CN115314465A - Domain name filtering method, filtering system and private DNS server thereof - Google Patents
Domain name filtering method, filtering system and private DNS server thereof Download PDFInfo
- Publication number
- CN115314465A CN115314465A CN202210882617.5A CN202210882617A CN115314465A CN 115314465 A CN115314465 A CN 115314465A CN 202210882617 A CN202210882617 A CN 202210882617A CN 115314465 A CN115314465 A CN 115314465A
- Authority
- CN
- China
- Prior art keywords
- domain name
- vehicle
- mounted terminal
- cloud
- dns
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Abstract
The invention discloses a domain name filtering method, a filtering system and a private DNS server thereof, wherein the method comprises the following steps: the vehicle-mounted terminal sends a DNS request for accessing an external network domain name to a cloud DNS server; the cloud terminal DNS server receives a domain name resolution request from the vehicle-mounted terminal, matches and filters the domain name resolution request according to a domain name white list preset by the cloud terminal DNS server, resolves the DNS request in the domain name white list, sends an IP address corresponding to the DNS request to the vehicle-mounted terminal, and the vehicle-mounted terminal receives the IP address and establishes connection with an external network. According to the method and the system, the private DNS server is built through the cloud to match and filter the DNS analysis request of the vehicle-mounted terminal, and the work of domain name matching and filtering is transferred to the cloud server, so that the problems that the throughput of a local firewall of the vehicle-mounted terminal is reduced and a white list file is difficult to maintain are solved, and the firewall of the vehicle-mounted terminal is prevented from becoming the bottleneck of data throughput.
Description
Technical Field
The present invention relates to a filtering method, a filtering system and a private DNS server thereof, and in particular, to a domain name filtering method, a filtering system and a private DNS server thereof.
Background
In order to meet the communication safety requirements of vehicle-mounted terminals, access control is mostly realized in the industry by configuring a 'domain name white list' for firewall software of a communication terminal, that is, only the terminal is allowed to access domain names in the 'white list', and all access requests for domain names except the 'white list' are rejected. However, the prior art has at least two disadvantages:
the efficiency of the domain name matching algorithm of the 'white list' of the firewall software is low, and along with the increase of the number of domain names in the 'white list', the matching efficiency is further deteriorated, so that the data throughput of the terminal is reduced. The reasons for the occurrence of the problems are: when a terminal tries to send a data packet, firewall software matches the access domain name of the data packet with the domain name of a white list one by one, and the matching mechanism is linear, namely, starting from the first domain name of the white list, each domain name is matched one by one, until the matching is successful or the bottom of the white list is reached, the operation of releasing or discarding the data packet is not executed, and the matching of the next data packet is started. With the increase of the services of the vehicle-mounted terminal, the domain name of the white list is increased continuously, and the data transmission rate is increased after the 5G is popularized, so that the matching mechanism becomes the bottleneck of the data throughput of the terminal.
The terminal needs to constantly maintain the updated version and the file validity of the domain name white list, namely, whether the currently used domain name white list is the latest version needs to be periodically checked, and the file is not invalid due to storage area damage and other reasons. Because if the 'white list' is not updated timely, some newly added terminal application functions may fail due to the fact that the newly added terminal application functions cannot access the network; if the "white list" file fails, the firewall is "portal wide open" because the "domain name white list" cannot be loaded. The solution of locally maintaining a "white list" therefore presents an information security risk.
Disclosure of Invention
The invention aims to provide a domain name filtering method, a filtering system and a private DNS server thereof, and aims to solve the technical problems that a private DNS server is built at a cloud end, a domain name white list is set, DNS analysis requests sent by a vehicle-mounted terminal are matched and filtered according to the domain name white list, safe websites in the white list are analyzed, domain names which are not in the white list fail to be analyzed due to the fact that corresponding IP addresses cannot be found, and the defects in the prior art are overcome.
The invention provides the following scheme:
a domain name filtering method specifically comprises the following steps:
the vehicle-mounted terminal sends a DNS request for accessing an external network domain name to a cloud DNS server;
the cloud DNS server receives a domain name resolution request from a vehicle-mounted terminal;
the cloud DNS server matches and filters the domain name resolution request according to a domain name white list preset by the cloud DNS server;
the cloud DNS server analyzes the DNS request in the domain name white list;
the cloud DNS server sends an IP address corresponding to the DNS request to the vehicle-mounted terminal;
and the vehicle-mounted terminal receives the IP address and establishes connection with an external network.
Further, the vehicle-mounted terminal sends a DNS request for accessing an external network domain name to the cloud DNS server, specifically: and the DNS request comprises an external network address to be accessed by the vehicle-mounted terminal.
Further, the cloud DNS server resolves the DNS request in the domain name white list, specifically: if the DNS request is successfully analyzed, the DNS server returns an IP address obtained by analyzing the domain name to the vehicle-mounted terminal; and if the analysis fails, returning an analysis failure result.
Further, the domain name white list is centrally deployed in a cloud DNS server and is updated in real time.
A domain name filtering method specifically comprises the following steps:
the cloud DNS server receives a domain name resolution request from a vehicle-mounted terminal;
the cloud DNS server matches and filters the domain name resolution request of the vehicle-mounted terminal according to a preset domain name white list;
the cloud DNS server analyzes the DNS request in the domain name white list;
and the cloud DNS server sends the IP address corresponding to the DNS request to the vehicle-mounted terminal, and the IP address is used for establishing connection between the vehicle-mounted terminal and an external network.
A domain name filtering system specifically comprises:
the system comprises a vehicle-mounted terminal DNS request module, a cloud DNS server and a DNS analysis module, wherein the vehicle-mounted terminal DNS request module is used for sending a DNS analysis request to the cloud DNS server when a vehicle-mounted terminal accesses an external network;
the cloud DNS server matching and filtering module is used for receiving a domain name resolution request from the vehicle-mounted terminal, and matching and filtering the domain name resolution request according to a domain name white list preset by the cloud DNS server matching and filtering module;
the IP address analysis sending module is used for sending the matched and filtered IP address to the vehicle-mounted terminal;
and the vehicle-mounted terminal network access module is used for receiving the matched and filtered IP address sent by the cloud DNS server analysis module and establishing connection with an external network.
An electronic device, comprising: the system comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus; the memory has stored therein a computer program which, when executed by the processor, causes the processor to carry out the steps of the method.
A computer readable storage medium storing a computer program executable by an electronic device, the computer program, when run on the electronic device, causing the electronic device to perform the steps of the method.
A cloud server is specifically a private DNS server, a domain name white list is preset in the cloud server, a corresponding relation between a domain name and an IP address is stored in the domain name white list, when a vehicle-mounted terminal sends a DNS analysis request to the cloud server, the cloud server processes the DNS analysis request of the vehicle-mounted terminal according to the corresponding relation between the domain name and the IP address in the domain name white list, and returns the IP address corresponding to the DNS analysis request in the domain name white list, and the cloud server further comprises:
the electronic equipment is used for realizing the domain name filtering method;
a processor that executes a program, the steps of the domain name filtering method being performed from data output from the electronic device when the program is executed;
a storage medium for storing a program which, when executed, performs the steps of the domain name filtering method on data output from an electronic device.
Compared with the prior art, the invention has the following advantages:
according to the method and the system, the private DNS server is built at the cloud, the domain name white list is set in the private DNS server, and the DNS analysis request sent by the vehicle-mounted terminal is matched and filtered according to the domain name white list. The invention enables the private DNS server to be the only exit of the vehicle-mounted terminal for accessing the external network in a mode of only allowing the vehicle-mounted terminal to resolve the domain name through the private DNS server, and plays a role of 'checkpoint' which is the same as a local firewall of the vehicle-mounted terminal.
Compared with the prior art that filtering is carried out through a local firewall of the vehicle-mounted terminal, the DNS analysis is carried out on the safe websites in the white list by building the private DNS server and setting the white list for matching and filtering, the analysis failure result is returned for the websites which are not in the white list, and the function of analyzing the domain names in the white list only and rejecting the analysis request of the domain names except the white list is realized by setting the 'domain name white list' on the private DNS server, so that the purpose of filtering the domain names is achieved, the vehicle-mounted terminal can only establish connection with the safe websites, and the network safety of the vehicle-mounted terminal is ensured.
According to the method and the system, the private DNS server is built through the cloud to match and filter the DNS analysis request of the vehicle-mounted terminal, and the work of domain name matching and filtering is transferred to the cloud server, so that the problems of throughput reduction of a local firewall of the vehicle-mounted terminal and difficulty in maintaining white list files are solved, the method and the system are suitable for improving the data transmission rate after 5G popularization, and the firewall of the vehicle-mounted terminal is prevented from becoming the bottleneck of data throughput.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flow chart of the domain name filtering method of the present invention.
Fig. 2 is an architecture diagram of the domain name filtering system of the present invention.
Fig. 3 is a schematic diagram of a firewall filtering of a vehicle-mounted terminal in the prior art.
Fig. 4 is a flow chart of an embodiment of the present invention.
Fig. 5 is a system architecture diagram of an electronic device.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The domain name filtering method of the present invention as shown in fig. 1 specifically includes:
step S1, the vehicle-mounted terminal sends a DNS request for accessing an external network domain name to the cloud DNS server, exemplarily: the DNS request comprises an external network address to be accessed by the vehicle-mounted terminal;
step S2, the cloud DNS server receives a domain name resolution request from the vehicle-mounted terminal, if the DNS request is resolved successfully, the DNS server returns an IP address resolved by the domain name to the vehicle-mounted terminal, if the resolution is failed, a resolution failure result is returned,
s3, the cloud DNS server matches and filters the domain name resolution request according to a domain name white list preset by the cloud DNS server; the following are exemplary: the white list is a corresponding relation of domain names and IP addresses, and the domain name white list is intensively deployed in a cloud DNS server and is updated in real time;
s4, the cloud DNS server analyzes the DNS request in the domain name white list;
s5, the cloud DNS server sends an IP address corresponding to the DNS request to the vehicle-mounted terminal;
and S6, the vehicle-mounted terminal receives the IP address and establishes connection with an external network.
Terminals (such as a PC and a smart phone) having internet access generally have open network access rights, and can extend the range of network access by installing an application in a browser or an application store. The network environment is only suitable for being managed by using a 'blacklist' mode, and except the website which is forbidden to be accessed, other modes are released completely to ensure the maximum access efficiency and expandability. The network of the vehicle-mounted terminal belongs to a closed network scene, the vehicle-mounted terminal can only access a limited number of known domain names and cannot randomly expand the network access range, so that the vehicle-mounted terminal is suitable for managing the vehicle-mounted terminal by using a white list mode and is more consistent with the scheme provided by the invention.
The following are exemplary: according to current project experience, a packet needs to be filtered through a firewall domain name in average 10ms,1 piece of music is about 10MB in size, an IP packet can bear 64KB of data at maximum, namely, a song needs to be divided into 10MB/64kb =160 packets, and the cumulative transmission delay =160 × 10ms =1.6s. The technical scheme of the invention can overcome the defect of transmission delay, and can intuitively experience that the waiting time for switching songs is shortened by about 1.6s on average when the car machine is used for playing network music, thereby increasing the fluency of network application and the user experience.
The process of the domain name filtering method shown in fig. 1 includes two main bodies, namely, a cloud DNS server and a vehicle-mounted terminal, and in another possible embodiment, discloses a process of performing data interaction with the vehicle-mounted terminal by using the cloud DNS server as a single main body, specifically:
the method comprises the steps that a cloud DNS server receives a domain name resolution request from a vehicle-mounted terminal;
the cloud DNS server matches and filters the domain name resolution request of the vehicle-mounted terminal according to a preset domain name white list;
the cloud DNS server analyzes the DNS request in the domain name white list;
and the cloud DNS server sends the IP address corresponding to the DNS request to the vehicle-mounted terminal for establishing connection between the vehicle-mounted terminal and an external network.
In the method steps disclosed in the above embodiments, the method steps are expressed as a series of action combinations for simplicity of description, but those skilled in the art should understand that the embodiments are not limited by the described action sequence, because some steps can be performed in other sequences or simultaneously according to the embodiments. Further, those of skill in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the embodiments of the invention.
The architecture diagram of the domain name filtering system shown in fig. 2 specifically includes:
the system comprises a vehicle-mounted terminal DNS request module, a cloud DNS server and a DNS analysis module, wherein the vehicle-mounted terminal DNS request module is used for sending a DNS analysis request to the cloud DNS server when the vehicle-mounted terminal accesses an external network;
the cloud DNS server matching and filtering module is used for receiving a domain name resolution request from the vehicle-mounted terminal, and matching and filtering the domain name resolution request according to a domain name white list preset by the cloud DNS server matching and filtering module;
the IP address analyzing and sending module is used for sending the matched and filtered IP address to the vehicle-mounted terminal;
preferably, the system further comprises a vehicle-mounted terminal network access module, wherein the vehicle-mounted terminal network access module is used for receiving the matched and filtered IP address sent by the cloud DNS server analysis module and establishing connection with an external network.
It should be noted that, although the system only discloses the vehicle-mounted terminal DNS request module, the cloud DNS server matching and filtering module, the IP address resolution sending module, and the vehicle-mounted terminal network access module, the composition of the system is not limited to the above basic function module, but rather, the present invention is to be expressed as: on the basis of the basic functional modules, a person skilled in the art can combine the prior art to add one or more functional modules arbitrarily to form an infinite number of embodiments or technical solutions, that is, the present system is open rather than closed, and the protection scope of the present invention claims should not be considered to be limited to the disclosed basic functional modules because the present embodiment discloses only individual basic functional modules. Meanwhile, for convenience of description, the above devices are described as being divided into various units and modules by functions, respectively. Of course, the functions of the units and modules may be implemented in one or more software and/or hardware when implementing the invention.
The above-described embodiments of the apparatus are merely schematic, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
As shown in the schematic diagram of the firewall filtering of the vehicle-mounted terminal in the prior art in fig 3,
the steps and principles of the vehicle-mounted terminal attempting to access the external network can be summarized as follows:
step 1, a terminal tries to access an external network, sends a DNS request containing a domain name to be accessed to a DNS server, expects the DNS server to return an ip address resolved by the domain name for subsequent access of the external network, but a data packet needs to be filtered by a firewall before being successfully sent;
step 2, the firewall matches the domain name in the data packet with a configured 'domain name white list', if the access domain name is in the 'white list', the access domain name is released, otherwise, the access domain name is discarded;
step 3, the DNS request packet successfully filtered by the firewall is received and analyzed by the DNS server;
step 4, the DNS server returns the IP address resolved by the domain name to the terminal;
and 5, the terminal directly accesses the external network through the analyzed IP.
As can be seen from the above steps, the DNS request sent by the vehicle-mounted terminal needs to pass through two "gates" of step 2 and step 3 to be successfully resolved into ip, and step 2 is likely to become a performance bottleneck of the entire link.
Based on the analysis, the invention proposes to combine the step 2 and the step 3, namely, the cloud server simultaneously completes the functions of DNS analysis and domain name filtering, thereby breaking through the performance bottleneck of the terminal firewall, and solving the problem that each terminal independently maintains a domain name white list through the cloud centralized deployment.
As shown in fig. 4, in one possible embodiment of the present invention, a private DNS server is provided in this embodiment, and only the corresponding relationship between the domain name and the IP address in the white list is stored in the private DNS server, and the domain name that is not in the white list fails to be resolved because the corresponding IP address cannot be found. Meanwhile, in the embodiment, all the vehicle-mounted terminals can only send DNS resolution requests to the private DNS server, but cannot request domain name resolution through other ways, so that the way of domain name resolution is ensured to be unique.
The domain name filtering method of the embodiment comprises the following steps:
step 1: the vehicle-mounted terminal tries to access an external network, sends a DNS request containing a domain name to be accessed to a DNS server, and expects the DNS server to return an IP address resolved by the domain name for subsequent access of the external network;
and 2, step: the DNS server receives and analyzes a DNS request sent by the vehicle-mounted terminal;
and 3, step 3: if the DNS request is successfully analyzed, the DNS server returns ip analyzed by the domain name to the vehicle-mounted terminal, and if the analysis is failed, an analysis failure result is returned;
and 4, step 4: if the vehicle-mounted terminal successfully receives the IP address resolved by the domain name, the external network is directly accessed through the IP address, and if the result of failed resolution is received, the external network cannot be accessed.
According to the steps, the scheme can realize the domain name filtering function, meanwhile, the step of filtering a local firewall of the vehicle-mounted terminal is omitted, and the problem of performance bottleneck caused by low efficiency of a firewall matching algorithm is avoided. Meanwhile, the scheme realizes the centralized deployment and real-time updating of the 'white list' in a mode of deploying the 'domain name white list' in the cloud server, and solves the problem that the 'white list' file is difficult to update and maintain by the vehicle-mounted terminal.
As shown in fig. 5, the present invention also discloses an electronic device and a storage medium corresponding to the domain name filtering method and system:
an electronic device, comprising: the system comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus; the memory has stored therein a computer program which, when executed by the processor, causes the processor to perform the steps of the domain name filtering method.
A computer-readable storage medium storing a computer program executable by an electronic device, which when run on the electronic device causes the electronic device to perform the steps of a domain name filtering method.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this is not intended to represent only one bus or type of bus.
The electronic device includes a hardware layer, an operating system layer running on top of the hardware layer, and an application layer running on top of the operating system. The hardware layer includes hardware such as a Central Processing Unit (CPU), a Memory Management Unit (MMU), and a Memory. The operating system may be any one or more computer operating systems that implement control of an electronic device through a Process (Process), such as a Linux operating system, a Unix operating system, an Android operating system, an iOS operating system, or a windows operating system. In the embodiment of the present invention, the electronic device may be a handheld device such as a smart phone and a tablet computer, or an electronic device such as a desktop computer and a portable computer, which is not particularly limited in the embodiment of the present invention.
The execution main body of the electronic device control in the embodiment of the present invention may be the electronic device, or a functional module capable of calling a program and executing the program in the electronic device. The electronic device may acquire the firmware corresponding to the storage medium, the firmware corresponding to the storage medium is provided by a vendor, and the firmware corresponding to different storage media may be the same or different, which is not limited herein. After the electronic device acquires the firmware corresponding to the storage medium, the firmware corresponding to the storage medium may be written into the storage medium, specifically, the firmware corresponding to the storage medium is burned into the storage medium. The process of burning the firmware into the storage medium can be realized by adopting the prior art, and details are not described in the embodiment of the present invention.
The electronic device may further acquire a reset command corresponding to the storage medium, where the reset command corresponding to the storage medium is provided by a vendor, and the reset commands corresponding to different storage media may be the same or different, which is not limited herein.
At this time, the storage medium of the electronic device is a storage medium in which the corresponding firmware is written, and the electronic device may respond to the reset command corresponding to the storage medium in which the corresponding firmware is written, so that the electronic device resets the storage medium in which the corresponding firmware is written according to the reset command corresponding to the storage medium. The process of resetting the storage medium according to the reset command may be implemented in the prior art, and is not described in detail in the embodiment of the present invention.
The invention also discloses a cloud server, specifically a private DNS server, wherein a domain name white list is preset in the cloud server, a corresponding relation between a domain name and an IP address is stored in the domain name white list, when a vehicle-mounted terminal sends a DNS resolution request to the cloud server, the cloud server processes the DNS resolution request of the vehicle-mounted terminal according to the corresponding relation between the domain name and the IP address in the domain name white list, and returns the IP address corresponding to the DNS resolution request in the domain name white list, and the cloud server further comprises:
the electronic equipment is used for realizing the domain name filtering method;
a processor that executes a program, the step of performing a domain name filtering method from data output from the electronic device when the program is executed;
a storage medium for storing a program which, when executed, performs the steps of the domain name filtering method on data output from an electronic device.
According to the method and the system, the private DNS server is built at the cloud, the domain name white list is set in the private DNS server, the DNS analysis request sent by the vehicle-mounted terminal is matched and filtered according to the domain name white list, and the vehicle-mounted terminal is ensured to be only capable of accessing the safe website on the domain name white list when accessing the external network. According to the invention, the private DNS server is used as the only exit of the vehicle-mounted terminal for accessing the external network in a mode of only allowing the vehicle-mounted terminal to analyze the domain name through the private DNS server, so that the function of 'checkpoint' same as that of a local firewall of the vehicle-mounted terminal is achieved, the vehicle-mounted terminal can only establish connection with a safe website, and the network security of the vehicle-mounted terminal is ensured.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
It should be noted that certain terms are used throughout the description and following claims to refer to particular components. As one skilled in the art will appreciate, vehicle manufacturers may refer to a component by different names. The present specification and claims do not intend to distinguish between components that differ in name but not function. In the following description and in the claims, the terms "include" and "comprise" are used in an open-ended fashion, and thus should be interpreted to mean "include, but not limited to. The following description is of the preferred embodiment for carrying out the invention and is made in the light of the generic principles of the description rather than the limitations on the scope of the invention. The scope of the present invention is defined by the appended claims.
From the above description of the embodiments, it is clear to those skilled in the art that the present invention can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present invention may be embodied in the form of software products, which may be stored in a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and include instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
The invention is operational with numerous general purpose or special purpose computing system environments or configurations, such as: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
The invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
In the description herein, references to the description of "one embodiment," "an example," "a specific example," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
In addition, the technical solutions in the embodiments of the present invention may be combined with each other, but it must be based on the realization of the technical solutions by those skilled in the art, and when the technical solutions are contradictory to each other or cannot be realized, such a combination of the technical solutions should not be considered to exist, and is not within the protection scope of the present invention.
In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention or a part thereof which substantially contributes to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk, and various media capable of storing program codes. It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A domain name filtering method is characterized by comprising the following steps:
the vehicle-mounted terminal sends a DNS request for accessing an external network domain name to a cloud DNS server;
the method comprises the steps that a cloud DNS server receives a domain name resolution request from a vehicle-mounted terminal;
the cloud DNS server matches and filters the domain name resolution request according to a domain name white list preset by the cloud DNS server;
the cloud DNS server analyzes the DNS request in the domain name white list;
the cloud DNS server sends an IP address corresponding to the DNS request to the vehicle-mounted terminal;
and the vehicle-mounted terminal receives the IP address and establishes connection with an external network.
2. The domain name filtering method according to claim 1, wherein the vehicle-mounted terminal sends a DNS request for accessing an external network domain name to a cloud DNS server, specifically: and the DNS request comprises an external network address to be accessed by the vehicle-mounted terminal.
3. The domain name filtering method according to claim 1, wherein the cloud DNS server resolves the DNS request in the domain name white list, specifically: if the DNS request is successfully analyzed, the DNS server returns an IP address obtained by analyzing the domain name to the vehicle-mounted terminal; and if the analysis fails, returning an analysis failure result.
4. The domain name filtering method according to claim 1, wherein the domain name white list is centrally deployed in a cloud DNS server and updated in real time.
5. A domain name filtering method is characterized by specifically comprising the following steps:
the method comprises the steps that a cloud DNS server receives a domain name resolution request from a vehicle-mounted terminal;
the cloud DNS server matches and filters the domain name resolution request of the vehicle-mounted terminal according to a preset domain name white list;
the cloud DNS server analyzes the DNS request in the domain name white list;
and the cloud DNS server sends the IP address corresponding to the DNS request to the vehicle-mounted terminal, and the IP address is used for establishing connection between the vehicle-mounted terminal and an external network.
6. A domain name filtering system is characterized by specifically comprising:
the system comprises a vehicle-mounted terminal DNS request module, a cloud DNS server and a DNS analysis module, wherein the vehicle-mounted terminal DNS request module is used for sending a DNS analysis request to the cloud DNS server when a vehicle-mounted terminal accesses an external network;
the cloud DNS server matching and filtering module is used for receiving a domain name resolution request from a vehicle-mounted terminal, and matching and filtering the domain name resolution request according to a domain name white list preset by the cloud DNS server matching and filtering module;
and the IP address analyzing and sending module is used for sending the matched and filtered IP address to the vehicle-mounted terminal.
7. The domain name filtering system according to claim 6, further comprising a vehicle terminal network access module, configured to receive the matched and filtered IP address sent by the cloud DNS server resolution module, and establish a connection with an external network.
8. An electronic device, comprising: the system comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory complete mutual communication through the communication bus; the memory has stored therein a computer program which, when executed by the processor, causes the processor to carry out the steps of the method of any one of claims 1 to 5.
9. A computer-readable storage medium, characterized in that it stores a computer program executable by an electronic device, which, when run on the electronic device, causes the electronic device to perform the steps of the method of any one of claims 1 to 5.
10. The cloud server is characterized by being a private DNS server, wherein a domain name white list is preset in the cloud server, the domain name white list stores a corresponding relation between a domain name and an IP address, when a vehicle-mounted terminal sends a DNS resolution request to the cloud server, the cloud server processes the DNS resolution request of the vehicle-mounted terminal according to the corresponding relation between the domain name and the IP address in the domain name white list, and returns the IP address corresponding to the DNS resolution request in the domain name white list, and the cloud server further comprises:
the electronic equipment is used for realizing the domain name filtering method;
a processor running a program, the data output from the electronic device when the program is running performing the steps of the domain name filtering method of any one of claims 1 to 5;
storage medium for storing a program which, when executed, performs the steps of the domain name filtering method of any one of claims 1 to 5 on data output from an electronic device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210882617.5A CN115314465A (en) | 2022-07-26 | 2022-07-26 | Domain name filtering method, filtering system and private DNS server thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210882617.5A CN115314465A (en) | 2022-07-26 | 2022-07-26 | Domain name filtering method, filtering system and private DNS server thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115314465A true CN115314465A (en) | 2022-11-08 |
Family
ID=83858054
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210882617.5A Pending CN115314465A (en) | 2022-07-26 | 2022-07-26 | Domain name filtering method, filtering system and private DNS server thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115314465A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105391811A (en) * | 2014-08-29 | 2016-03-09 | 腾讯科技(深圳)有限公司 | DNS (domain name resolution) method, access method for application server, and terminal |
| WO2018113594A1 (en) * | 2016-12-20 | 2018-06-28 | 腾讯科技(深圳)有限公司 | Method and device for defending dns attack and storage medium |
| CN110830458A (en) * | 2019-10-25 | 2020-02-21 | 云深互联(北京)科技有限公司 | Domain name access method, system and equipment |
| CN111405079A (en) * | 2020-03-06 | 2020-07-10 | 深圳市宝能投资集团有限公司 | Domain name resolution method and device, storage medium and electronic equipment |
| CN113783975A (en) * | 2021-09-24 | 2021-12-10 | 中国第一汽车股份有限公司 | Request management method, device, medium and equipment based on local DNS (Domain name Server) |
-
2022
- 2022-07-26 CN CN202210882617.5A patent/CN115314465A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105391811A (en) * | 2014-08-29 | 2016-03-09 | 腾讯科技(深圳)有限公司 | DNS (domain name resolution) method, access method for application server, and terminal |
| WO2018113594A1 (en) * | 2016-12-20 | 2018-06-28 | 腾讯科技(深圳)有限公司 | Method and device for defending dns attack and storage medium |
| CN110830458A (en) * | 2019-10-25 | 2020-02-21 | 云深互联(北京)科技有限公司 | Domain name access method, system and equipment |
| CN111405079A (en) * | 2020-03-06 | 2020-07-10 | 深圳市宝能投资集团有限公司 | Domain name resolution method and device, storage medium and electronic equipment |
| CN113783975A (en) * | 2021-09-24 | 2021-12-10 | 中国第一汽车股份有限公司 | Request management method, device, medium and equipment based on local DNS (Domain name Server) |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109842694B (en) | Method for synchronizing MAC addresses, network equipment and computer readable storage medium | |
| CN112765271A (en) | Block chain transaction index storage method and device, computer equipment and medium | |
| CN106713493B (en) | System and method for constructing distributed file in computer cluster environment | |
| CN111045834A (en) | Method, device and storage medium for accessing USB storage device under cloud desktop | |
| CN111585805B (en) | Smooth release upgrading method and device, computer system and readable storage medium | |
| CN112799688A (en) | Method and device for installing software package in container application, computer equipment and medium | |
| CN111585801A (en) | ZigBee device upgrading method and related device | |
| CN113542292A (en) | Intranet safety protection method and system based on DNS and IP credit data | |
| CN106227541A (en) | A kind of program updates download process method and mobile terminal | |
| CN116506427A (en) | Certificate list downloading method and device, vehicle-mounted equipment and storage medium | |
| CN115314465A (en) | Domain name filtering method, filtering system and private DNS server thereof | |
| CN112286559A (en) | Upgrading method and device for vehicle-mounted intelligent terminal | |
| CN109408471B (en) | Compressed packet decompression method and device based on matching tree and storage medium | |
| CN110809004A (en) | Safety protection method and device, electronic equipment and storage medium | |
| CN111654398B (en) | Configuration updating method and device, computer equipment and readable storage medium | |
| CN108040124B (en) | Method and device for controlling mobile terminal application based on DNS-Over-HTTP protocol | |
| CN112181930B (en) | File management method and device for virtual switching matrix | |
| CN114244555A (en) | Method for adjusting security policy | |
| CN113590184A (en) | Configuration processing method, network equipment and storage medium | |
| CN112947337A (en) | Configuration synchronization method and device and electronic equipment | |
| US20190253913A1 (en) | System and method for managing filtering rules from a remote server | |
| CN112000354A (en) | Version information updating method, version information updating device, version information updating equipment and storage medium | |
| CN113468188A (en) | SELinux policy base updating method and device | |
| CN108763922A (en) | Authority detection method and device, electronic equipment and medium | |
| CN112615918B (en) | Network management system and information synchronization method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |