CN116389404B

CN116389404B - Domain name resolution method, device and equipment

Info

Publication number: CN116389404B
Application number: CN202310660302.0A
Authority: CN
Inventors: 张晓军; 刘志辉; 梁卓
Original assignee: Alibaba Cloud Computing Ltd
Current assignee: Alibaba Cloud Computing Ltd
Priority date: 2023-06-06
Filing date: 2023-06-06
Publication date: 2023-08-29
Anticipated expiration: 2043-06-06
Also published as: CN116389404A

Abstract

The embodiment of the application provides a domain name resolution method, a device and equipment, which are used for a target Domain Name System (DNS) resolution server, wherein the method comprises the following steps: receiving an access request sent by terminal equipment, wherein the access request comprises a target domain name; according to the access request, acquiring a target domain name file configured by a management and control platform, wherein the management and control platform is used for configuring domain name files for at least two types of DNS resolution servers; and determining a target network address corresponding to the target domain name according to the target domain name file, and sending the target network address to the terminal equipment. The resolution accuracy of the DNS resolution server is improved.

Description

Domain name resolution method, device and equipment

Technical Field

The present application relates to the field of communications technologies, and in particular, to a domain name resolution method, device, and equipment.

Background

In actual operation, an enterprise may have a plurality of applications, and the plurality of applications may be respectively set on application servers provided by different cloud service providers according to requirements. Each application may have a corresponding domain name and domain name system (Domain Name System, DNS) resolution server. For example, the application may be a website or the like.

In the related art, different domain name files may be configured for different DNS resolution servers, so that the DNS resolution servers may determine, according to the domain name, a network address corresponding to the domain name in the domain name file. However, in the above process, different domain name files are generally required to be configured for DNS resolution servers of corresponding types on platforms of different cloud service providers, which results in poor resolution accuracy of the DNS resolution servers.

Disclosure of Invention

The application provides a domain name resolution method, a domain name resolution device and domain name resolution equipment, which are used for improving resolution accuracy of a DNS resolution server.

In a first aspect, the present application provides a domain name resolution method, applied to a target DNS resolution server, the method including:

receiving an access request sent by terminal equipment, wherein the access request comprises a target domain name;

according to the access request, acquiring a target domain name file configured by a management and control platform, wherein the management and control platform is used for configuring domain name files for at least two types of DNS resolution servers;

and determining a target network address corresponding to the target domain name according to the target domain name file, and sending the target network address to the terminal equipment.

In one possible embodiment, the at least two types of DNS resolution servers include:

DNS resolution servers provided by at least two cloud service providers; or alternatively, the process may be performed,

DNS analysis servers corresponding to at least two cloud service modes; or alternatively, the process may be performed,

a local DNS resolution server and a remote DNS resolution server.

In a possible embodiment, determining, according to the target domain name file, a target network address corresponding to the target domain name includes:

Determining the network type of the network where the target DNS analysis server is located, wherein the network type is an extranet type or an intranet type;

and determining the target network address according to the network type, the target domain name file and the target domain name.

In a possible embodiment, the network type is the external network type, and determining the target network address according to the network type, the target domain name file, and the target domain name includes:

requesting Global Traffic Management (GTM) to acquire the target network address corresponding to the target domain name;

and if the target network address corresponding to the target domain name does not exist in the GTM, determining the target network address according to the target domain name file and the target domain name.

In a possible embodiment, the requesting to obtain the target network address corresponding to the target domain name from a GTM includes:

sending a domain name request to the GTM, wherein the domain name request comprises the target domain name;

receiving the target network address sent by the GTM;

and if a plurality of network addresses corresponding to the target domain name exist in the GTM, determining the target network address in the plurality of network addresses, wherein the cloud server corresponding to the target network address is closest to the terminal equipment.

In a possible embodiment, the network type is the intranet type; determining the target network address according to the network type, the target domain name file and the target domain name, including:

determining at least one network address to be selected corresponding to the target domain name in the target domain name file;

if the number of the network addresses to be selected is 1, determining the network addresses to be selected as the target network addresses;

if the number of the network addresses to be selected is greater than 1, determining the distance between the external network server corresponding to each network address to be selected and the terminal equipment, and determining the network address to be selected corresponding to the external network server closest to the terminal equipment as the target network address.

In a possible embodiment, the access request further includes a source network address of the terminal device; for any one network address to be selected, determining a distance between an external network server corresponding to the network address to be selected and the terminal device includes:

determining a first position of the terminal equipment according to the source network address;

determining a second position of an external network server corresponding to the network address to be selected;

And determining the distance between the external network server corresponding to the network address to be selected and the terminal equipment according to the first position and the second position of the external network server corresponding to the network address to be selected.

In a possible embodiment, determining at least one network address to be selected corresponding to the target domain name in the target domain name file includes:

performing verification processing on the access request to obtain a verification result;

and when the verification result is that verification passes, determining at least one network address to be selected corresponding to the target domain name in the target domain name file.

In a possible embodiment, the access request further includes a source network address of the terminal device; performing verification processing on the access request to obtain a verification result, including:

determining whether the target domain name is an accessible domain name;

if yes, when the source network address is a non-forbidden address, determining that the verification result is that the verification is passed; when the source network address is a forbidden address, determining that the verification result is verification failure;

if not, determining that the verification result is that the verification is not passed.

In a possible embodiment, before the obtaining, according to the access request, the target domain name file configured by the management and control platform, the method further includes:

receiving the target domain name file sent by the management and control platform;

and storing the target domain name file.

receiving domain name updating information sent by the management and control platform, wherein the domain name updating information comprises at least one updated domain name and an updated network address;

and updating the current domain name file in the target DNS resolution server according to the domain name updating information to obtain the target domain name file.

In a second aspect, the present application provides a domain name resolution device, applied to a target DNS resolution server, the device comprising: the device comprises a first receiving module, an acquiring module, a determining module and a transmitting module, wherein,

the first receiving module is used for receiving an access request sent by the terminal equipment, wherein the access request comprises a target domain name;

the acquisition module is used for acquiring a target domain name file configured by a management and control platform according to the access request, wherein the management and control platform is used for configuring domain name files for at least two types of DNS resolution servers;

The determining module is used for determining a target network address corresponding to the target domain name according to the target domain name file;

the sending module is used for sending the target network address to the terminal equipment.

a local DNS resolution server and a remote DNS resolution server.

In a possible embodiment, the determining module is specifically configured to:

In a possible embodiment, the network type is the external network type, and the determining module is specifically configured to:

In a possible embodiment, the determining module is specifically configured to:

receiving the target network address sent by the GTM;

In a possible embodiment, the network type is the intranet type; the determining module is specifically configured to:

In a possible embodiment, the access request further includes a source network address of the terminal device; the determining module is specifically configured to:

In a possible embodiment, the determining module is specifically configured to:

determining whether the target domain name is an accessible domain name;

In a possible embodiment, the apparatus further comprises a second receiving module and a storage module:

The second receiving module is used for receiving the target domain name file sent by the management and control platform;

the storage module is used for storing the target domain name file.

In a possible embodiment, the second receiving module is further configured to:

in a possible embodiment, the apparatus further includes an update module, where the update module is configured to:

In a third aspect, an embodiment of the present application provides a DNS resolution server, including: a memory and a processor;

the memory stores computer-executable instructions;

the processor executing computer-executable instructions stored in the memory, causing the processor to perform the domain name resolution method of any of the first aspects.

In a fourth aspect, embodiments of the present application provide a computer-readable storage medium having stored therein computer-executable instructions for implementing the domain name resolution method of any one of the first aspects when the computer-executable instructions are executed by a processor.

In a fifth aspect, an embodiment of the present application provides a computer program product comprising a computer program which, when executed by a processor, implements the domain name resolution method of any of the first aspects.

The application provides a domain name resolution method, a device and equipment, wherein a target DNS resolution server can receive an access request sent by terminal equipment and acquire a target domain name file configured by a management and control platform according to the access request. The target DNS resolution server may determine, according to the target domain name file, a target network address corresponding to the target domain name, and send the target network address to the terminal device. Because the domain name file can be configured to at least two types of DNS resolution servers through one management and control platform, and the DNS resolution service self-consistent with the cloud environment can be integrated in the management and control platform, the domain name resolution capability of the DNS resolution servers in different cloud environments can be unified, and the resolution accuracy of the DNS resolution servers is improved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:

Fig. 1 is a schematic diagram of an application scenario provided in an exemplary embodiment of the present application;

fig. 2 is a flow chart of a domain name resolution method according to an exemplary embodiment of the present application;

FIG. 3 is a flow chart of another domain name resolution method according to an exemplary embodiment of the present application;

fig. 4 is a process schematic diagram of a domain name resolution method according to an exemplary embodiment of the present application;

FIG. 5 is a flow chart of yet another domain name resolution method according to an exemplary embodiment of the present application;

fig. 6A is a schematic diagram of a process of domain name resolution of accessing a public network by an intranet terminal device according to an exemplary embodiment of the present application;

fig. 6B is a schematic diagram two of a process of domain name resolution of accessing a public network by an intranet terminal device according to an exemplary embodiment of the present application;

fig. 7A is a schematic diagram of a process of domain name resolution in an IDC intranet according to an exemplary embodiment of the present application;

fig. 7B is a schematic diagram of a process of domain name resolution in a proprietary cloud intranet according to an exemplary embodiment of the present application;

fig. 7C is a schematic diagram illustrating a domain name resolution process in a VPC intranet according to an exemplary embodiment of the present application;

FIG. 8 is a schematic domain name resolution of access requests in different VPCs according to an example embodiment of the present application;

Fig. 9 is a schematic diagram of a process for configuring a domain name file according to an exemplary embodiment of the present application;

fig. 10 is a schematic structural diagram of a domain name resolution device according to an exemplary embodiment of the present application;

fig. 11 is a schematic structural diagram of another domain name resolution device according to an exemplary embodiment of the present application;

fig. 12 is a schematic structural diagram of a DNS resolution server according to an exemplary embodiment of the present application.

Detailed Description

It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or fully authorized by each party, and the collection, use and processing of the related data need to comply with related laws and regulations and standards, and provide corresponding operation entries for the user to select authorization or rejection.

In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments of the present application and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

Fig. 1 is a schematic diagram of an application scenario provided in an exemplary embodiment of the present application. As shown in fig. 1, includes a terminal device and a DNS resolution server. The terminal device and the DNS resolution server may communicate with each other via a network.

The DNS resolution server may include network addresses corresponding to a plurality of domain names. For example, the DNS resolution server may include a network address 1 corresponding to a domain name 1, network addresses 2 and … … corresponding to a domain name 2, and a network address n corresponding to a domain name n (n is an integer greater than or equal to 1).

The terminal device may send an access request to the DNS resolution server, where the access request may include the target domain name. After receiving the access request, the DNS resolution server may determine a corresponding target network address according to the target domain name in the access request, and send the target network address to the terminal device. For example, if the destination domain name included in the access request is a domain name 1, the DNS resolution server may determine that the destination network address is a network address 1 according to the domain name 1, and send the network address 1 to the terminal device.

In the embodiment of the application, the domain name files can be uniformly configured to at least two types of DNS resolution servers in time through one management and control platform, so that different types of DNS resolution servers can acquire accurate domain name files in time, and the accurate domain name files are used for domain name resolution, so that the resolution accuracy of the DNS resolution servers is improved.

The technical scheme shown in the application is described in detail by specific examples. It should be noted that the following embodiments may exist alone or in combination with each other, and for the same or similar content, the description will not be repeated in different embodiments.

Fig. 2 is a flow chart of a domain name resolution method according to an exemplary embodiment of the present application. Referring to fig. 2, the method may include:

s201, receiving an access request sent by the terminal equipment.

The execution subject of the embodiment of the application can be a target DNS resolution server or a domain name resolution device arranged in the target DNS resolution server. The domain name resolution means may be implemented by software or by a combination of software and hardware. The domain name resolution device may be a processor in the target DNS resolution server. For ease of understanding, description will be made hereinafter taking the execution subject as an example of the target DNS resolution server.

The terminal device may be a terminal device located in an external network, or may be a terminal device located in an enterprise intranet. The external network can be a network provided by a communication operator and a public cloud network provided by a cloud service provider; the intranet may be a local area network used by an enterprise, a virtual private cloud (Virtual Private Cloud, VPC), a proprietary cloud network, a self-built internet data center (Internet Data Center, IDC) network, or the like.

The access request may include a target domain name. For example, the target domain name may be 123.Com, and then 123.Com may be included in the access request.

Optionally, the terminal device may go through a load balancing (Server Load Balancer, SLB) server and/or DNS forwarding server in the process of sending the access request to the target DNS resolution server.

In an alternative embodiment, the terminal device may send an access request to a corresponding SLB server, and the SLB server may determine a target DNS forwarding server from the multiple DNS forwarding servers according to the load balancing policy, and send the access request to the target DNS forwarding server. If the target DNS forwarding server does not have the network address corresponding to the target domain name, the target DNS forwarding server can determine the target DNS resolving server from the multiple DNS resolving servers according to the forwarding strategy, and send an access request to the target DNS resolving server, so that the target DNS resolving server can receive the access request sent by the terminal equipment.

Alternatively, a plurality of DNS resolution servers that resolve the same domain name may be divided into one DNS resolution server cluster. The DNS forwarding server may determine a target DNS resolution server in the DNS resolution server cluster according to the forwarding policy. For example, the DNS forwarding server determines the number of access requests sent to each DNS resolution server in the DNS resolution server cluster, and determines the DNS resolution server that receives fewer access requests as the target DNS resolution server.

For example, if DNS resolution server cluster 1 includes 3 DNS resolution servers, DNS resolution server 1, DNS resolution server 2, and DNS resolution server 3 are respectively. If the terminal device sends the access request 1 to the SLB server and the DNS forwarding server, the DNS forwarding server may determine, among the 3 DNS resolution servers, the DNS resolution server that receives less access requests as the target DNS resolution server. Assuming that the target DNS resolution server is DNS resolution server 2, the DNS forwarding server may send an access request 1 to DNS resolution server 2, and DNS resolution server 2 may receive access request 1, where access request 1 may include 123.Com.

S202, acquiring a target domain name file configured by the management and control platform according to the access request.

The management and control platform may be used to configure domain name files for at least two types of DNS resolution servers.

Optionally, the at least two types of DNS resolution servers may include: DNS resolution servers provided by at least two cloud service providers; or DNS resolution servers corresponding to at least two cloud service modes; alternatively, a local DNS resolution server and a remote DNS resolution server.

The DNS resolution servers provided by the at least two cloud service providers may include DNS resolution servers provided by the cloud service provider, DNS resolution servers corresponding to the enterprise self-built IDC, and the like.

The DNS resolution servers corresponding to the at least two cloud service modes may be DNS resolution servers corresponding to public cloud, DNS resolution servers corresponding to VPC, and the like.

The public cloud is a cloud service provided by a cloud service provider. An enterprise may lease an application server in the public cloud, deploy an application on the application server in the public cloud, and use a DNS resolution server in the public cloud.

VPC is a private cloud that exists in public clouds. An enterprise may lease application servers in a VPC service provided by a VPC service provider, deploy applications on application servers in the VPC, and use DNS resolution servers in the VPC.

The local DNS resolution server may be a DNS resolution server in an enterprise self-built IDC.

The remote DNS resolution server may be a DNS resolution server in a proprietary cloud built by the enterprise.

The proprietary cloud may be enterprise self-built, and may include a plurality of application servers therein, where the enterprise may deploy applications on the application servers in the proprietary cloud, using DNS resolution servers in the proprietary cloud.

Optionally, the enterprise may set different applications in different cloud environments according to application requirements, so that one or more DNS resolution servers are arbitrarily selected from the local DNS resolution servers and the remote DNS resolution servers provided by different cloud service providers and corresponding to different cloud service modes, and a corresponding domain name file is configured for the one or more DNS resolution servers through a management and control platform.

For example, if the enterprise sets the application 1 in an application server in the public cloud 1 provided by the cloud service provider 1, the enterprise may lease the DNS resolution server 1 provided by the cloud service provider 1, where the DNS resolution server 1 is configured to provide DNS resolution services for the application server in the public cloud 1; if the enterprise can set the application 2 in the application server provided by the cloud server provider 2, the enterprise can rent the DNS resolution server 2 provided by the cloud server provider 2, and the DNS resolution server 2 can be used for providing DNS resolution services for the application servers in the public cloud 2; if the enterprise sets the application 3 in an application server of the self-built IDC, the enterprise may have its own remote DNS resolution server 3, and the remote DNS resolution server 3 may be used to provide DNS resolution services for the application server of the self-built IDC. Because the enterprise has 3 applications and corresponds to 3 DNS resolution servers, the enterprise can manage the 3 DNS resolution servers in a management and control platform, and configure corresponding domain name files for the 3 DNS resolution servers through the management and control platform.

For any one DNS resolution server, at least one domain name file may be configured in the DNS resolution server. In the at least one domain name file, one domain name may correspond to at least one domain name file. For example, if domain name 1 is 123.Com, the DNS resolution server may include domain name 1 and may have a corresponding domain name file 1.

For example, if the enterprise a has 2 DNS resolution servers, which are DNS resolution server 1 and DNS resolution server 2, respectively, in the management and control platform, domain name file 1 corresponding to domain name 1 may be configured for DNS resolution server 1; the DNS resolution server 2 may be configured with a domain name file 2 corresponding to the domain name 2 and a domain name file 3 corresponding to the domain name 3.

Optionally, the target DNS resolution server may obtain, according to the target domain name in the access request, a target domain name file corresponding to the target domain name. For example, if the target DNS resolution server is configured with the domain name file 1 corresponding to the domain name 1, and if the access request includes the domain name 1, the target DNS resolution server may determine the domain name file 1 corresponding to the domain name 1 according to the domain name 1 in the access request.

S203, determining a target network address corresponding to the target domain name according to the target domain name file, and sending the target network address to the terminal equipment.

In an alternative embodiment, the target network address corresponding to the target domain name may be determined according to the target domain name file by: determining the network type of the network where the target DNS resolution server is located; and determining the target network address according to the network type, the target domain name file and the target domain name.

Alternatively, the network type may be an extranet type or an intranet type.

Alternatively, the target DNS resolution server and the terminal device may be in the same network. The network where the target DNS resolution server is located may be a network where the terminal device is located.

DNS analysis software can be installed in the target DNS analysis server, and a target network address corresponding to the target domain name can be determined through the DNS analysis software.

Optionally, DNS resolution software may be modified to accommodate different network types, and provide DNS resolution services that are compatible with the network environment.

When the network type is an external network type, the target DNS resolution server may install DNS resolution software to provide a cloud resolution DNS service, and may perform domain name resolution on an access request from the external network.

If the network type is intranet type, the target DNS analysis server can install DNS analysis software when the IDC network is intranet type, and privately-owned DNS service is provided for the self-built IDC of the enterprise; if the intranet type is a proprietary cloud network, DNS analysis software can be installed in the target DNS analysis server to provide a proprietary cloud DNS service; if the intranet type is a VPC network, DNS resolution software may be installed in the target DNS resolution server to provide a DNS service (PrivateZone) for the VPC, that is, to provide a DNS resolution service for an application server in the VPC.

It should be noted that, if an application deployed in the IDC network by an enterprise is open to the public, the IDC network may belong to an external network type, and the corresponding target DNS resolution server may provide cloud resolution DNS service for the application server in the IDC; if the application deployed by the enterprise in the IDC network is an internal application, the IDC network may belong to an intranet type only when the internal is opened, and the corresponding target DNS resolution server may provide a privately owned DNS service for the application server in the IDC.

For example, if the target domain name is domain name 1, the corresponding target domain name file is a domain name file, and if the target DNS resolution server is in the external network, the network type is the external network type, the target DNS resolution server may provide the cloud resolution DNS service. The target DNS resolution server may determine, according to the domain name 1 and the domain name file 1, a target network address corresponding to the domain name 1 as the network address 1, and send the network address 1 to the terminal device.

In the embodiment of the application, the target DNS analysis server can receive the access request sent by the terminal equipment and acquire the target domain name file configured by the management and control platform according to the access request. The target DNS resolution server may determine, according to the target domain name file, a target network address corresponding to the target domain name, and send the target network address to the terminal device. Because the domain name file can be uniformly configured to different DNS resolution servers in time through one management and control platform, the DNS resolution servers can acquire accurate domain name files in time, and the accurate domain name files are used for domain name resolution, so that the resolution accuracy of the DNS resolution servers is improved.

When the network types are different, DNS resolution services provided in the target DNS resolution server are different. Next, on the basis of the embodiment shown in fig. 2, a domain name resolution method when the network type is an external network type is described in detail with reference to fig. 3; the domain name resolution method when the network type is the intranet type will be described in detail with reference to fig. 5.

Fig. 3 is a flowchart of another domain name resolution method according to an exemplary embodiment of the present application. Referring to fig. 3, the method may include:

s301, receiving a target domain name file sent by a management and control platform.

Optionally, a worker of the enterprise may log in to the management and control platform in the electronic device, and may configure domain name resolution data corresponding to the domain name and an identifier of at least one DNS resolution server in the management and control platform.

The electronic device can generate a domain name file from the domain name resolution data. The electronic device may send a domain name file to the at least one DNS resolution server according to the identifier of the at least one DNS resolution server, so that the DNS resolution server receives the domain name file sent by the electronic device, that is, the domain name file sent by the management and control platform.

For example, if the target domain name is a domain name 1, and if the corresponding network address is configured as a network address 1 and the record type is a for the domain name 1 in the management and control platform and the corresponding DNS resolution server identifier 1 is configured, the electronic device may generate a domain name file 1 according to the domain name resolution data 1, and the domain name file 1 may include the domain name 1, the network address 1, and the record type a. The electronic device may send the target domain name file, i.e., domain name file 1, to the target DNS resolution server according to DNS resolution server identification 1.

S302, storing a target domain name file.

For example, if the target domain name file is the domain name file 1, after the target DNS resolution server receives the domain name file 1, the domain name file 1 may be stored in the preset storage space.

S303, receiving domain name updating information sent by the management and control platform.

The domain name update information may include at least one updated domain name and an updated network address. For example, if the update domain name is domain name 1, the update network address is network address 2.

Optionally, after the staff member of the enterprise updates the domain name resolution data of the target domain name at the management and control platform, the electronic device may determine domain name update information of the target domain name, and may send the domain name update information to the target DNS resolution server.

For example, if the target domain name is a domain name 1, the domain name 1 is configured with a corresponding DNS resolution server identifier 1, and if a record type a and a network address 2 corresponding to the domain name 1 are newly added in the management and control platform, the electronic device where the management and control platform is located may determine domain name update information 1 of the domain name 1, and may send the domain name update information 1 to the target DNS resolution server according to the DNS resolution server identifier 1, where updating the domain name 1 may include updating the domain name to be the domain name 1, the record type a, and updating the network address to be the network address 2.

S304, updating the current domain name file in the target DNS resolution server according to the domain name updating information to obtain the target domain name file.

Because the target DNS analysis server stores the domain name file corresponding to the target domain name, after the domain name updating information corresponding to the target domain name is obtained, the current domain name file can be updated according to the domain name updating information to obtain the target domain name file.

For example, if the target domain name is a domain name 1, the corresponding domain name file 1 includes a domain name 1, a network address 1, and a record type a, and the domain name update information 1 includes an update domain name 1, a record type a, and an update network address 2, then the domain name 1, the record type a, and the network address 2 may be added to the domain name file 1 according to the domain name update information 1, so as to obtain the target domain name file.

S305, receiving an access request sent by the terminal equipment.

It should be noted that, the execution of step S305 may refer to the execution of step S201, and will not be described herein.

S306, acquiring a target domain name file configured by the management and control platform according to the access request.

It should be noted that, the execution of step S306 may refer to the execution of step S202, and will not be described herein.

S307, determining the network type of the network where the target DNS analysis server is located.

For example, if the network in which the target DNS resolution server is located is an external network, it may be determined that the network type is an external network type.

If the network type is an external network type, DNS analysis software can be installed in the target DNS analysis server to provide cloud analysis DNS service, and domain name analysis is carried out on an access request from the external network. The access purpose of the access request may be an application server in the public cloud or an application server in a self-built IDC with an enterprise open to the outside, and then the target DNS resolution server may be used to provide DNS resolution services for application servers in multiple types of public clouds or application servers in the self-built IDC.

S308, a domain name request is sent to the global traffic management (Global Traffic Manager, GTM).

Optionally, the GTM may have a domain name file sent by the management and control platform. The GTM may perform health checks on application servers in all public clouds. When a fault is found, the GTM can remove the network address corresponding to the fault server from the domain name file; and the decision can be made according to a scheduling strategy, so that the high availability of the application server in the public cloud is ensured.

The domain name request may include a target domain name. For example, if the target domain name is domain name 1, then domain name 1 may be included in the domain name request.

For example, if the target domain name is domain name 1, the target DNS resolution server may send a domain name request 1 to the GTM to request to obtain the target network address corresponding to domain name 1. Domain name 1 may be included in domain name request 1.

S309, if a plurality of network addresses corresponding to the target domain name exist in the GTM, receiving the target network address sent by the GTM.

Optionally, if there are multiple network addresses corresponding to the target domain name in the GTM, the GTM may determine the target network address from the multiple network addresses, where the cloud server corresponding to the target network address is closest to the terminal device.

For example, if the target domain name is domain name 1, and there are 10 network addresses corresponding to domain name 1, network addresses 1, 2, … …, and 10 network addresses, and the 10 network addresses are respectively network addresses of 10 cloud servers, the GTM may determine, as the target network address, the network address corresponding to the cloud server closest to the terminal device from among the 10 network addresses. Assuming that the terminal device is located in the area 1 and the cloud server 2 is also located in the area 1, and the cloud server 2 is closest to the terminal device, the GTM may determine the network address 2 corresponding to the cloud server 2 as a target network address, and send the network address 2 to the target DNS resolution server, so that the target DNS resolution server may receive the target network address sent by the GTM.

And S310, if the target network address corresponding to the target domain name does not exist in the GTM, acquiring the target network address corresponding to the target domain name from the target domain name file according to the target domain name.

For example, if the target domain name is a domain name 1 and the target domain name file is a domain name file 1, the target DNS resolution server may determine that the domain name file 1 is in the preset storage space according to the domain name 1, and if the domain name file 1 includes the domain name 1 and the corresponding network address 1, the target DNS resolution server may determine that the target network address is the network address 1 in the domain name file 1 according to the domain name 1.

S311, the target network address is sent to the terminal equipment.

For example, if the destination network address is network address 1, the destination DNS resolution server may send network address 1 to the terminal device.

Note that, the respective processing steps (S301 to S312) shown in the embodiment of fig. 3 do not constitute a specific limitation to the domain name resolution process. In other embodiments of the present application, the domain name resolution process may include more or fewer steps than the embodiment of fig. 3. For example, the domain name resolution process may include some of the steps in the fig. 3 embodiment, or some of the steps in the fig. 3 embodiment may be replaced by steps having the same function, or some of the steps in the fig. 3 embodiment may be split into multiple steps, or the like.

In the embodiment of the application, the target DNS analysis server can receive the target domain name file sent by the management and control platform and store the target domain name file. The target DNS analysis server can also receive the domain name updating information sent by the management and control platform, and update the current domain name file in the target DNS analysis server according to the domain name updating information to obtain the target domain name file. The target DNS analysis server can receive an access request sent by the terminal equipment and acquire a target domain name file configured by the management and control platform according to the access request. When the network type is an extranet type, the target DNS resolution server may provide cloud resolution DNS services. The target DNS resolution server may send a domain name request to the GTM. If a plurality of network addresses corresponding to the target domain name exist in the GTM, the GTM can determine the target network address corresponding to the target domain name from the plurality of network addresses; if the GTM does not have a plurality of network addresses corresponding to the target domain name, the target network address corresponding to the target domain name may be determined according to the target domain name in the domain name file. Because the domain name file can be configured to at least two types of DNS resolution servers through one management and control platform, and cloud resolution DNS services can be integrated in the management and control platform, the resolution accuracy of the DNS resolution servers is improved.

The domain name resolution method described above will be described in further detail with reference to fig. 4, based on the embodiment shown in fig. 3.

Fig. 4 is a schematic process diagram of a domain name resolution method according to an exemplary embodiment of the present application. Referring to fig. 4, the terminal device, the target DNS resolution server, the GTM, a plurality of public clouds, and the IDC are included. The plurality of public clouds may be public cloud 1 and public cloud 2. There may be multiple application servers in public cloud 1, public cloud 2, and IDC.

Optionally, a cloud resolution DNS service may be provided in the target DNS resolution server, and DNS resolution services are provided for application servers in multiple types of public clouds and application servers of self-built IDC.

Optionally, the target DNS resolution server may be configured with a domain name file 1 sent by the management and control platform.

Alternatively, an enterprise may have applications 1 deployed on 8 application servers in public cloud 1. Application 1 may be provided by an enterprise to the public and application 1 may have a corresponding domain name 1. An enterprise may deploy application 2 in IDC, application 2 may be provided by the enterprise to the public, and application 2 may have a corresponding domain name 2.

In step (1), the terminal device may send an access request to the target DNS resolution server, where the access request may include a domain name 1. The terminal device may be a terminal device located in an external network.

In step (2), the target DNS resolution server may send a domain name request to the GTM, where domain name request 1 may include domain name 1. After the GTM may receive the domain name request, a domain name file 1 corresponding to the domain name 1 may be determined according to the domain name 1, and a target network address corresponding to the domain name 1 may be determined in the domain name file 1. If the GTM determines that the domain name 1 corresponds to 8 network addresses, which are the network addresses of the application server 1-1, the application server 1-2, and the application server … …, and the application server 1-8, if the application server 1-1 is closest to the terminal device, the GTM may determine the network address 1 corresponding to the application server 1-1 as the target network address, and send the network address 1 to the target DNS resolution server through step (3).

If the domain name file 1 corresponding to the domain name 1 does not exist in the GTM, the target DNS resolution server may obtain the domain name file 1 corresponding to the domain name 1 in the preset storage space according to the domain name 1 by using the target DNS resolution server. The network address 1 corresponding to the domain name 1 may be determined according to the domain name 1 in the domain name file 1.

After the destination DNS resolution server determines the network address 1 corresponding to the domain name, the network address 1 may be sent to the terminal device through step (4).

In step (5), after receiving the network address 1, the terminal device sends a service access request to the target server, i.e., the application server 1-1, according to the network address 1 to access the application 1 provided in the application server 1-1.

Likewise, if an enterprise locates an application in IDC or public cloud 2, the application on the application server in IDC or public cloud 2 can be accessed through the above process.

If the enterprise sets the application in IDC and opens the application to the public, the IDC network belongs to the foreign network type, and the target DNS resolution server can provide cloud resolution DNS service to provide DNS resolution service for the application server.

In the technical scheme of the application, the target DNS resolution server can perform domain name resolution on the access request sent by the terminal equipment positioned in the external network, and uniform scheduling is provided. The number of the target DNS resolution servers can be multiple and are located in different areas, and the target DNS resolution servers can have high protection capability of distributed denial of service attack (Distributed denial of service attack, DDoS), so that the security of domain name resolution is improved.

In the embodiment of the application, the target DNS analysis server can receive the target domain name file sent by the management and control platform and store the target domain name file. The target DNS analysis server can also receive the domain name updating information sent by the management and control platform, and update the current domain name file in the target DNS analysis server according to the domain name updating information to obtain the target domain name file. The target DNS analysis server can receive an access request sent by the terminal equipment and acquire a target domain name file configured by the management and control platform according to the access request. When the network type is an extranet type, the target DNS resolution server may provide cloud resolution DNS services. The target DNS resolution server may send a domain name request to the GTM. If a plurality of network addresses corresponding to the target domain name exist in the GTM, the GTM can determine the target network address corresponding to the target domain name from the plurality of network addresses; if the GTM does not have a plurality of network addresses corresponding to the target domain name, the target network address corresponding to the target domain name may be determined according to the target domain name in the domain name file. Because the domain name file can be configured to DNS resolution servers in different public clouds or IDCs through one management and control platform, cloud resolution DNS services can be integrated in the management and control platform, and the resolution accuracy of the DNS resolution servers is improved.

Fig. 5 is a flowchart of another domain name resolution method according to an exemplary embodiment of the present application. Referring to fig. 5, the method may include:

s501, receiving a target domain name file sent by a management and control platform.

S502, storing a target domain name file.

S503, receiving domain name updating information sent by the management and control platform.

S504, updating the current domain name file in the target DNS resolution server according to the domain name updating information to obtain the target domain name file.

S505, receiving an access request sent by the terminal equipment.

S506, acquiring a target domain name file configured by the management and control platform according to the access request.

It should be noted that, the execution process of steps S501 to S506 may refer to the execution process of steps S301 to S306, and will not be described herein.

S507, determining the network type of the network where the target DNS analysis server is located.

For example, if the network in which the target DNS resolution server is located is an intranet, it may be determined that the network type is an intranet type.

According to different intranet types, the target DNS analysis server can provide DNS analysis services adapting to different intranets. The access request sent by the terminal device and received by the target DNS resolution server is from an intranet, and the access purpose can be a server in a VPC, IDC, proprietary cloud or public network.

S508, performing verification processing on the access request to obtain a verification result.

Because the terminal equipment in the intranet may or may not have permission to access the target domain name, the verification process can be performed on the access request sent by the terminal equipment, so as to obtain a verification result.

Optionally, the access request may further include a source network address of the terminal device. For example, the access request may include a source address 1, where the source address 1 may be a network address located in an intranet.

In an alternative embodiment, the access request may be authenticated by: determining whether the target domain name is an accessible domain name; if yes, when the source network address is a non-forbidden address, determining that the verification result is verification passing; when the source network address is a forbidden address, determining that the verification result is verification failure; if not, determining that the verification result is that the verification is not passed.

Optionally, a control access policy may be provided in the DNS resolution server, where the control access policy may include a domain name list. The domain name list may include a plurality of domain names for which access is prohibited or a plurality of domain names for which access is allowed.

If multiple domain names that are allowed to be accessed can be included in the domain name list, the DNS resolution server can determine whether the target domain name exists in the domain name list. If so, determining the target domain name as an accessible domain name; if not, the target domain name may be determined to be an inaccessible domain name.

For example, if the domain name list includes a plurality of domain names that are allowed to be accessed, the domain names are respectively domain name 1, domain name 2 and domain name 3. If the target domain name included in the access request 1 is the domain name 1, the domain name 1 is determined to be the accessible domain name because the domain name list includes the domain name 1; if the access request 2 includes the target domain name as the domain name 4, since the domain name list does not include the domain name 4, it may be determined that the target domain name, i.e., the domain name 4, is an inaccessible domain name.

Alternatively, if the target domain name is an accessible domain name, the target domain name resolver may determine whether the source network address is a non-forbidden address. If the source network address is the forbidden address, determining that the verification result is that the verification fails; if the source network address is a non-forbidden address, the verification result may be determined to be verification passing.

Optionally, the control access policy may include a source address list. The source address list may include non-forbidden addresses or forbidden addresses.

For example, if the terminal device 1 sends an access request 1, the access request 1 includes a domain name 1 and a source address 1, if the domain name 1 is an accessible domain name, the source address list includes a plurality of forbidden addresses, which are respectively a source address 1, a source address 2 and a source address 3, and since the source address list includes the source address 1, the source address 1 can be determined to be the forbidden address, the verification result can be determined to be that the verification fails, and the access request 1 of the terminal device 1 can be rejected; if the terminal device 2 sends the access request 2, and the access request 2 includes the domain name 1 and the source address 4, then since the source address list does not include the source address 4, it can be determined that the source address 4 is a non-forbidden address, and then it can be determined that the verification result is verification passing.

S509, when the verification result is that verification passes, determining at least one network address to be selected corresponding to the target domain name in the target domain name file.

Optionally, the target DNS resolution server may determine, in a preset storage space, a target domain name file corresponding to the target domain name. The target domain name file may include at least one network address to be selected corresponding to the target domain name.

If the number of network addresses to be selected is 1, S510 may be executed; if the number of the network addresses to be selected is greater than 1, S511 may be performed.

For example, if the target domain name is the domain name 1, the target DNS resolution server includes the domain name file 1 corresponding to the domain name 1. If the domain name file 1 includes a network address to be selected corresponding to the domain name 1, S510 may be executed; if the domain name file 1 includes 10 candidate network addresses corresponding to the domain name 1, S511 may be performed.

S510, determining the network address to be selected as a target network address.

If the target domain name is the domain name 1, the target DNS resolution server comprises a domain name file 1 corresponding to the domain name 1. If the domain name file 1 includes a network address 1 as a network address to be selected corresponding to the domain name 1, the network address 1 as the network address to be selected may be determined as the target network address.

S511, determining the distance between the external network server corresponding to each network address to be selected and the terminal equipment, and determining the network address to be selected corresponding to the external network server closest to the terminal equipment as the target network address.

The extranet server may refer to application servers located in IDC, VPC, proprietary cloud and public network.

Optionally, for any one network address to be selected, the distance between the external network server corresponding to the network address to be selected and the terminal device may be determined by: determining a first position of the terminal equipment according to the source network address; determining a second position of an external network server corresponding to the network address to be selected; and determining the distance between the external network server corresponding to the network address to be selected and the terminal equipment according to the first position and the second position of the external network server corresponding to the network address to be selected.

For example, if the source address 1 corresponding to the terminal device is located in the region 1, the first location of the terminal device may be determined to be the region 1. If the external network server corresponding to the network address to be selected is an application server in the private cloud, if there are 10 network addresses to be selected, the application servers in the private cloud corresponding to the 10 network addresses to be selected are respectively an application server 1, an application server 2, an application server … … and an application server 10. Assuming that the application server 1 is located in the region 1, the application servers are located in the regions 2 and … …, and the application server 10 is located in the region 10, it may be determined that the second location of the application server 1 is the region 1, the second location of the application server 2 is the regions 2 and … …, and the second location of the application server 10 is the region 10, it may be determined that the distance between the application server 1 and the terminal device is closest according to the first location of the terminal device and the second location of the application server 1, and it may be determined that the candidate network address 1 corresponding to the application server 1 is the target network address, so that the terminal device may achieve the near access.

S512, the target network address is sent to the terminal equipment.

Note that, the respective processing steps (S501 to S512) shown in the embodiment of fig. 5 do not constitute a specific limitation on the domain name resolution process. In other embodiments of the present application, the domain name resolution process may include more or fewer steps than the embodiment of fig. 5. For example, the domain name resolution process may include some of the steps in the fig. 5 embodiment, or some of the steps in the fig. 5 embodiment may be replaced by steps having the same function, or some of the steps in the fig. 5 embodiment may be split into multiple steps, or the like.

In the embodiment of the application, the target DNS analysis server can receive the target domain name file sent by the management and control platform and store the target domain name file. The target DNS analysis server can also receive the domain name updating information sent by the management and control platform, and update the current domain name file in the target DNS analysis server according to the domain name updating information to obtain the target domain name file. The target DNS analysis server can receive an access request sent by the terminal equipment and acquire a target domain name file configured by the management and control platform according to the access request. The target DNS resolution server may determine the network type of the network in which the target DNS resolution server is located. If the network type is the intranet type, the target DNS analysis server can perform verification processing on the access request to obtain a verification result, and when the verification result is that verification passes, at least one network address to be selected corresponding to the target domain name is determined in the target domain name file. If the number of the network addresses to be selected is 1, the network address to be selected may be determined as the target network address. If the number of the network addresses to be selected is greater than 1, the distance between the external network server corresponding to each network address to be selected and the terminal equipment can be determined, and the network address to be selected corresponding to the external network server with the closest distance between the terminal equipment is determined as the target network address. After the destination DNS resolution server determines the destination network address, the destination network address is sent to the terminal device. Because the domain name file can be configured to different types of DNS resolution servers in time through one management and control platform, the DNS resolution servers can acquire accurate domain name files in time, and the accurate domain name files are used for domain name resolution, so that the resolution accuracy of the DNS resolution servers is improved.

The domain name resolution method described above will be described in further detail with reference to fig. 6A to 6B and fig. 7A to 7C based on the embodiment shown in fig. 5.

Fig. 6A is a schematic diagram of a process of domain name resolution of accessing a public network by an intranet terminal device according to an exemplary embodiment of the present application. Referring to fig. 6A, the server includes a terminal device, an SLB server, a DNS resolution server cluster, and a public network DNS resolution server.

Multiple DNS resolution servers may be included in a DNS resolution server cluster. For example, the plurality of DNS resolution servers may be DNS resolution server 1, DNS resolution servers 2, … …, DNS resolution server 5.

Alternatively, for any one DNS resolution server, the DNS resolution server may provide proprietary cloud DNS services. The DNS resolution server may store a list of domain names and a list of source addresses.

Optionally, the public network DNS resolution server may include a root domain name server, a top-level domain name server, and an authoritative domain name server.

The terminal device 1 may be located in the intranet 1. In step (1), the terminal device may send an access request 1 to the SLB server, where the access request 1 may include a domain name 1 and a source address 1. Domain name 1 may be a domain name of an internet application in a public network.

In step (2), the SLB server may determine a target DNS resolution server according to the load balancing policy. Assuming that the target DNS resolution server is DNS resolution server 2, the SLB server may send access request 1 to DNS resolution server 2.

In step (3), the DNS resolution server 2 acquires a domain name list and a source address list in a preset storage space. If the domain name list includes a plurality of accessible addresses, and the plurality of accessible addresses includes a domain name 1, the domain name 1 may be determined to be an accessible domain name. If the source address list includes a plurality of forbidden addresses, and if the plurality of forbidden addresses includes the source address 1, it may be determined that the source address 1 is a forbidden address, and if the verification result of the accessible request 1 is that the verification is failed, the DNS resolution server 2 may send a response message corresponding to the access request to the SLB server, where the response message may be "access request 1 is rejected".

In step (4), after receiving the response message, the SLB server may send the response message to the terminal device 1 so that the terminal device 1 acquires the response message.

Fig. 6B is a schematic diagram two of a process of domain name resolution of accessing a public network by an intranet terminal device according to an exemplary embodiment of the present application. Referring to fig. 6B, the server cluster includes a terminal device, an SLB server, and a DNS resolution server cluster.

In step (1), the terminal device 2 located in the intranet 2 may send an access request 2 to the SLB server, where the access request 2 may include a domain name 1 and a source address 2.

In step (2), the SLB server may determine that the target DNS resolution server is DNS resolution server 2 according to the load balancing policy, and the SLB server may send an access request 2 to DNS resolution server 2.

In step (3), the DNS resolution server 2 acquires a domain name list and a source address list in a preset storage space. If the domain name list includes a plurality of accessible addresses, and the plurality of accessible addresses includes a domain name 1, the domain name 1 may be determined to be an accessible domain name. If the source address list includes a plurality of forbidden addresses, if the plurality of forbidden addresses do not include the source address 1, it may be determined that the source address 2 is a non-forbidden address, and if the verification result of the accessible request 2 is that verification is passed, the DNS resolution server 2 may determine, according to the domain name 1, a target network address corresponding to the domain name 1. If DNS resolution server 2 includes network address 1 corresponding to domain name 1, DNS resolution server 2 may send network address 1 corresponding to domain name 1 to the SLB server.

If the DNS resolution server 2 does not include the network address 1 corresponding to the domain name 1, in step (5), the DNS resolution server 2 may send an access request to a DNS resolution server in the public network to recursively find the network address 1 corresponding to the domain name 1.

Specifically, the DNS resolution server 2 may send an access request to the root domain name server, and if the root domain name server does not include the network address corresponding to the domain name 1, the root domain name server may send the network address of the top-level domain name server to the DNS resolution server 2; the DNS resolution server 2 may send an access request to the top-level domain name server according to the network address of the top-level domain name server, and if the top-level domain name server does not include the network address corresponding to the domain name 1, the top-level domain name server may send the network address of the authoritative domain name server to the DNS resolution server 2; the DNS resolution server 2 may send the access request to the authoritative domain name server according to the network address of the authoritative domain name server, where the authoritative domain name server may include the network address 1 corresponding to the domain name 1, and in step (6), the top-level domain name server may send the network address 1 to the DNS resolution server 2. The DNS resolution server 2 may send the network address 1 corresponding to the domain name 1 to the SLB server through step (3).

In step (4), after receiving the network address 1, the SLB server may send the network address 1 corresponding to the domain name 1 to the terminal device 2, so that the terminal device may access the target server according to the network address 1.

In the embodiment shown in fig. 6A to fig. 6B, if the network type is an intranet type, the target DNS resolution server may receive an access request sent by the terminal device, and may perform verification processing on the access request to obtain a verification result. If the verification result is that the verification is not passed, the access request of the terminal equipment can be refused; if the verification result is that the verification is passed, recursive search can be performed to determine the target network address corresponding to the target domain name. After the destination DNS resolution server determines the destination network address, the destination network address is sent to the terminal device. Because the target DNS resolution server can realize the management and control of the terminal equipment accessing the public network domain name, the appointed terminal equipment is allowed to access the public network domain name, other terminals are not allowed to access the public network domain name, and the network security of enterprises is improved.

Fig. 7A is a schematic diagram of a process of domain name resolution in an IDC intranet according to an exemplary embodiment of the present application. Referring to fig. 7A, a plurality of application servers including a terminal device, a target DNS resolution server, and IDC. The plurality of application servers may be the application server 1, the application servers 2, … …, and the application server 8, respectively.

Alternatively, the enterprise may have an application in the IDC network, open to the interior, and the IDC network may be of the intranet type.

The terminal equipment, the target DNS resolution server and the plurality of application servers are all located in the IDC intranet.

Optionally, the target DNS resolution server may provide a private cloud DNS resolution service.

In step (1), the terminal device may send an access request to the target DNS resolution server through the SLB server and the forwarding DNS resolution server, where the access request may include a domain name 1 and a source address 1.

In step (2), the target DNS resolution server may verify the access request, to obtain a verification result. If the verification result is that the verification is passed, the target DNS resolution server may determine 8 network addresses to be selected corresponding to the domain name 1 in the domain name file 1 according to the domain name 1, where the application servers corresponding to the 8 network addresses to be selected are the application server 1, the application servers 2, … …, and the application server 8 respectively. The target DNS resolution server may determine the distances between the 10 application servers and the terminal device, and may determine the network address 1 corresponding to the application server 1 as the target network address, assuming that the application server 1 is closest to the terminal device. And the target DNS analysis server sends the network address 1 corresponding to the domain name 1 to the terminal equipment through the SLB server and the forwarding DNS analysis server.

In step (3), the terminal device can access the target server, i.e. the application server 1, based on the network address 1.

Fig. 7B is a schematic diagram of a process of domain name resolution in a proprietary cloud intranet according to an exemplary embodiment of the present application. Referring to fig. 7B, a terminal device, a target DNS resolution server, and a plurality of application servers in a proprietary cloud are included. The plurality of application servers may be the application server 1, the application servers 2, … …, and the application server 10, respectively.

The terminal equipment, the target DNS resolution server and the plurality of application servers are all located in a proprietary cloud intranet.

Alternatively, the target DNS resolution server may provide proprietary cloud DNS services.

The specific execution of steps (1) (2) (3) in fig. 7B may be referred to as the execution of steps (1) (2) (3) in fig. 7A, and will not be described herein.

Fig. 7C is a schematic diagram of a domain name resolution process in a VPC intranet according to an exemplary embodiment of the present application. Referring to fig. 7C, there are included a terminal device, a target DNS resolution server, and a plurality of application servers in the VPC. The plurality of application servers may be the application server 1, the application servers 2, … …, and the application server 10, respectively.

The terminal device, the target DNS resolution server, and the plurality of application servers are all located in a VPC intranet, and the terminal device may be a cloud server ECS (ElCstic Compute Service, ECS).

Alternatively, the target DNS resolution server may provide a VPC-oriented DNS service (PrivateZone).

The specific execution of steps (1) (2) (3) in fig. 7C may be referred to as the execution of steps (1) (2) (3) in fig. 7A, and will not be described herein.

In the embodiment shown in fig. 7A to 7C, the target DNS resolution server may receive the access request sent by the terminal device, and verify the access request to obtain a verification result. If the verification result is that the verification is passed, the target DNS resolution server may determine at least one network address to be selected corresponding to the target domain name, determine a distance between an external network server corresponding to each network address to be selected and the terminal device, and determine, as the target network address, the network address to be selected corresponding to the external network server having the closest distance between the external network server and the terminal device. After the destination DNS resolution server determines the destination network address, the destination network address is sent to the terminal device. Because the target DNS analysis server can automatically dispatch to the external network server nearest to the terminal equipment according to the source address of the terminal equipment and the configured dispatching strategy, the access nearby is realized, and the access efficiency is improved.

In the VPC network, the PrivateZone service provides DNS resolution services to terminal devices in all VPC networks. In actual operation, different enterprises may set applications in different VPCs, and the domain names set by the applications in the respective VPCs may be the same, so that the network address of the unique application server, that is, the target network address, cannot be determined according to the target domain name. For example, if the enterprise a is provided with the application 1 in the VPC1, the application 1 is provided with the domain name 1, the enterprise B is provided with the application 2 in the VPC2, and the application 2 is provided with the domain name 1, in this case, for the access request including the domain name 1, the accurate analysis cannot be performed, and the VPC identifier may be added to the access request from different VPCs, so as to implement the accurate analysis. Next, domain name resolution of access requests in different VPC networks will be described with reference to fig. 8.

Fig. 8 is a schematic domain name resolution diagram of access requests in different VPCs according to an exemplary embodiment of the present application. Referring to fig. 8, a VPC network may include a plurality of VPCs and target DNS resolution servers.

The plurality of VPCs can be VPC-1, VPC-2, … …, VPC-k (k is an integer greater than or equal to 1), respectively. A plurality of end devices may be included in each of VPC-1, VPC-2, … …, and VPC-k.

For any one of the VPCs, a DNS forwarder may be deployed in the VPC, and the DNS forwarder may be used to add a VPC identifier to an access request sent by the terminal device. For example, a DNS forwarder 1 may be provided in VPC-1.

Optionally, privateZone software may be installed in the target DNS resolution server, for performing domain name resolution on the access request in the VPC.

For a terminal device in any one of the VPCs, the terminal device may send a first access request to the corresponding DNS forwarder. The first access request may include a target domain name and a source address. Because the DNS forwarder and the terminal device are located in the same VPC, the DNS forwarder may determine the VPC identifier, and may add the VPC identifier to the first access request to obtain a second access request, where the second access request may include the target domain name, the source address, and the VPC identifier.

For example, if the terminal device 1-1 in the VPC-1 can send the first access request 1 to the DNS forwarder, the first access request 1 may include the domain name 1 and the source address 1. After the DNS forwarder 1 receives the first access request 1, a VPC-1 identification may be added to the first access request 1, resulting in a second access request. The second access request 1 may include a domain name 1, a source address 1 and a VPC-1 identification.

The DNS forwarder may send the second access request to a DNS root forwarder located outside the plurality of VPCs, and the DNS root forwarder may send the second access request to the target DNS resolution server. The target DNS resolution server may determine, based on the VPC identifier and the target domain name, a target network address corresponding to the target domain name, that is, a network address of the application server.

For example, if the second access request 1 includes a domain name 1, a source address 1, and a VPC-1 identifier, the target DNS resolution server may determine, according to the VPC-1 identifier and the domain name 1, a network address of the application server corresponding to the domain name 1 in the VPC-1, that is, a target network address.

After the destination DNS resolution server determines the destination network address, the destination network address may be sent to the DNS root forwarder, the DNS root forwarder may send the destination network address to the DNS forwarder, and the DNS forwarder may send the destination network address to the terminal device, so that the terminal device may access the destination application server according to the destination network address.

It should be noted that, if the target domain name in the access request is a cloud product domain name provided by the cloud service provider, the cloud product domain name will not appear the same situation because the target domain name is a domain name provided by the cloud service provider, if the access request includes the cloud product domain name, the DNS forwarder may not need to add the VPC identifier to the access request, and may send the access request to the target DNS resolution server.

Optionally, a cloud product domain name list may be included in the DNS forwarder, and it may be determined in the cloud product domain name list whether the target domain name in the access request is a cloud product domain name, to determine whether to add the VPC identifier to the access request.

Because the PrivateZones of different cloud environments have different capacities and different implementation modes, the configuration complexity is finally increased for enterprises, and the application domain name of the enterprises cannot be globally and uniformly planned and analyzed; and because the PrivateZone is deployed in the cloud platform VPC network and is deeply integrated with the cloud platform, analysis of relying on the PrivateZone for cloud products cannot be replaced. Optionally, the enterprise own domain name can be replaced, so that the resolution of the enterprise own domain name is not dependent on PrivateZone any more, and the global consistency of the resolution capability of the enterprise own domain name is further realized.

In the embodiment of the application, the DNS forwarder can be deployed in the VPC, and the VPC identifier is added to the access request sent by the terminal equipment, so that the target DNS resolution server can determine the target network address corresponding to the target domain name according to the VPC identifier, and the accuracy of domain name resolution is improved.

Next, a procedure for configuring domain name files or domain name update information to DNS resolution servers by the management and control platform will be described with reference to fig. 9.

Fig. 9 is a schematic diagram of a process for configuring a domain name file according to an exemplary embodiment of the present application. Referring to fig. 9, a plurality of DNS resolution server clusters and a management platform are included.

The plurality of DNS resolution server clusters may be different types of DNS resolution server clusters. The plurality of DNS resolution server clusters may include a DNS resolution server cluster on the cloud, and a DNS resolution server cluster under the cloud.

The DNS resolution server cluster on the cloud may be a plurality of DNS resolution servers provided by different service providers, or a plurality of DNS resolution servers respectively corresponding to different cloud service modes.

For example, DNS resolution server clusters on the cloud may be DNS resolution server cluster 1, DNS resolution server clusters 2, … …, DNS resolution server cluster i (i is an integer greater than or equal to 1), respectively. The plurality of DNS resolution server clusters may be located in different cloud networks. For example, DNS resolution server cluster 1 may be located in a VPC network provided by service provider 1, and DNS resolution server cluster 2 may be located in a public cloud provided by service provider 2.

The DNS resolution server cluster under the cloud may be a plurality of DNS resolution servers locally.

For example, DNS resolution server clusters under the cloud may be DNS resolution server cluster 1, DNS resolution server clusters 2, … …, DNS resolution server cluster j (j is an integer greater than or equal to 1), respectively. The multiple DNS resolution server clusters may be located in different IDC's built by the enterprise. For example, DNS resolution server cluster 1 may be located in IDC network 1 and DNS resolution server cluster 2 may be located in IDC network 2.

For any one DNS resolution server cluster, at least one DNS resolution server may be included in the DNS resolution servers. For example, the at least one DNS resolution server may be DNS resolution server 1, DNS resolution server 2, … …, respectively.

Alternatively, the enterprise may log into the administration platform and configure domain name resolution data in the administration platform. The domain name resolution data may include a domain name and at least one network address, a corresponding DNS resolution server cluster, and the like.

If the domain name resolution data is configured for the target domain name for the first time, the electronic equipment where the management and control platform is located can generate a domain name file according to the domain name resolution data; if the domain name resolution data is updated for the target domain name, the electronic device where the management and control platform is located can generate domain name update information according to the updated domain name resolution data.

After the management and control platform determines the domain name file or the domain name updating information, the domain name file or the domain name updating information can be sent to a plurality of DNS analysis servers in the target DNS analysis server cluster according to the identifier of the DNS analysis server cluster corresponding to the domain name.

The management and control platform can send domain name files or domain name update files to different types of DNS resolution server clusters. For example, if the DNS resolution server cluster 1 corresponding to the domain name 1 is located in the public cloud and the DNS resolution server cluster 2 corresponding to the domain name 2 is located in the self-built IDC, the domain name file 1 or the domain name update information 1 corresponding to the domain name 1 may be sent to a plurality of DNS resolution servers in the DNS resolution server cluster 1 through the management and control platform; the domain name file 2 or domain name update information 2 corresponding to the domain name 2 may be sent to a plurality of DNS resolution servers in the DNS resolution server cluster 2 through the management and control platform.

Optionally, multiple DNS resolution services can be integrated in the management and control platform, a unified view angle of global operation and maintenance management can be provided, and public network domain names and intranet domain names can be managed, service states of the multiple DNS resolution services, abnormal alarms and the like can be checked in the management and control platform.

Alternatively, a system composed of the management platform and the plurality of DNS resolution services may be referred to as a converged cloud DNS system.

Because the mixed cloud scene may comprise multiple cloud networks, the cloud resolution DNS service, the PrivateZone service, the proprietary cloud DNS service and the PrivateZone service in the converged cloud DNS system can be applicable to different cloud networks, the multiple DNS resolution services can be integrated to a management and control platform so as to realize unified management and unified operation and maintenance of domain name resolution in the mixed cloud scene, realize full-scene full-link integrated domain name resolution, unify domain name resolution capability in all cloud networks, further realize global planning access paths, reduce operation and maintenance cost of a DNS resolution server and improve management efficiency of the DNS resolution server.

It should be noted that, for any one DNS resolution server cluster, multiple DNS resolution servers in the DNS resolution server cluster are used to resolve the same domain name. For example, if the DNS resolution server cluster 1 under the cloud is configured with the domain name files corresponding to the domain name 1 and the domain name 2 respectively, and the DNS resolution server cluster 1 includes 10 DNS resolution servers, the 10 DNS resolution servers can be used for resolving the access requests for the domain name 1 and the domain name 2.

In the embodiment of the application, the management and control platform can generate the domain name file or the domain name updating information according to the domain name resolution data, and can uniformly issue the domain name file or the domain name updating information to at least two types of DNS resolution server clusters such as the DNS resolution server cluster on the cloud, the DNS resolution server cluster under the cloud and the like. Because the domain name file or domain name updating information can be issued to at least two types of DNS analysis servers according to the DNS analysis server cluster in one management and control platform, one-to-one configuration of a plurality of DNS analysis servers is not needed, and compared with the configuration of different domain name files for the DNS analysis servers of corresponding types on platforms of different service providers, the configuration efficiency of the DNS analysis servers is improved.

Fig. 10 is a schematic structural diagram of a domain name resolution device according to an exemplary embodiment of the present application. Referring to fig. 10, the apparatus is applied to a target DNS resolution server, and the apparatus includes: a first receiving module 11, an acquiring module 12, a determining module 13 and a transmitting module 14, wherein,

the first receiving module 11 is configured to receive an access request sent by a terminal device, where the access request includes a target domain name;

the obtaining module 12 is configured to obtain, according to the access request, a target domain name file configured by a management and control platform, where the management and control platform is configured to configure domain name files for at least two types of DNS resolution servers;

the determining module 13 is configured to determine, according to the target domain name file, a target network address corresponding to the target domain name;

the sending module 14 is configured to send the target network address to the terminal device.

The domain name resolution device provided by the embodiment of the application can execute the technical scheme shown in the embodiment of the method, and the implementation principle and the beneficial effects are similar, and are not repeated here.

a local DNS resolution server and a remote DNS resolution server.

In a possible embodiment, the determining module 13 is specifically configured to:

In a possible embodiment, the network type is the external network type, and the determining module 13 is specifically configured to:

requesting a GTM to acquire the target network address corresponding to the target domain name;

and if a plurality of network addresses corresponding to the target domain name do not exist in the GTM, determining the target network address according to the target domain name file and the target domain name.

if a plurality of network addresses corresponding to the target domain name exist in the GTM, receiving the target network address determined by the GTM in the plurality of network addresses; and the cloud server corresponding to the target network address is closest to the terminal equipment.

In a possible embodiment, the network type is the intranet type; the determining module 13 is specifically configured to:

In a possible embodiment, the access request further includes a source network address of the terminal device; the determining module 13 is specifically configured to:

determining whether the target domain name is an accessible domain name;

Fig. 11 is a schematic structural diagram of another domain name resolution device according to an exemplary embodiment of the present application. Referring to fig. 11, the apparatus may further include a second receiving module 15, a storage module 16, and an updating module 17 on the basis of the apparatus shown in fig. 10, wherein,

The second receiving module 15 is configured to receive the target domain name file sent by the management and control platform;

the storage module 16 is configured to store the target domain name file.

In a possible embodiment, the second receiving module 15 is further configured to:

in a possible embodiment, the updating module 17 is specifically configured to:

An exemplary embodiment of the present application provides a schematic structure of a DNS resolution server, referring to fig. 12, the DNS resolution server 20 may include a processor 21 and a memory 22. The processor 21, the memory 22, and the like are illustratively interconnected by a bus 23.

The memory 22 stores computer-executable instructions;

The processor 21 executes computer-executable instructions stored in the memory 22, causing the processor 21 to perform a domain name resolution method as shown in the method embodiments described above.

Accordingly, an embodiment of the present application provides a computer readable storage medium, where computer executable instructions are stored, where the computer executable instructions are used to implement the domain name resolution method according to any one of the above method embodiments when executed by a processor.

Accordingly, embodiments of the present application may also provide a computer program product, including a computer program, which when executed by a processor may implement the domain name resolution method shown in any of the above method embodiments.

It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.

Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.

The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.

Claims

1. A domain name resolution method applied to a target domain name system DNS resolution server, the method comprising:

According to the access request, acquiring a target domain name file configured by a management and control platform from the DNS analysis server, wherein the management and control platform is used for configuring domain name files for at least two types of DNS analysis servers, the management and control platform is in communication connection with the DNS analysis server, and the target domain name file is pre-configured in the DNS analysis server through the management and control platform;

determining a target network address corresponding to the target domain name according to the target domain name file, and sending the target network address to the terminal equipment;

determining, according to the target domain name file, a target network address corresponding to the target domain name, including:

determining a network type of a network where the target DNS analysis server is located, wherein the network type is an external network type or an internal network type, the network of the internal network type comprises a local area network, a Virtual Private Cloud (VPC) network, a private cloud network and a self-built Internet Data Center (IDC) network, and the network of the external network type comprises a public cloud network and an IDC network;

2. The method of claim 1, wherein the at least two types of DNS resolution servers comprise:

a local DNS resolution server and a remote DNS resolution server.

3. The method of claim 1, wherein the network type is the foreign network type, wherein determining the target network address based on the network type, the target domain name file, and the target domain name comprises:

4. The method of claim 3, wherein requesting a GTM to obtain the target network address corresponding to the target domain name comprises:

5. The method of claim 1, wherein the network type is the intranet type; determining the target network address according to the network type, the target domain name file and the target domain name, including:

6. The method according to claim 5, wherein the access request further comprises a source network address of the terminal device; for any one network address to be selected, determining a distance between an external network server corresponding to the network address to be selected and the terminal device includes:

7. The method according to claim 5 or 6, wherein determining at least one network address to be selected corresponding to the target domain name in the target domain name file comprises:

8. The method according to claim 7, wherein the access request further comprises a source network address of the terminal device; performing verification processing on the access request to obtain a verification result, including:

determining whether the target domain name is an accessible domain name;

9. The method according to any one of claims 1-8, further comprising, prior to obtaining the target domain name file of the administration platform configuration according to the access request:

and storing the target domain name file.

10. The method according to any one of claims 1-8, further comprising, prior to obtaining the target domain name file of the administration platform configuration according to the access request:

11. A domain name resolution device for application to a target DNS resolution server, the device comprising: the device comprises a first receiving module, an acquiring module, a determining module and a transmitting module, wherein,

The obtaining module is used for obtaining a target domain name file configured by a management and control platform in the DNS resolution server according to the access request, wherein the management and control platform is used for configuring domain name files for at least two types of DNS resolution servers, the management and control platform is in communication connection with the DNS resolution server, and the target domain name file is preconfigured in the DNS resolution server through the management and control platform;

the sending module is used for sending the target network address to the terminal equipment;

the determining module is specifically configured to:

12. A DNS resolution server, comprising: a memory and a processor;

the memory stores computer-executable instructions;

the processor executing computer-executable instructions stored in the memory, causing the processor to perform the domain name resolution method of any one of claims 1 to 10.

13. A computer readable storage medium having stored therein computer executable instructions for implementing a domain name resolution method according to any of claims 1 to 10 when the computer executable instructions are executed by a processor.