CN114979071B - Dynamic domain name configuration method, device, electronic equipment and storage medium - Google Patents

Dynamic domain name configuration method, device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114979071B
CN114979071B CN202210687463.4A CN202210687463A CN114979071B CN 114979071 B CN114979071 B CN 114979071B CN 202210687463 A CN202210687463 A CN 202210687463A CN 114979071 B CN114979071 B CN 114979071B
Authority
CN
China
Prior art keywords
domain name
information
client device
name server
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210687463.4A
Other languages
Chinese (zh)
Other versions
CN114979071A (en
Inventor
潘蓝兰
王欢
叶海玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN202210687463.4A priority Critical patent/CN114979071B/en
Publication of CN114979071A publication Critical patent/CN114979071A/en
Application granted granted Critical
Publication of CN114979071B publication Critical patent/CN114979071B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The application discloses a dynamic domain name configuration method, a dynamic domain name configuration device, a mobile terminal and a storage medium. Wherein the method is applied to the client device, the method comprising: encrypting the first digital digest of the first information based on the private key of the first key pair to obtain second information; the first information at least comprises a first IP address and a first check value; the first check value is issued to the client device by an authoritative domain name server; transmitting the first information and the second information to the authoritative domain name server; the authority domain name server configures the first IP address for the dynamic domain name of the client device under the condition that the first digital abstract of the first information is verified to be consistent with the second digital abstract; the first digital digest is derived by the authoritative domain name server decrypting the second information based on a public key of the first key pair.

Description

Dynamic domain name configuration method, device, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of network technologies, and in particular, to a dynamic domain name configuration method, a dynamic domain name configuration device, an electronic device, and a storage medium.
Background
The IP address allocated to the client device by the operator may be dynamically adjusted, the client device needs to send the latest IP address of the client device to the server for updating through the stored server account number and password, the account number and password of the server are easy to reveal, and the security problem exists in updating the IP address of the dynamic domain name.
Disclosure of Invention
In view of this, embodiments of the present application provide a dynamic domain name configuration method, apparatus, electronic device, and storage medium, so as to at least solve the security problem of IP address update of a dynamic domain name in the related art.
The technical scheme of the embodiment of the application is realized as follows:
the embodiment of the application provides a dynamic domain name configuration method which is applied to client equipment, and comprises the following steps:
encrypting the first digital digest of the first information based on the private key of the first key pair to obtain second information; the first information at least comprises a first IP address and a first check value; the first check value is issued to the client device by an authoritative domain name server;
transmitting the first information and the second information to the authoritative domain name server; wherein,
the authority domain name server configures the first IP address for the dynamic domain name of the client device under the condition that the first digital abstract of the first information is verified to be consistent with the second digital abstract; the first digital digest is derived by the authoritative domain name server decrypting the second information based on a public key of the first key pair.
The embodiment of the application also provides another dynamic domain name configuration method which is applied to the authoritative domain name server, and the method comprises the following steps:
receiving first information and second information sent by client equipment; the first information at least comprises a first IP address and a first check value; the second information characterizes an encryption result of the client device for encrypting the first digital digest of the first information based on a private key of a first key pair;
decrypting the second information based on the public key of the first key pair to obtain the first digital digest;
configuring the first IP address for the dynamic domain name of the client device correspondingly under the condition that the first digital abstract is consistent with the second digital abstract; the second digital digest is derived based on the received first information.
The embodiment of the application also provides a dynamic domain name configuration device, which is applied to the client device and comprises:
the encryption unit is used for encrypting the first digital abstract of the first information based on the private key in the first key pair to obtain second information; the first information at least comprises a first IP address and a first check value; the first check value is issued to the client device by an authoritative domain name server;
A sending unit, configured to send the first information and the second information to the authoritative domain name server; wherein,
the authority domain name server configures the first IP address for the dynamic domain name of the client device under the condition that the first digital abstract of the first information is verified to be consistent with the second digital abstract; the first digital digest is derived by the authoritative domain name server decrypting the second information based on a public key of the first key pair.
The embodiment of the application also provides another dynamic domain name configuration device which is applied to the authoritative domain name server, and the device comprises:
the receiving unit is used for receiving the first information and the second information sent by the client equipment; the first information at least comprises a first IP address and a first check value; the second information characterizes an encryption result of the client device for encrypting the first digital digest of the first information based on a private key of a first key pair;
a decryption unit, configured to decrypt the second information based on a public key in the first key pair, to obtain the first digital digest;
the configuration unit is used for correspondingly configuring the first IP address for the dynamic domain name of the client device under the condition that the first digital abstract is consistent with the second digital abstract; the second digital digest is derived based on the received first information.
The embodiment of the application also provides electronic equipment, which comprises: a processor and a memory for storing a computer program capable of running on the processor,
wherein the processor is configured to execute the steps of any of the methods described above when the computer program is run.
Embodiments of the present application also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of any of the methods described above.
In the embodiment of the application, the client device can encrypt the first digital abstract of the first information based on the key in the first key pair to obtain the second information, and send the first information and the second information to the authoritative domain name server, so that the authoritative domain name server configures the first IP address for the dynamic domain name of the client device under the condition that the first digital abstract of the first information is verified to be consistent with the second digital abstract, and the private key and the public key in the first key pair generated by the client device enable the authoritative domain name server to configure the corresponding IP address for the dynamic domain name, thereby ensuring the security of the dynamic domain name configuration and avoiding the leakage of security information.
Drawings
FIG. 1 is a schematic diagram of a dynamic domain name configuration system in the related art;
fig. 2 is a schematic flow chart of remote control of home devices using dynamic domain names in the related art;
FIG. 3 is a schematic flow chart of an implementation of dynamic domain name configuration according to an embodiment of the present application;
FIG. 4 is a schematic flow chart of an implementation of dynamic domain name configuration according to another embodiment of the present application;
fig. 5 is a flowchart of a client device receiving a first check value issued by an authoritative domain name server according to an embodiment of the present application;
FIG. 6 is a schematic diagram of a flow chart for implementing dynamic domain name configuration according to an embodiment of the present application;
FIG. 7 is a flow chart of verifying the second information by the authoritative domain name server according to an embodiment of the present application;
FIG. 8 is a schematic diagram of a flow chart for implementing dynamic domain name configuration according to an embodiment of the present application;
FIG. 9 is a schematic flow chart of an implementation of dynamic domain name configuration according to another embodiment of the present application;
FIG. 10 is a schematic flow chart of public key registration according to an embodiment of the present application;
FIG. 11 is a flow chart of dynamic domain name configuration according to an embodiment of the present application;
fig. 12 is a schematic structural diagram of a dynamic domain name configuration device according to an embodiment of the present application;
fig. 13 is a schematic structural diagram of a dynamic domain name configuration device according to another embodiment of the present application;
Fig. 14 is a schematic diagram of a hardware composition structure of a mobile terminal according to an embodiment of the present application.
Detailed Description
The present application will now be described in further detail with reference to the accompanying drawings and specific examples.
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system configurations, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. However, it will be apparent to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
The technical solutions described in the embodiments of the present application may be arbitrarily combined without any conflict.
In addition, in the embodiments of the present application, "first," "second," and the like are used to distinguish similar objects, and are not necessarily used to describe a particular order or sequence.
Before the technical solutions of the embodiments of the present application are described in detail, first, a brief description is given of dynamic domain name configuration in the related art.
Fig. 1 is a schematic diagram of a dynamic domain name configuration system in the related art, where the dynamic domain name configuration system includes a client device, a website server, and an authoritative domain name server. The specific dynamic domain name configuration flow is as follows:
Step 1: the User registers an account number (denoted as ddns_user), a Password (denoted as ddns_password) on the local domain name, and registers a dynamic domain name (denoted as xxx.
Step 2: and storing the DDNS_user and the DDNS_password in the client device.
Step 3: when the client device is networked using the operator's services, the operator may assign an IP address (denoted ip_a) to the client device.
Step 4: the client device logs in the website server by using the saved DDNS_user and DDNS_password, and registers the IP address of the dynamic domain name xxx.
Step 5: the local domain name server returns the registration result of the dynamic domain name to the client device.
Step 6: the local domain name server requests the authoritative domain name server to update the IP address of the dynamic domain name xxx.
Step 7: the authoritative domain name server updates the IP address of xxx.someddns.com of the dynamic domain name to ip_a.
Step 8: and the authoritative domain name server returns the updated result to the website server.
Assuming that the operator assigns a new IP address (denoted as ip_b) to the client device, the client device registers ip_b to the web server, and the corresponding dynamic domain name configuration flow is as follows:
Step 1: the client device logs in the website server by using the saved DDNS_user and DDNS_password, and registers the IP address of the dynamic domain name xxx.
Step 2: the local domain name server returns the registration result of the dynamic domain name to the client device.
Step 3: the local domain name server requests the authoritative domain name server to update the IP address of the dynamic domain name xxx.
Step 7: the authoritative domain name server updates the IP address of xxx.someddns.com of the dynamic domain name to ip_b.
Step 8: and the authoritative domain name server returns the updated result to the local domain name server.
In an application scenario, a user may use a mobile terminal to remotely control a home device (e.g., a sweeping robot) through a client device, and the mobile terminal must acquire the latest IP address of the client device in real time to realize remote control of the home device due to dynamic adjustment of an IP address allocated to the client device by an operator. As shown in fig. 2, fig. 2 shows a schematic flow chart of remote control of home devices using dynamic domain names.
Step 1: the home control service queries the local domain name server for the IP address of xxx.
Step 2: the local domain name server queries the authoritative domain name server for the IP address of xxx.
Step 3: the authoritative domain name server returns the IP address of xxx.someddns.com of the client device domain name to the local server.
Step 4: the local server returns the IP address of xxx.someddns.com of the client device domain name to the mobile terminal.
Step 5: the mobile terminal is connected with the client device according to the IP address of xxx.someddns.com of the domain name of the client device, establishes remote safe connection with the client device and issues a control instruction for controlling the home device.
Step 6: the client device forwards the control instruction data packet of the mobile terminal to the household device.
Step 7: and the home equipment executes the control instruction and returns the execution result data packet to the client equipment.
Step 8: the client device sends the execution result data packet to the mobile terminal.
In the prior art, a client device is required to store an account number and a password of a user on a website server for dynamic domain name configuration, and when the client device has security holes, the stored account number and password of the website server are easy to leak, so that a security problem exists in updating an IP address of the dynamic domain name. In the process of carrying out dynamic domain name configuration, the cooperation of a website server and an authoritative domain name server is required, and when the website server and the authoritative domain name server are deployed in different areas, the problem of update delay is easy to exist, so that the update of the IP address of the dynamic domain name is failed.
Based on the above, in the embodiment of the application, the client device does not need to apply for registering or updating the IP address of the dynamic domain name to the server based on the account number and the password of the server, so that the security of the dynamic domain name configuration is ensured.
The present application will now be described in further detail with reference to the accompanying drawings and specific examples.
An embodiment of the present application provides a dynamic domain name configuration method, and fig. 3 is a schematic flow chart of the dynamic domain name configuration method in the embodiment of the present application. As shown in fig. 3, the method is applied to a client device, and includes:
s301: and encrypting the first digital digest of the first information based on the private key in the first key pair to obtain second information.
The client device processes the first information through the one-way hash function, a 128-bit first digital digest can be obtained, a corresponding relation exists between the first information and the first digital digest, and if the first information changes, the corresponding generated first digital digest also changes, so that the first information can be identified by using the first digital digest. In practical applications, the second information is substantially a digital signature of the first information, and the encrypting of the first digital digest of the first information may be performed by selecting a different digital signature algorithm.
In this embodiment, the first check value is issued to the client device by the authoritative domain name server, and the authoritative domain name server can check the client device through the first check value, so as to determine whether communication between the authoritative domain name server and the client device is safe.
In the case where the authoritative domain name server can determine the dynamic domain name of the client device, for example, the authoritative domain name server can determine the dynamic domain name of the client device in communication with the authoritative domain name server through device information of the client device, etc., in this case, the first information provided by the client device needs to include the first IP address and the first check value when the authoritative domain name server configures the dynamic domain name of the client device.
In the case that the authoritative domain name server cannot determine the dynamic domain name of the client device, when the authoritative domain name server configures the dynamic domain name of the client device, the first information provided by the client device needs to include the first IP address, the dynamic domain name of the client device and the first check value.
In this embodiment, the first IP address is an IP address of a dynamic domain name assigned to the client device by the operator.
The client device encrypts the first digital digest by using a private key in the first key pair to obtain second information, wherein the second information is an encrypted first digital digest.
S302: and sending the first information and the second information to the authoritative domain name server.
The client device packages and sends first information and second information to the authoritative domain name server, wherein the first information at least comprises a first IP address and a first check value of a dynamic domain name of the client device, the second information is an encryption result of a first digital digest of the first information, and therefore the authoritative domain name server can verify the second information to ensure the communication safety of the client device and the authoritative domain name server, the verification of the second information by the authoritative domain name server is to verify a digital signature, the authoritative domain name server decrypts the second information based on a public key of a first key pair to obtain the first digital digest, the first digital digest is verified with a second digital digest generated by the authoritative domain name server based on the received first information, and the authoritative domain name server utilizes the first information to configure the first IP address for the dynamic domain name of the client device under the condition that the first digital digest is consistent with the second digital digest.
Under a home control scene, the client device can be a home router, the home router sends first information and second information to an authoritative domain name server, and the authoritative domain name server can register an IP address of a dynamic domain name of the home router through the first information and the second information, so that the mobile terminal can establish connection with the home router through the IP address of the home router, and further different home devices can be remotely controlled.
In this embodiment, the client device communicates directly with the authoritative domain name server, and the authoritative domain name server completes the configuration of the IP address for the dynamic domain name of the client device, so that the communication overhead of the local domain name server and the authoritative domain name server in the process of dynamic domain name configuration can be avoided.
In the above embodiment, the client device encrypts the first digital digest of the first information based on the private key in the first key pair to obtain the second information, and sends the first information and the second information to the authoritative domain name server, so that the authoritative domain name server verifies the second information based on the public key in the first key pair, and under the condition that the first digital digest is consistent with the second digital digest, the authoritative domain name server configures an IP address for the dynamic domain name of the client device, and the account number and the password of the server do not need to be stored on the client device, and the configuration of the dynamic domain name is processed through the key pair, so that the communication security between the client device and the dynamic domain name server can be ensured, the security of the dynamic domain name configuration is ensured, and the leakage of the security information is avoided.
In an embodiment, as shown in fig. 4, before encrypting the first digital digest of the first information based on the private key in the first key pair to obtain the second information, the method further includes:
s401: a first key pair is generated.
The first key pair generated by the client device is for dynamic domain name configuration, and the client device may generate the first key pair through an algorithm of the key pair, such as an RSA encryption algorithm, an elliptic encryption algorithm (ECC, elliptic curve cryptography).
S402: the public key of the first key pair is issued.
The client device sends out the public key in the first key pair, so that the authoritative domain name server can bind the dynamic domain name of the client device with the public key, and the authoritative domain name server can verify the second information by using the public key, and the first IP address is configured for the dynamic domain name of the client device.
In practical application, the first public key pair can be generated at any time according to the user requirement, and the public key is sent out to enable the authoritative domain name server to register the public key, for example, in the scene that the user changes the client device, the user can generate a new first key pair by using the changed client device, and the dynamic domain name of the client device is configured by using the new first key pair.
In an embodiment, the client device may send the first key pair to a local domain name server, where the local domain name server may forward the public key and the dynamic domain name of the client device to an authoritative domain name server, so that the authoritative domain name server stores the public key and the dynamic domain name of the client device, and the authoritative domain name server may configure the first IP address for the dynamic domain name of the client device using the public key.
In another embodiment, the client device may directly send the public key in the first key pair to the authoritative domain name server, that is, the authoritative domain name server directly receives the public key sent by the client device, so that the authoritative domain name server can bind the public key with the dynamic domain name of the client device.
In one embodiment, fig. 5 is a flowchart of a client device receiving a first check value issued by an authoritative domain name server, including:
s501: a first request is sent to an authoritative domain name server.
When the client device needs to register an IP address corresponding to a dynamic domain name of the client device through the authoritative domain name server, or the IP address corresponding to the dynamic domain name of the client device is changed, the client device needs to update the IP address corresponding to the dynamic domain name of the client device through the authoritative domain name server, and the client device sends a first request to the authoritative domain name server to request the authoritative domain name server to configure the IP address corresponding to the dynamic domain name of the client device.
S502: the receiving authoritative domain name server is based on a first check value issued by the first request.
The embodiment of the application also provides another dynamic domain name configuration method, as shown in fig. 6, the method is applied to an authoritative domain name server, and the method comprises the following steps:
s601: and receiving the first information and the second information sent by the client equipment.
The authoritative domain name server is responsible for resolving the dynamic domain name and configuring a corresponding IP address for the dynamic domain name, so that a user can access a corresponding site through the dynamic domain name.
In the case where the authoritative domain name server may determine the dynamic domain name of the client device, for example, the authoritative domain name server may determine the dynamic domain name of the client device in communication with the authoritative domain name server through device information of the client device, etc., in which case the first information received by the authoritative domain name server includes the first IP address and the first check value.
In the case that the authoritative domain name server cannot determine the dynamic domain name of the client device, the first information received by the authoritative domain name server includes the first IP address, the dynamic domain name of the client device and the first check value.
The authoritative domain name server also receives second information sent by the client device, wherein the second information is the result of the client encrypting the first digital digest of the first information based on the private key of the first key pair.
S602: and decrypting the second information based on the public key in the first key pair to obtain the first digital digest.
In practical application, the second information received by the authoritative domain name server is substantially the digital signature of the first information, and the authoritative domain name server can determine whether the received first information is changed by verifying the second information, so that the safety of dynamic domain name configuration can be ensured.
The second information is obtained by encrypting the first digital digest by the private key in the first key pair, and the authoritative domain name server can decrypt the second information by using the public key in the first key pair to obtain the first digital digest.
S603: and under the condition that the first digital abstract is consistent with the second digital abstract, configuring a first IP address for the dynamic domain name of the client device.
The first digital digest is transmitted in encrypted form from the client device to the authoritative domain name server, and the first digital digest decrypted by the authoritative domain name server is generated based on first information (denoted as first information a) on the client device side, wherein the first information a is unmodified and has integrity.
The authoritative domain name server processes the received first information (denoted as first information B) by a one-way hash function to obtain a 128-bit second digital digest. In practical application, the digital abstract has a corresponding relation with the processed file, when the processed file changes, the generated digital abstract also changes, and based on the corresponding relation between the digital abstract and the processed file, whether the first information A of the client device is consistent with the first information B received by the authoritative domain name server or not can be judged by comparing the first digital abstract with the second digital abstract.
As shown in fig. 7, fig. 7 shows a verification flow of the second information by the authoritative domain name server.
Step 1: the client device processes the first information by using the one-way hash function to obtain a first digital digest.
Step 2: the client device encrypts the first digital digest by using the private key in the first key pair to obtain second information.
Step 3: the client device sends the first information and the second information to an authoritative domain name server.
Step 4: the authoritative domain name server processes the received first information by utilizing a one-way hash function to obtain a second digital digest.
Step 5: the authoritative domain name server decrypts the second information by utilizing the public key in the first key pair to obtain the first digital abstract.
Step 6: the authoritative domain name server verifies whether the first digital digest is consistent with the second digital digest.
Under the condition that the authority domain name server verifies that the first digital abstract is consistent with the second digital abstract, the authority domain name server indicates that the first information received by the authority domain name server is not changed, and the authority domain name server can configure an IP address for the dynamic domain name of the client device by using the first IP address in the first information.
When the first digital abstract is inconsistent with the second digital abstract, the first information received by the authoritative domain name server is changed, and the authoritative domain name server stops configuring the IP address for the dynamic domain name of the client device. In practical applications, information about configuration errors may also be returned to the client device.
In the above embodiment, the authoritative domain name server receives the first information and the second information sent by the client device, decrypts the second information based on the public key in the first key pair to obtain the first digital abstract, and configures the first IP address for the dynamic domain name of the client device under the condition that the first digital abstract is consistent with the second digital abstract, so that the authoritative domain name server configures the corresponding IP address for the dynamic domain name of the client device directly through communication with the client device, thereby reducing communication overhead, and the authoritative domain name server can also verify the information sent by the client device, further ensuring the security of the dynamic domain name configuration, and avoiding the leakage of security information.
In an embodiment, as shown in fig. 8, before receiving the first information and the second information sent by the client device, the method further includes:
s801: a first request sent by a client device is received.
The first request is used for requesting the authoritative domain name server to configure an IP address corresponding to the dynamic domain name of the client device, and comprises registering the IP address corresponding to the dynamic domain name of the client device and updating the IP address corresponding to the dynamic domain name of the client device.
S802: a first check value is issued based on the first request.
In practical application, the first check value issued by the authoritative domain name server is a randomly generated numerical value.
In an embodiment, the authoritative domain name server verifies the first check value in the received first information, in particular, if the first check value issued by the authoritative domain name server based on the first request is consistent with the first check value in the first information. Under the condition that the first check value issued based on the first request is consistent with the first check value in the first information, the first information is less likely to be changed in the transmission process, and verification is further carried out through the first digital digest and the second digital digest, so that the safety of the first information can be ensured through double verification, and the data safety of dynamic domain name configuration is ensured.
Under the condition that the first check value issued based on the first request is inconsistent with the first check value in the first information, the first information is indicated to be changed in the transmission process, the first IP address contained in the first information is not the IP address distributed to the client device by an operator to the greatest extent, and the authoritative domain name server does not configure the corresponding IP address for the dynamic domain name of the client device according to the first IP address in the first information.
In an embodiment, as shown in fig. 9, before receiving the first information and the second information sent by the client device, the method further includes:
s901: a public key of a first key pair issued by a client device is received.
The private key in the first key pair is used by the client device to encrypt the first digital digest, and after the client device generates the first key pair, the client device needs to save the public key to the authoritative domain name server, so that the authoritative domain name server decrypts the second information by using the public key to obtain the first digital digest.
In one example, the public key received by the authoritative domain name server is issued directly to the authoritative domain name server by the client device.
In another example, the public key sent by the client device is received by the local domain name server and forwarded by the local domain name server to the authoritative domain name server.
S902: the public key is bound to the dynamic domain name of the client device.
The authority domain name server binds the dynamic domain name of the client device with the public key, and when the authority domain name server receives the second information sent by the client device, the authority domain name server can call the stored public key to decrypt the second information according to the dynamic domain name of the client device to obtain a first digital abstract, and the first digital abstract is checked.
As shown in fig. 10, fig. 10 shows a schematic flow chart of public key registration.
Step 1: the user registers account number and password on the local domain name server and registers a dynamic domain name.
Step 2: the client device generates a key pair.
Step 3: the user logs in the local domain name server by using the account number and the password of the local domain name server, and registers the public key in the key pair.
Step 4: the local domain name server synchronizes the domain name and public key of the client device to the authoritative domain name server.
Step 5: the authoritative domain name server stores the domain name and public key of the client device.
Step 6: the authoritative domain name server returns the registration result to the local domain name server.
Step 7: the local domain name server returns the registration result to the client device.
The application also provides an application embodiment, as shown in fig. 11, and fig. 11 shows a flow diagram of dynamic domain name configuration.
Step 1: the client device obtains a first IP address from the operator.
Step 2: the client device requests the authoritative domain name server to configure an IP address for the dynamic domain name of the client device.
Step 3: the authoritative domain name server returns a first check value to the client device.
Step 4: the client device encrypts a first digital digest of the first information based on a private key in the first key pair to obtain second information, wherein the first information at least comprises a first IP address and a first check value.
Step 5: the client device sends the first information and the second information to an authoritative domain name server.
Step 6: the authoritative domain name server compares the first check value.
Step 7: and decrypting the second information by using the public key to obtain the first digital abstract.
Step 8: and processing the first information to obtain a second digital abstract.
Step 9: it is determined that the first digital digest is consistent with the second digital digest.
Step 10: and configuring the IP address of the dynamic domain name of the client according to the IP address in the first information.
In order to implement the above dynamic domain name configuration method, as shown in fig. 12, an embodiment of the present application further provides a dynamic domain name configuration device, which is applied to a client device, where the device includes:
An encryption unit 1201, configured to encrypt a first digital digest of the first information based on a private key in the first key pair, to obtain second information; the first information at least comprises a first IP address and a first check value; the first check value is issued to the client device by an authoritative domain name server;
a sending unit 1202, configured to send the first information and the second information to the authoritative domain name server; wherein,
the authority domain name server configures the first IP address for the dynamic domain name of the client device under the condition that the first digital abstract of the first information is verified to be consistent with the second digital abstract; the first digital digest is derived by the authoritative domain name server decrypting the second information based on a public key of the first key pair.
In an embodiment, the device further comprises:
a generation unit configured to generate the first key pair;
the sending unit 1202 is further configured to send out a public key in the first key pair, so that the authoritative domain name server binds the dynamic domain name of the client device with the public key.
In an embodiment, the sending unit 1202, when sending out the public key of the first key pair, is further configured to:
Transmitting the public key of the first key pair to a local domain name server, such that the local domain name server forwards the public key to the authoritative domain name server, or,
and sending the public key in the first key pair to the authoritative domain name server.
In an embodiment, the sending unit 1202 is further configured to send a first request to the authoritative domain name server; the first request is used for requesting to configure an IP address corresponding to the dynamic domain name of the client device;
the apparatus further comprises:
and the receiving unit is used for receiving the first check value issued by the authoritative domain name server based on the first request.
In practical applications, the encryption unit 1201 and the sending unit 1202 may be implemented by a processor in the dynamic domain name configuration device. Of course, the processor needs to execute the program stored in the memory to realize the functions of the program modules.
It should be noted that, in the dynamic domain name configuration provided in the embodiment of fig. 12, only the division of the program modules is used for illustration, and in practical application, the process allocation may be performed by different program modules according to needs, that is, the internal structure of the device is divided into different program modules to complete all or part of the processes described above. In addition, the dynamic domain name configuration device and the dynamic domain name configuration method provided in the foregoing embodiments belong to the same concept, and specific implementation processes thereof are detailed in the method embodiments, which are not repeated herein.
The embodiment of the application also provides another dynamic domain name configuration device, as shown in fig. 13, applied to an authoritative domain name server, the device comprises:
a receiving unit 1301, configured to receive first information and second information sent by a client device; the first information at least comprises a first IP address and a first check value; the second information characterizes an encryption result of the client device for encrypting the first digital digest of the first information based on a private key of a first key pair;
a decryption unit 1302, configured to decrypt the second information based on a public key in the first key pair, to obtain the first digital digest;
a configuration unit 1303, configured to configure the first IP address for the dynamic domain name of the client device when the first digital digest is consistent with the second digital digest; the second digital digest is derived based on the received first information.
In an embodiment, the receiving unit 1301 is further configured to receive a first request sent by the client device; the first request is used for requesting to configure an IP address corresponding to the dynamic domain name of the client device;
the apparatus further comprises:
And the sending unit is used for sending a first check value based on the first request.
In an embodiment, the decryption unit 1302 is further configured to, when decrypting the second information based on the public key in the first key pair, obtain the first digital digest:
and under the condition that a first check value issued based on the first request is the same as a first check value in the first information, decrypting the second information based on the public key in the first key pair to obtain the first digital digest.
In an embodiment, the receiving unit 1301 is further configured to receive a public key in the first key pair sent by the client device;
the apparatus further comprises:
and the binding unit is used for binding the public key with the dynamic domain name of the client device.
In practical application, the receiving unit 1301, the decrypting unit 1302, and the configuring unit 1303 may be implemented by a processor in the dynamic domain name configuring apparatus. Of course, the processor needs to execute the program stored in the memory to realize the functions of the program modules.
It should be noted that, in the dynamic domain name configuration provided in the embodiment of fig. 13, only the division of each program module is used for illustration, and in practical application, the process allocation may be performed by different program modules according to needs, that is, the internal structure of the device is divided into different program modules to complete all or part of the processes described above. In addition, the dynamic domain name configuration device and the dynamic domain name configuration method provided in the foregoing embodiments belong to the same concept, and specific implementation processes thereof are detailed in the method embodiments, which are not repeated herein.
Based on the hardware implementation of the program modules, and in order to implement the method of the embodiment of the present application, the embodiment of the present application further provides an electronic device, fig. 14 is a schematic diagram of a hardware composition structure of the electronic device of the embodiment of the present application, and as shown in fig. 14, the electronic device includes:
a communication interface 1 capable of information interaction with other devices such as network devices and the like;
and the processor 2 is connected with the communication interface 1 to realize information interaction with other devices and is used for executing the dynamic domain name configuration method provided by one or more technical schemes when running the computer program. And the computer program is stored on the memory 3.
Of course, in practice, the various components in the electronic device are coupled together by a bus system 4. It will be appreciated that the bus system 4 is used to enable connected communications between these components. The bus system 4 comprises, in addition to a data bus, a power bus, a control bus and a status signal bus. But for clarity of illustration the various buses are labeled as bus system 4 in fig. 14.
The memory 3 in the embodiment of the present application is used to store various types of data to support the operation of the electronic device. Examples of such data include: any computer program for operating on an electronic device.
It will be appreciated that the memory 3 may be either volatile memory or nonvolatile memory, and may include both volatile and nonvolatile memory. Wherein the nonvolatile Memory may be Read Only Memory (ROM), programmable Read Only Memory (PROM, programmable Read-Only Memory), erasable programmable Read Only Memory (EPROM, erasable Programmable Read-Only Memory), electrically erasable programmable Read Only Memory (EEPROM, electrically Erasable Programmable Read-Only Memory), magnetic random access Memory (FRAM, ferromagnetic random access Memory), flash Memory (Flash Memory), magnetic surface Memory, optical disk, or compact disk Read Only Memory (CD-ROM, compact Disc Read-Only Memory); the magnetic surface memory may be a disk memory or a tape memory. The volatile memory may be random access memory (RAM, random Access Memory), which acts as external cache memory. By way of example, and not limitation, many forms of RAM are available, such as static random access memory (SRAM, static Random Access Memory), synchronous static random access memory (SSRAM, synchronous Static Random Access Memory), dynamic random access memory (DRAM, dynamic Random Access Memory), synchronous dynamic random access memory (SDRAM, synchronous Dynamic Random Access Memory), double data rate synchronous dynamic random access memory (ddr SDRAM, double Data Rate Synchronous Dynamic Random Access Memory), enhanced synchronous dynamic random access memory (ESDRAM, enhanced Synchronous Dynamic Random Access Memory), synchronous link dynamic random access memory (SLDRAM, syncLink Dynamic Random Access Memory), direct memory bus random access memory (DRRAM, direct Rambus Random Access Memory). The memory 3 described in the embodiments of the present application is intended to comprise, without being limited to, these and any other suitable types of memory.
The method disclosed in the embodiments of the present application may be applied to the processor 2 or implemented by the processor 2. The processor 2 may be an integrated circuit chip with signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in the processor 2 or by instructions in the form of software. The processor 2 described above may be a general purpose processor, DSP, or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor 2 may implement or perform the methods, steps and logic blocks disclosed in the embodiments of the present application. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application may be directly embodied in a hardware decoding processor or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in a storage medium in the memory 3 and the processor 2 reads the program in the memory 3 to perform the steps of the method described above in connection with its hardware.
The processor 2 implements corresponding flows in the methods of the embodiments of the present application when executing the program, and for brevity, will not be described in detail herein.
In an exemplary embodiment, the present application also provides a storage medium, i.e. a computer storage medium, in particular a computer readable storage medium, for example comprising a memory 3 storing a computer program executable by the processor 2 for performing the steps of the method described above. The computer readable storage medium may be FRAM, ROM, PROM, EPROM, EEPROM, flash Memory, magnetic surface Memory, optical disk, or CD-ROM.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus, terminal and method may be implemented in other manners. The above described device embodiments are only illustrative, e.g. the division of the units is only one logical function division, and there may be other divisions in practice, such as: multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or units, whether electrically, mechanically, or otherwise.
The units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units; some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated in one unit; the integrated units may be implemented in hardware or in hardware plus software functional units.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: a removable storage device, ROM, RAM, magnetic or optical disk, or other medium capable of storing program code.
Alternatively, the integrated units described above may be stored in a computer readable storage medium if implemented in the form of software functional modules and sold or used as a stand-alone product. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or partly contributing to the prior art, and the computer software product may be stored in a storage medium, and include several instructions to cause an electronic device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a removable storage device, ROM, RAM, magnetic or optical disk, or other medium capable of storing program code.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (12)

1. A dynamic domain name configuration method, applied to a client device, the method comprising:
encrypting the first digital digest of the first information based on the private key of the first key pair to obtain second information; the first information at least comprises a first IP address and a first check value; the first check value is issued to the client device by an authoritative domain name server;
transmitting the first information and the second information to the authoritative domain name server; wherein,
the authority domain name server configures the first IP address for the dynamic domain name of the client device under the condition that the first digital abstract of the first information is verified to be consistent with the second digital abstract; the first digital abstract is obtained by the authority domain name server through decryption of the second information based on a public key in the first key pair; the second digital digest is derived based on the first information received by the authoritative domain name server.
2. The method of claim 1, wherein prior to encrypting the first digital digest of the first information based on the private key of the first key pair to obtain the second information, the method further comprises:
Generating the first key pair;
and sending out the public key in the first key pair so that the authority domain name server binds the dynamic domain name of the client device with the public key.
3. The method of claim 2, wherein said issuing the public key of the first key pair comprises:
transmitting the public key of the first key pair to a local domain name server, such that the local domain name server forwards the public key to the authoritative domain name server, or,
and sending the public key in the first key pair to the authoritative domain name server.
4. The method of claim 1, wherein prior to encrypting the first digital digest of the first information based on the private key of the first key pair to obtain the second information, the method further comprises:
sending a first request to the authoritative domain name server; the first request is used for requesting to configure an IP address corresponding to the dynamic domain name of the client device;
and receiving the first check value issued by the authoritative domain name server based on the first request.
5. A dynamic domain name configuration method, applied to an authoritative domain name server, the method comprising:
Receiving first information and second information sent by client equipment; the first information at least comprises a first IP address and a first check value; the second information characterizes an encryption result of the client device for encrypting the first digital digest of the first information based on a private key of a first key pair;
decrypting the second information based on the public key of the first key pair to obtain the first digital digest;
configuring the first IP address for the dynamic domain name of the client device correspondingly under the condition that the first digital abstract is consistent with the second digital abstract; the second digital digest is derived based on the received first information.
6. The method of claim 5, wherein prior to receiving the first information and the second information sent by the client device, the method further comprises:
receiving a first request sent by the client device; the first request is used for requesting to configure an IP address corresponding to the dynamic domain name of the client device;
and issuing a first check value based on the first request.
7. The method of claim 6, wherein decrypting the second information based on the public key of the first key pair results in the first digital digest, comprising:
And under the condition that a first check value issued based on the first request is the same as a first check value in the first information, decrypting the second information based on the public key in the first key pair to obtain the first digital digest.
8. The method of claim 5, wherein prior to receiving the first information and the second information sent by the client device, the method further comprises:
receiving a public key in the first key pair sent by the client device;
binding the public key with a dynamic domain name of the client device.
9. A dynamic domain name configuration apparatus for application to a client device, the apparatus comprising:
the encryption unit is used for encrypting the first digital abstract of the first information based on the private key in the first key pair to obtain second information; the first information at least comprises a first IP address and a first check value; the first check value is issued to the client device by an authoritative domain name server;
a sending unit, configured to send the first information and the second information to the authoritative domain name server; wherein,
the authority domain name server configures the first IP address for the dynamic domain name of the client device under the condition that the first digital abstract of the first information is verified to be consistent with the second digital abstract; the first digital abstract is obtained by the authority domain name server through decryption of the second information based on a public key in the first key pair; the second digital digest is derived based on the first information received by the authoritative domain name server.
10. A dynamic domain name configuration device for use with an authoritative domain name server, the device comprising:
the receiving unit is used for receiving the first information and the second information sent by the client equipment; the first information at least comprises a first IP address and a first check value; the second information characterizes an encryption result of the client device for encrypting the first digital digest of the first information based on a private key of a first key pair;
a decryption unit, configured to decrypt the second information based on a public key in the first key pair, to obtain the first digital digest;
the configuration unit is used for correspondingly configuring the first IP address for the dynamic domain name of the client device under the condition that the first digital abstract is consistent with the second digital abstract; the second digital digest is derived based on the received first information.
11. An electronic device, comprising: a processor and a memory for storing a computer program capable of running on the processor,
wherein the processor is adapted to perform the steps of the method of any of claims 1 to 4 or 5 to 8 when the computer program is run.
12. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 4 or 5 to 8.
CN202210687463.4A 2022-06-16 2022-06-16 Dynamic domain name configuration method, device, electronic equipment and storage medium Active CN114979071B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210687463.4A CN114979071B (en) 2022-06-16 2022-06-16 Dynamic domain name configuration method, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210687463.4A CN114979071B (en) 2022-06-16 2022-06-16 Dynamic domain name configuration method, device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114979071A CN114979071A (en) 2022-08-30
CN114979071B true CN114979071B (en) 2024-03-26

Family

ID=82962978

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210687463.4A Active CN114979071B (en) 2022-06-16 2022-06-16 Dynamic domain name configuration method, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114979071B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102843445A (en) * 2012-09-29 2012-12-26 北京奇虎科技有限公司 Browser and domain name resolution method thereof
US8656490B1 (en) * 2010-09-14 2014-02-18 Symantec Corporation Safe and secure access to dynamic domain name systems
CN104253793A (en) * 2013-06-27 2014-12-31 政务和公益机构域名注册管理中心 Method for updating key-signing keys and zone-signing keys in domain name system security extension
CN109067768A (en) * 2018-08-31 2018-12-21 赛尔网络有限公司 A kind of detection method, system, equipment and the medium of inquiry of the domain name safety
CN111818196A (en) * 2020-07-22 2020-10-23 深圳市有方科技股份有限公司 Domain name resolution method, domain name resolution device, computer equipment and storage medium
CN112671779A (en) * 2020-12-25 2021-04-16 赛尔网络有限公司 DoH server-based domain name query method, device, equipment and medium
WO2021226894A1 (en) * 2020-05-13 2021-11-18 深圳市欢太科技有限公司 Ip address updating method, apparatus, and device, and computer storage medium
CN114079645A (en) * 2020-08-13 2022-02-22 华为技术有限公司 Method and device for registering service
CN114301677A (en) * 2021-12-28 2022-04-08 中国电信股份有限公司 Key negotiation method, device, electronic equipment and storage medium
CN114448641A (en) * 2021-12-30 2022-05-06 北京航天晨信科技有限责任公司 Privacy encryption method, electronic equipment, storage medium and chip

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8656490B1 (en) * 2010-09-14 2014-02-18 Symantec Corporation Safe and secure access to dynamic domain name systems
CN102843445A (en) * 2012-09-29 2012-12-26 北京奇虎科技有限公司 Browser and domain name resolution method thereof
CN104253793A (en) * 2013-06-27 2014-12-31 政务和公益机构域名注册管理中心 Method for updating key-signing keys and zone-signing keys in domain name system security extension
CN109067768A (en) * 2018-08-31 2018-12-21 赛尔网络有限公司 A kind of detection method, system, equipment and the medium of inquiry of the domain name safety
WO2021226894A1 (en) * 2020-05-13 2021-11-18 深圳市欢太科技有限公司 Ip address updating method, apparatus, and device, and computer storage medium
CN111818196A (en) * 2020-07-22 2020-10-23 深圳市有方科技股份有限公司 Domain name resolution method, domain name resolution device, computer equipment and storage medium
CN114079645A (en) * 2020-08-13 2022-02-22 华为技术有限公司 Method and device for registering service
CN112671779A (en) * 2020-12-25 2021-04-16 赛尔网络有限公司 DoH server-based domain name query method, device, equipment and medium
CN114301677A (en) * 2021-12-28 2022-04-08 中国电信股份有限公司 Key negotiation method, device, electronic equipment and storage medium
CN114448641A (en) * 2021-12-30 2022-05-06 北京航天晨信科技有限责任公司 Privacy encryption method, electronic equipment, storage medium and chip

Also Published As

Publication number Publication date
CN114979071A (en) 2022-08-30

Similar Documents

Publication Publication Date Title
JP6197000B2 (en) System, vehicle, and software distribution processing method
US10567370B2 (en) Certificate authority
CN102546176B (en) DNS security is supported in multiagent environment
JP2020080530A (en) Data processing method, device, terminal, and access point computer
JP6471112B2 (en) COMMUNICATION SYSTEM, TERMINAL DEVICE, COMMUNICATION METHOD, AND PROGRAM
US10291567B2 (en) System and method for resetting passwords on electronic devices
US9438583B2 (en) Certificate generation method, certificate generation apparatus, information processing apparatus, and communication device
CN112995138B (en) Data communication method and device, electronic equipment and readable storage medium
US20170359170A1 (en) Workload encryption key
JP6440334B2 (en) System, vehicle, and software distribution processing method
US11153099B2 (en) Reestablishing secure communication with a server after the server's certificate is renewed with a certificate authority unknown to the client
CN113703911B (en) Virtual machine migration method, device, equipment and storage medium
CN110771087B (en) Private key update
CN114095919A (en) Certificate authorization processing method based on Internet of vehicles and related equipment
CN114979071B (en) Dynamic domain name configuration method, device, electronic equipment and storage medium
JP2021002798A (en) Facility device, air conditioner, lighting device, air conditioner controller, mobile terminal, and communication system
US11570008B2 (en) Pseudonym credential configuration method and apparatus
CN114338091A (en) Data transmission method and device, electronic equipment and storage medium
JP2024501326A (en) Access control methods, devices, network equipment, terminals and blockchain nodes
CN110324290B (en) Network equipment authentication method, network element equipment, medium and computer equipment
JP5175541B2 (en) Method and related apparatus for securing operation over a network
JP4202980B2 (en) Module starter, method and system
JP2018026874A (en) Data providing system and data providing method
CN116566716A (en) Cloud system authentication method, third party system authentication method, device and equipment
CN117728958A (en) Communication method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant