described herein again.
An embodiment of the present application further provides another dynamic domain name configuration device, as shown in fig. 13, which is applied to an authoritative domain name server, and the device includes:
a receiving unit 1301, configured to receive first information and second information sent by a client device; the first information at least comprises a first IP address and a first check value; the second information represents an encryption result of the client device encrypting the first digital digest of the first information based on a private key of a first key pair;
a decryption unit 1302, configured to decrypt the second information based on the public key in the first key pair to obtain the first digital digest;
a configuration unit 1303, configured to correspondingly configure the first IP address for the dynamic domain name of the client device when the first digital abstract is consistent with the second digital abstract; the second digital digest is obtained based on the received first information.
In an embodiment, the receiving unit 1301 is further configured to receive a first request sent by the client device; the first request is used for requesting to configure an IP address corresponding to a dynamic domain name of the client device;
the device further comprises:
and the sending unit is used for sending a first check value based on the first request.
In an embodiment, the decryption unit 1302, when decrypting the second information based on the public key of the first key pair to obtain the first digital digest, is further configured to:
and decrypting the second information based on the public key in the first key pair under the condition that a first check value issued based on the first request is the same as a first check value in the first information to obtain the first digital abstract.
In an embodiment, the receiving unit 1301 is further configured to receive a public key in the first key pair sent by the client device;
the device further comprises:
and the binding unit is used for binding the public key with the dynamic domain name of the client device.
In practical applications, the receiving unit 1301, the decrypting unit 1302, and the configuring unit 1303 may be implemented by a processor in a dynamic domain name configuring apparatus. Of course, the processor needs to run the program stored in the memory to realize the functions of the above-described program modules.
It should be noted that, when performing dynamic domain name configuration, the dynamic domain name configuration provided in the embodiment of fig. 13 is only illustrated by dividing the program modules, and in practical applications, the above processing allocation may be completed by different program modules according to needs, that is, the internal structure of the device is divided into different program modules to complete all or part of the above-described processing. In addition, the dynamic domain name configuration device provided by the above embodiment and the dynamic domain name configuration method embodiment belong to the same concept, and specific implementation processes thereof are detailed in the method embodiment and are not described herein again.
Based on the hardware implementation of the program module, and in order to implement the method according to the embodiment of the present application, an embodiment of the present application further provides an electronic device, and fig. 14 is a schematic diagram of a hardware composition structure of the electronic device according to the embodiment of the present application, and as shown in fig. 14, the electronic device includes:
a communication interface 1 capable of information interaction with other devices such as network devices and the like;
and the processor 2 is connected with the communication interface 1 to realize information interaction with other equipment, and is used for executing the dynamic domain name configuration method provided by one or more technical schemes when running a computer program. And the computer program is stored on the memory 3.
In practice, of course, the various components in the electronic device are coupled together by the bus system 4. It will be appreciated that the bus system 4 is used to enable connection communication between these components. The bus system 4 comprises, in addition to a data bus, a power bus, a control bus and a status signal bus. For clarity of illustration, however, the various buses are labeled as bus system 4 in fig. 14.
The memory 3 in the embodiment of the present application is used to store various types of data to support the operation of the electronic device. Examples of such data include: any computer program for operating on an electronic device.
It will be appreciated that the memory 3 can be either volatile memory or nonvolatile memory, and can include both volatile and nonvolatile memory. Among them, the nonvolatile Memory may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a magnetic random access Memory (FRAM), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical disk, or a Compact Disc Read-Only Memory (CD-ROM); the magnetic surface storage may be disk storage or tape storage. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Synchronous Static Random Access Memory (SSRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM), Enhanced Synchronous Dynamic Random Access Memory (ESDRAM), Enhanced Synchronous Dynamic Random Access Memory (Enhanced DRAM), Synchronous Dynamic Random Access Memory (SLDRAM), Direct Memory (DRmb Access), and Random Access Memory (DRAM). The memory 3 described in the embodiments of the present application is intended to comprise, without being limited to, these and any other suitable types of memory.
The method disclosed in the above embodiment of the present application may be applied to the processor 2, or implemented by the processor 2. The processor 2 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 2. The processor 2 described above may be a general purpose processor, a DSP, or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor 2 may implement or perform the methods, steps and logic blocks disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in a storage medium located in the memory 3, and the processor 2 reads the program in the memory 3 and in combination with its hardware performs the steps of the aforementioned method.
When the processor 2 executes the program, the corresponding processes in the methods according to the embodiments of the present application are realized, and for brevity, are not described herein again.
In an exemplary embodiment, the present application further provides a storage medium, i.e. a computer storage medium, specifically a computer readable storage medium, for example, including a memory 3 storing a computer program, which can be executed by a processor 2 to implement the steps of the foregoing method. The computer readable storage medium may be Memory such as FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface Memory, optical disk, or CD-ROM.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus, terminal and method may be implemented in other manners. The above-described device embodiments are only illustrative, for example, the division of the unit is only one logical function division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.
Alternatively, the integrated units described above in the present application may be stored in a computer-readable storage medium if they are implemented in the form of software functional modules and sold or used as independent products. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially implemented or portions thereof that contribute to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for enabling an electronic device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (12)

1. A dynamic domain name configuration method is applied to a client device, and comprises the following steps:
encrypting a first digital digest of the first information based on a private key in the first key pair to obtain second information; the first information at least comprises a first IP address and a first check value; the first check value is issued to the client device by an authoritative domain name server;
sending the first information and the second information to the authoritative domain name server; wherein the content of the first and second substances,
the authoritative domain name server configures the first IP address for the dynamic domain name of the client equipment under the condition that the first digital abstract and the second digital abstract of the first information are checked to be consistent; and the first digital digest is obtained by decrypting the second information by the authoritative domain name server based on the public key in the first key pair.
2. The method of claim 1, wherein prior to encrypting the first digital digest of the first information based on the private key of the first key pair to obtain the second information, the method further comprises:
generating the first key pair;
and sending out a public key in the first key pair so that the authority domain name server binds the dynamic domain name of the client device with the public key.
3. The method of claim 2, wherein said issuing a public key of the first key pair comprises:
sending a public key of the first key pair to a local domain name server to cause the local domain name server to forward the public key to the authoritative domain name server, or,
and sending the public key in the first key pair to the authoritative domain name server.
4. The method of claim 1, wherein prior to encrypting the first digital digest of the first information based on a private key of a first key pair to obtain second information, the method further comprises:
sending a first request to the authoritative domain name server; the first request is used for requesting to configure an IP address corresponding to the dynamic domain name of the client equipment;
and receiving the first check value issued by the authoritative domain name server based on the first request.
5. A dynamic domain name configuration method is applied to an authoritative domain name server, and comprises the following steps:
receiving first information and second information sent by client equipment; the first information at least comprises a first IP address and a first check value; the second information represents an encryption result of the client device encrypting the first digital digest of the first information based on a private key of a first key pair;
decrypting the second information based on a public key in the first key pair to obtain the first digital abstract;
under the condition that the first digital abstract is consistent with the second digital abstract, correspondingly configuring the first IP address for the dynamic domain name of the client equipment; the second digital digest is obtained based on the received first information.
6. The method of claim 5, wherein prior to receiving the first information and the second information sent by the client device, the method further comprises:
receiving a first request sent by the client device; the first request is used for requesting to configure an IP address corresponding to a dynamic domain name of the client device;
and issuing a first check value based on the first request.
7. The method of claim 6, wherein decrypting the second information based on the public key of the first key pair to obtain the first digital digest comprises:
and decrypting the second information based on the public key in the first key pair under the condition that a first check value issued based on the first request is the same as a first check value in the first information to obtain the first digital abstract.
8. The method of claim 5, wherein prior to receiving the first information and the second information sent by the client device, the method further comprises:
receiving a public key in the first key pair sent by the client device;
and binding the public key with the dynamic domain name of the client device.
9. A dynamic domain name configuration apparatus, applied to a client device, the apparatus comprising:
the encryption unit is used for encrypting the first digital abstract of the first information based on the private key in the first key pair to obtain second information; the first information at least comprises a first IP address and a first check value; the first check value is issued to the client device by an authoritative domain name server;
a sending unit, configured to send the first information and the second information to the authoritative domain name server; wherein the content of the first and second substances,
the authoritative domain name server configures the first IP address for the dynamic domain name of the client equipment under the condition that the first digital abstract and the second digital abstract of the first information are checked to be consistent; and the first digital digest is obtained by decrypting the second information by the authoritative domain name server based on the public key in the first key pair.
10. A dynamic domain name configuration apparatus, applied to an authoritative domain name server, the apparatus comprising:
the receiving unit is used for receiving first information and second information sent by the client equipment; the first information at least comprises a first IP address and a first check value; the second information represents an encryption result of the client device encrypting the first digital digest of the first information based on a private key of a first key pair;
the decryption unit is used for decrypting the second information based on the public key in the first key pair to obtain the first digital abstract;
a configuration unit, configured to, when the first digital digest is consistent with the second digital digest, correspondingly configure the first IP address for the dynamic domain name of the client device; the second digital digest is obtained based on the received first information.
11. An electronic device, comprising: a processor and a memory for storing a computer program capable of running on the processor,
wherein the processor is adapted to perform the steps of the method of any one of claims 1 to 4 or 5 to 8 when running the computer program.
12. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 4 or 5 to 8.
CN202210687463.4A 2022-06-16 2022-06-16 Dynamic domain name configuration method, device, electronic equipment and storage medium Active CN114979071B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210687463.4A CN114979071B (en) 2022-06-16 2022-06-16 Dynamic domain name configuration method, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210687463.4A CN114979071B (en) 2022-06-16 2022-06-16 Dynamic domain name configuration method, device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114979071A true CN114979071A (en) 2022-08-30
CN114979071B CN114979071B (en) 2024-03-26

Family

ID=82962978

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210687463.4A Active CN114979071B (en) 2022-06-16 2022-06-16 Dynamic domain name configuration method, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114979071B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102843445A (en) * 2012-09-29 2012-12-26 北京奇虎科技有限公司 Browser and domain name resolution method thereof
US8656490B1 (en) * 2010-09-14 2014-02-18 Symantec Corporation Safe and secure access to dynamic domain name systems
CN104253793A (en) * 2013-06-27 2014-12-31 政务和公益机构域名注册管理中心 Method for updating key-signing keys and zone-signing keys in domain name system security extension
CN109067768A (en) * 2018-08-31 2018-12-21 赛尔网络有限公司 A kind of detection method, system, equipment and the medium of inquiry of the domain name safety
CN111818196A (en) * 2020-07-22 2020-10-23 深圳市有方科技股份有限公司 Domain name resolution method, domain name resolution device, computer equipment and storage medium
CN112671779A (en) * 2020-12-25 2021-04-16 赛尔网络有限公司 DoH server-based domain name query method, device, equipment and medium
WO2021226894A1 (en) * 2020-05-13 2021-11-18 深圳市欢太科技有限公司 Ip address updating method, apparatus, and device, and computer storage medium
CN114079645A (en) * 2020-08-13 2022-02-22 华为技术有限公司 Method and device for registering service
CN114301677A (en) * 2021-12-28 2022-04-08 中国电信股份有限公司 Key negotiation method, device, electronic equipment and storage medium
CN114448641A (en) * 2021-12-30 2022-05-06 北京航天晨信科技有限责任公司 Privacy encryption method, electronic equipment, storage medium and chip

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8656490B1 (en) * 2010-09-14 2014-02-18 Symantec Corporation Safe and secure access to dynamic domain name systems
CN102843445A (en) * 2012-09-29 2012-12-26 北京奇虎科技有限公司 Browser and domain name resolution method thereof
CN104253793A (en) * 2013-06-27 2014-12-31 政务和公益机构域名注册管理中心 Method for updating key-signing keys and zone-signing keys in domain name system security extension
CN109067768A (en) * 2018-08-31 2018-12-21 赛尔网络有限公司 A kind of detection method, system, equipment and the medium of inquiry of the domain name safety
WO2021226894A1 (en) * 2020-05-13 2021-11-18 深圳市欢太科技有限公司 Ip address updating method, apparatus, and device, and computer storage medium
CN111818196A (en) * 2020-07-22 2020-10-23 深圳市有方科技股份有限公司 Domain name resolution method, domain name resolution device, computer equipment and storage medium
CN114079645A (en) * 2020-08-13 2022-02-22 华为技术有限公司 Method and device for registering service
CN112671779A (en) * 2020-12-25 2021-04-16 赛尔网络有限公司 DoH server-based domain name query method, device, equipment and medium
CN114301677A (en) * 2021-12-28 2022-04-08 中国电信股份有限公司 Key negotiation method, device, electronic equipment and storage medium
CN114448641A (en) * 2021-12-30 2022-05-06 北京航天晨信科技有限责任公司 Privacy encryption method, electronic equipment, storage medium and chip

Also Published As

Publication number Publication date
CN114979071B (en) 2024-03-26

Similar Documents

Publication Publication Date Title
EP3454238B1 (en) Registration and authorization method, device and system
US8661252B2 (en) Secure network address provisioning
CN101479984B (en) Dynamic distributed key system and method for identity management, authentication servers, data security and preventing man-in-the-middle attacks
JP2020080530A (en) Data processing method, device, terminal, and access point computer
CN102546176B (en) DNS security is supported in multiagent environment
CN109413076B (en) Domain name resolution method and device
CN111064569B (en) Cluster key obtaining method and device of trusted computing cluster
US20090276620A1 (en) Client authentication during network boot
US20060218273A1 (en) Remote Log Repository With Access Policy
US10257171B2 (en) Server public key pinning by URL
WO2014194494A1 (en) Method, server, host and system for protecting data security
US10298388B2 (en) Workload encryption key
CN113703911B (en) Virtual machine migration method, device, equipment and storage medium
JP2021002798A (en) Facility device, air conditioner, lighting device, air conditioner controller, mobile terminal, and communication system
CN110771087B (en) Private key update
CN114095919A (en) Certificate authorization processing method based on Internet of vehicles and related equipment
CN114338091B (en) Data transmission method, device, electronic equipment and storage medium
CN114979071B (en) Dynamic domain name configuration method, device, electronic equipment and storage medium
CN116166749A (en) Data sharing method and device, electronic equipment and storage medium
CN113935018B (en) Password operation method, system on chip and computer equipment
US11570008B2 (en) Pseudonym credential configuration method and apparatus
CN114826702A (en) Database access password encryption method and device and computer equipment
JP5175541B2 (en) Method and related apparatus for securing operation over a network
CN114697046B (en) Security authentication method and system based on SM9 secret
KR102086739B1 (en) Electronic re-signing method to support various digital signature algorithms in secure sockets layer decryption device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant