CN116489127A - DNS analysis method and device electronic device and storage medium - Google Patents

DNS analysis method and device electronic device and storage medium Download PDF

Info

Publication number
CN116489127A
CN116489127A CN202310575779.9A CN202310575779A CN116489127A CN 116489127 A CN116489127 A CN 116489127A CN 202310575779 A CN202310575779 A CN 202310575779A CN 116489127 A CN116489127 A CN 116489127A
Authority
CN
China
Prior art keywords
data
analysis
dns
resolution
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310575779.9A
Other languages
Chinese (zh)
Inventor
孙春兰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202310575779.9A priority Critical patent/CN116489127A/en
Publication of CN116489127A publication Critical patent/CN116489127A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a DNS analysis method, a device, electronic equipment and a storage medium, wherein the method comprises the following steps: receiving a DNS resolution request carrying a resolution policy; if the analysis strategy indicates to use pre-stored data, reading target analysis data according to the DNS analysis request; if the analysis strategy indicates that the pre-stored data is not used, DNS analysis is carried out according to the DNS analysis request, and target analysis data is obtained; and returning the target analysis data. The method used for domain name resolution is determined by the resolution policy carried by the DNS resolution request. And the resolution strategy can be configured by a user according to actual needs. Thus, the user can flexibly configure the domain name resolution process, to meet specific requirements in some scenarios, and to improve the flexibility of the domain name resolution process.

Description

DNS analysis method and device electronic device and storage medium
Technical Field
The present application relates to the field of network technologies, and in particular, to a DNS resolution method, a DNS resolution device, an electronic device, and a storage medium.
Background
DNS (Domain Name System ) is an internet service that enables people to access the internet more conveniently as a distributed database that maps domain names to IP (Internet Protocol ) addresses. The domain name server refers to a server which stores domain names and corresponding IP addresses of all hosts in a network and has a function of converting the domain names into IP addresses. Where the domain name must correspond to an IP address and the IP address does not necessarily have a domain name. The domain name system uses a hierarchical structure like a directory tree for data storage. The domain name server is the server side in client/server mode, and has mainly two forms: the process of mapping a domain name to an IP address by a host server and a forwarding server is called "domain name resolution".
In the related art, the domain name resolution process lacks flexibility, and cannot meet specific requirements in some situations.
Disclosure of Invention
The embodiment of the application aims at providing a DNS analysis method, a device, electronic equipment and a storage medium, which are used for realizing the technical effect of improving the DNS analysis flexibility.
An embodiment of the present application provides a DNS resolution method, where the method includes:
receiving a DNS resolution request carrying a resolution policy;
if the analysis strategy indicates to use pre-stored data, reading target analysis data according to the DNS analysis request;
if the analysis strategy indicates that the pre-stored data is not used, DNS analysis is carried out according to the DNS analysis request, and target analysis data is obtained;
and returning the target analysis data.
In the implementation process, the method used by domain name resolution is determined by the resolution policy carried by the DNS resolution request. And the resolution strategy can be configured by a user according to actual needs. Therefore, the user can flexibly configure the domain name resolution process to meet specific requirements in some scenes, and the flexibility of the domain name resolution process is improved.
Further, if the resolution policy indicates that pre-stored data is used, the reading the target resolution data according to the DNS resolution request includes:
reading first resolution data matched with the DNS resolution request from the pre-stored data;
and if the first analysis data meets the condition, determining that the first analysis data is the target analysis data.
In the implementation process, after obtaining the resolution data matched with the DNS resolution request, it is further required to determine whether the resolution data meets the condition. And determining that the analysis data is the target analysis data returned to the initiating terminal only when the condition is met. Therefore, the accuracy of the read target analysis data is improved by adding the conditions, and the user requirements are met.
Further, the method further comprises:
and if the first analysis data does not meet the conditions, performing DNS analysis according to the DNS analysis request to obtain target analysis data.
In the implementation process, under the condition that the prestored data does not have the target analysis data meeting the conditions, the target analysis data meeting the conditions is obtained through DNS analysis, so that the target analysis data can be returned to the initiating terminal.
Further, the conditions include: the first analysis data is obtained by analysis of the target DNS server.
In the implementation process, the user can set the condition that the first analysis data needs to meet through actual needs, so that the user can acquire target analysis data analyzed by the designated DNS server from the prestored data. Through adding the condition, the flexibility of DNS analysis is improved, and more requirements of users are met.
Further, if the parsing policy indicates that the pre-stored data is not used, the method further includes:
and if the analysis strategy indicates to store data, storing and processing the target analysis data.
In the implementation process, the user can select whether to store the target analysis data by configuring the analysis strategy, so that on one hand, the flexibility of DNS analysis is improved, and the user requirement is met. On the other hand, the pre-stored data can be updated in time so as to improve the accuracy of DNS analysis.
Further, the method further comprises:
and configuring the storage effective period of the target analysis data.
In the implementation process, by setting a reasonable storage effective period, the target analysis data can be prevented from being stored too long, and the data is ensured to be newer.
Further, if the DNS resolution request is initiated by the domain name tampering monitoring end, the resolution policy indicates that the pre-stored data is not used.
In the implementation process, the DNS analysis request initiated by the domain name tampering monitoring end does not use pre-stored data, so that target analysis data is obtained through DNS analysis, and the requirements of acquiring real-time analysis data in a detection task and a verification task in a domain name tampering monitoring scene are met.
A second aspect of an embodiment of the present application provides a DNS resolution device, including:
the receiving module is used for receiving the DNS resolution request carrying the resolution strategy;
the reading module is used for reading target analysis data according to the DNS analysis request if the analysis strategy indicates to use pre-stored data;
the analysis module is used for carrying out DNS analysis according to the DNS analysis request to obtain target analysis data if the analysis strategy indicates that the pre-stored data is not used;
and the return module is used for returning the target analysis data.
A third aspect of embodiments of the present application provides an electronic device, including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor, when invoking the executable instructions, performs the operations of the method of any of the first aspects.
A fourth aspect of the embodiments provides a computer readable storage medium having stored thereon computer instructions which when executed by a processor implement the steps of any of the methods of the first aspect.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a DNS resolution method according to an embodiment of the present application;
fig. 2 is a flow chart of another DNS resolution method according to an embodiment of the present application;
fig. 3 is a flow chart of another DNS resolution method according to an embodiment of the present application;
fig. 4 is a block diagram of a DNS resolution device according to an embodiment of the present application;
fig. 5 is a hardware configuration diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only to distinguish the description, and are not to be construed as indicating or implying relative importance.
DNS is an internet service, which is a distributed database that maps domain names and IP addresses to each other, enabling people to access the internet more conveniently. The domain name server refers to a server which stores domain names and corresponding IP addresses of all hosts in a network and has a function of converting the domain names into IP addresses. Where the domain name must correspond to an IP address and the IP address does not necessarily have a domain name. The domain name system uses a hierarchical structure like a directory tree for data storage. The domain name server is the server side in client/server mode, and has mainly two forms: the process of mapping a domain name to an IP address by a host server and a forwarding server is called "domain name resolution".
In the related art, the domain name resolution process lacks flexibility, and cannot meet specific requirements in some situations. To this end, the present application provides a DNS resolution method, including the steps as shown in fig. 1:
step 110: receiving a DNS resolution request carrying a resolution policy;
step 121: if the analysis strategy indicates to use pre-stored data, reading target analysis data according to the DNS analysis request;
step 122: if the analysis strategy indicates that the pre-stored data is not used, DNS analysis is carried out according to the DNS analysis request, and target analysis data is obtained;
step 130: and returning the target analysis data.
The execution subject of the above method may include, but is not limited to, servers with domain name resolution functions, such as DNS servers; and/or a server storing a mapping relationship between domain names and IP addresses, such as a DNS cache server, etc.
The manner of mapping from domain name to IP address includes two types: first, if the domain name has been previously resolved to an IP address, the mapping relationship between the domain name and the IP address may be stored. When the IP address corresponding to the domain name needs to be queried again, the IP address matched with the domain name can be determined according to the mapping relation between the domain name and the pre-stored mapping relation. And secondly, DNS analysis is directly carried out according to the domain name, so that a matched IP address is obtained.
Compared with the related art, the DNS resolution of the application carries a resolution strategy. And the resolution policy is used for indicating the acquisition method of the target resolution data. That is, what method is specifically used to obtain the target resolution data for the domain name to be resolved in the DNS resolution request is determined by the resolution policy carried by the DNS resolution request. The target resolution data is the IP address corresponding to the domain name to be resolved.
For example, the resolution policy carried can be determined according to a policy field preset in the DNS resolution request. The policy field includes, as an example, an isusecche field.
The method for acquiring the target analysis data comprises the steps of using pre-stored data and not using pre-stored data. If the isusecche field in the strategy field is TRUE, determining to use pre-stored data; if the isusecche field in the policy field is FALSE, it is determined that the pre-stored data is not used.
The pre-stored data, that is, the mapping relation between the domain name and the IP address which are resolved before, may be, for example, cache data in a DNS cache server.
If the resolution policy indicates that the target resolution data is obtained by using the pre-stored data, the target resolution data is read according to the DNS resolution request. Illustratively, the IP address matched with the domain name to be resolved is read as target resolution data according to the domain name to be resolved in the DNS resolution request and the pre-stored mapping relation.
And if the analysis strategy indicates that the pre-stored data is not used for acquiring the target analysis data, performing DNS analysis according to the DNS analysis request. Illustratively, DNS resolution is performed on the domain name to be resolved in the DNS resolution request, and an IP address matched with the domain name to be resolved is obtained as target resolution data. As an example, DNS resolution may be performed through a dnsjava class library or nsalookup tool.
And finally, returning the obtained target analysis data to the initiating terminal of the DNS analysis request to complete the DNS analysis process.
It can be seen that, in the DNS resolution method provided in the present application, the method used for domain name resolution is determined by the resolution policy carried by the DNS resolution request. And the resolution strategy can be configured by a user according to actual needs. Therefore, the user can flexibly configure the domain name resolution process to meet specific requirements in some scenes, and the flexibility of the domain name resolution process is improved.
Regarding application scenarios of the above methods, in some embodiments, the above methods may be applied to network access scenarios. An access terminal that needs to make network access initiates a DNS resolution request. The DNS resolution request initiated by the access terminal may carry a resolution policy indicating that pre-stored data is used. Therefore, the target analysis data can be directly read, so that the acquisition efficiency of the target analysis data can be improved, and the network access efficiency can be further improved.
In some embodiments, the above method may be applied to a domain name tampering monitoring scenario. Domain name tampering refers to that an illegal molecule enters a DNS server through illegal means to modify the IP address pointed by the domain name, so that the input domain name cannot point to the accessed website. This can make the website unable to operate properly, and can cause irrecoverable losses to the website user and website owner. And the IP address corresponding to the domain name is resolved through the DNS, and whether the IP address is a correct address is compared, so that whether the domain name is tampered can be judged.
Thus, some website monitoring products may perform domain name tampering monitoring in order to check whether the domain name has been tampered with. The domain name tampering monitoring end is, for example, a website monitoring product, and can initiate a DNS resolution request. For example, in some monitoring scenarios, domain name tampering monitoring may be performed periodically. Thus, in response to reaching the monitoring period, the domain name tampering monitoring end initiates a DNS resolution request. As another example, in some monitoring scenarios, when a risk of domain name tampering is detected, it is necessary to further verify and confirm whether the domain name has been tampered with. And responding to the domain name tampering verification task, and initiating a DNS resolution request by the domain name tampering monitoring terminal.
The DNS resolution request initiated by the domain name tamper monitoring end may carry a resolution policy indicating that pre-stored data is not used. Thus, the DNS analysis request initiated by the domain name falsification monitoring terminal obtains the target analysis data in real time through DNS analysis. Such a design is made because domain name tampering monitoring should use data obtained by real-time parsing so that tampering can be found in time. Whereas pre-stored data, such as cached data in a DNS cache server, is not real-time resolved data. If the pre-stored data contains the resolution data of the domain name, the domain name is tampered with the IP address corresponding to the DNS server. At this time, the pre-stored data cannot reflect that the domain name has been tampered with. If the domain name falsification monitoring terminal obtains the resolved data of the domain name from the pre-stored data, the domain name falsified cannot be found. Therefore, for the DNS resolution request initiated by the domain name tampering monitoring end, the resolution policy should indicate that the pre-stored data is not used, so that DNS resolution can be performed, real-time target resolution data is obtained, and whether the domain name is tampered is judged according to the real-time target resolution data.
Therefore, by configuring the resolution strategy in the DNS resolution request, the requirement of DNS resolution in a website access scene can be met, and the requirement of acquiring real-time resolution data in a detection task and a verification task in a domain name tampering monitoring scene can be met.
Regarding step 121, in some embodiments, steps as shown in fig. 2 may be included:
step 1211: reading first resolution data matched with the DNS resolution request from the pre-stored data;
step 1212: and if the first analysis data meets the condition, determining that the first analysis data is the target analysis data.
The DNS resolution request includes a domain name to be resolved. The pre-stored data, such as the cached data in the DNS cache server, includes a mapping relationship between a plurality of domain names and IP addresses. Therefore, the IP address corresponding to the domain name to be resolved can be read from the pre-stored data to serve as the first resolved data.
Subsequently, it may be determined whether the first parsed data satisfies a condition. Under the condition that the first analysis data meets the condition, the first analysis data can be determined to be the target analysis data, so that the process of reading the target analysis data by using the pre-stored data is completed.
Optionally, before performing step 1211, the method further includes the steps of: and judging whether first analysis data matched with the DNS analysis request exists in the prestored data or not. If so, step 1211 is performed. And if the target analysis data does not exist, carrying out DNS analysis according to the DNS analysis request to obtain the target analysis data.
In this embodiment, after obtaining the resolution data matching the DNS resolution request, it is further necessary to determine whether the resolution data satisfies the condition. And determining that the analysis data is the target analysis data returned to the initiating terminal only when the condition is met. Therefore, the accuracy of the read target analysis data is improved by adding the conditions, and the user requirements are met.
Further, in some embodiments, if the first resolution data does not meet the condition, DNS resolution is performed according to the DNS resolution request to obtain the target resolution data.
And under the condition that the first resolution data does not meet the condition, the target resolution data which does not meet the condition in the prestored data is indicated, so that DNS resolution can only be carried out on the domain name to be resolved in the DNS resolution request. The analysis data obtained by DNS analysis meets the conditions, and thus can be determined as target analysis data.
In this embodiment, under the condition that the prestored data does not have the target analysis data meeting the conditions, the target analysis data meeting the conditions is obtained through DNS analysis, so that the target analysis data can be returned to the initiator.
The condition satisfied by the first analysis data may be set by the user according to actual needs. The conditions that the first resolution data needs to satisfy may be carried in the DNS resolution request. As a possible example, the above conditions may include: the first resolved data is resolved by the target DNS server.
The DNS server includes a plurality of DNS servers, and DNS resolution of the same domain name by different DNS servers may obtain the same or different resolution results. In some scenarios, the user may select a target DNS server for DNS resolution according to the actual situation or need, or the user may specify to obtain target resolution data obtained by the target DNS server resolution. The different target DNS servers are distinguished by the IP address of the server.
Thus, in the above embodiment, after the first resolution data is read from the pre-stored data, it may be determined whether the first resolution data is resolved by the target DNS server. Wherein the target DNS server may comprise a plurality of. And if the first analysis data is obtained by analysis of the target DNS server, determining that the first analysis data is the target analysis data. If it is determined that the first resolution data is not obtained by the target DNS server, or if the target DNS server includes a plurality of target DNS servers, the pre-stored data includes only a part of the first resolution data obtained by the target DNS server, it is determined that the first resolution data does not satisfy the condition, and then DNS resolution is performed according to the DNS resolution request, so as to obtain resolution data obtained by respectively resolving different target DNS servers as target resolution data.
In this embodiment, the user may set the condition that the first resolution data needs to satisfy through actual needs, so that the user may obtain the target resolution data resolved by the specified DNS server from the pre-stored data. Through adding the condition, the flexibility of DNS analysis is improved, and more requirements of users are met.
Furthermore, in some embodiments, the resolution policy is used to indicate whether to store the target resolution data in addition to the acquisition method used to indicate the target resolution data. In this way, in the case that the parsing strategy indicates that the pre-stored data is not used, the method further includes the steps of: and if the analysis strategy indicates to store data, storing and processing the target analysis data.
In the case where the resolution policy indicates that pre-stored data is not used, the target resolution data is generated by DNS resolution. Thus, the user can configure whether to save the generated target resolution data in the resolution policy.
Illustratively, the policy field in the DNS resolution request may include an isCache field. If the isCache field in the policy field is TRUE, the saved data is determined, and the target resolved data is stored, for example, the target resolved data is cached in the DNS cache server. If the isCache field in the policy field is FALSE, determining that the data is not saved, and directly returning target analysis data to the initiating terminal.
It can be understood that, for a domain name, if the pre-stored data includes resolution data corresponding to the domain name, and the resolution policy carried by the DNS resolution request of the domain name indicates that the pre-stored data is not used, and indicates to store data, that is, store real-time resolved target resolution data, then the real-time target resolution data can update the resolution data corresponding to the domain name in the pre-stored data, thereby completing updating of the pre-stored data.
Therefore, in this embodiment, the user may select whether to store the target resolution data by configuring the resolution policy, so that on one hand, the flexibility of DNS resolution is improved, and the user requirement is satisfied. On the other hand, the pre-stored data can be updated in time so as to improve the accuracy of DNS analysis.
Further, in some embodiments, when storing the target resolution data, the method further includes the steps of: and configuring the storage effective period of the target analysis data.
Alternatively, the storage expiration date may be carried in the DNS resolution request. In this way, the user can configure different target resolution data to have different storage expiration dates.
Alternatively, the storage expiration date may be a default value. Different target resolution data have the same storage life.
The storage expiration date can be valued according to the actual situation. The application is not limited herein. By setting a reasonable storage effective period, the target analysis data can be prevented from being stored too long, and the data is ensured to be newer.
In addition, if the data is ensured to be newer by configuring the storage validity period of the target analysis data, then for the domain name tampering monitoring scenario described above, if the monitoring frequency is higher, it is considered that the target analysis data is acquired by a method of using pre-stored data and not using pre-stored data. Namely, a partial DNS analysis request initiated by the domain name falsification monitoring terminal carries an analysis strategy for indicating that pre-stored data is not used; another part of DNS resolution requests carries resolution policies indicating the use of pre-stored data.
The time spent by the DNS resolution process is longer than the time spent reading the target resolution data with the pre-stored data. Under the condition of higher monitoring frequency, if DNS resolution is performed again for each DNS resolution request of the monitoring task, more computing resources of the server are occupied, and response efficiency is lower. In the case where the update of the target analysis data is ensured by the storage expiration date, the target analysis data read from the pre-stored data is also updated. And when the target analysis data reach the effective period, acquiring real-time target analysis data again through DNS analysis. Therefore, detection tasks and authentication tasks in a domain name tampering monitoring scene are realized by combining a method of real-time analysis and pre-stored data, so that the response efficiency is ensured, and the real-time performance of the data is ensured.
In addition, as shown in fig. 3, after receiving a DNS resolution request carrying a resolution policy (step 301), the present application further provides a DNS resolution method, and determines whether to use pre-stored data, that is, cache data, through a policy field isusecche field in the DNS resolution request (step 302).
In the case that the isusecche field is FALSE, it is determined that pre-stored data is not to be used, DNS resolution is performed through the dnsjava class library or nsalookup tool (step 304). Then, whether the DNS resolution is successful is determined by the returned result of the dnsjava class library or ndalookup tool (step 305). If the analysis fails, indicating that the target analysis data is not acquired, outputting the analysis failure result (step 308); if the resolution is successful, which means that the target resolution data is obtained, it is further determined whether to save the data according to the policy field isCache field in the DNS resolution request (step 306).
In the case where the isCache field is TRUE, it is determined that the data is saved, and then the target analysis data is subjected to storage processing and the storage expiration date is configured (step 307). Finally, the result of the target parsing data is output (step 308). In the case where the isCache field is FALSE, it is determined that the data is not saved, and the result of the target parse data is output (step 308).
In the case that the isusecche field is TRUE, it is determined that the pre-stored data is used, and it is first determined whether there is first resolution data corresponding to the domain name to be resolved in the DNS resolution request in the pre-stored data (step 303). If the first resolved data does not exist in the pre-stored data, the target resolved data is obtained through a DNS resolving process (steps 304-308).
If the first analysis data exists in the pre-stored data, it is further determined whether the first analysis data satisfies the condition (step 309). When the first analysis data satisfies the condition, the first analysis data is read as target analysis data (step 310), and the result of the target analysis data is output (step 308). In the case where the first resolution data does not satisfy the condition, the target resolution data is acquired through a process of DNS resolution (steps 304 to 308).
It can be seen that, in the DNS resolution method provided in the present application, the method used for domain name resolution is determined by the resolution policy carried by the DNS resolution request. And the resolution strategy can be configured by a user according to actual needs. Therefore, the user can flexibly configure the domain name resolution process to meet specific requirements in some scenes, and the flexibility of the domain name resolution process is improved.
Based on any of the above embodiments, the present application further provides a DNS resolution device. As shown in fig. 4, DNS resolution device 400 includes:
a receiving module 410, configured to receive a DNS resolution request carrying a resolution policy;
a reading module 421, configured to read target resolution data according to the DNS resolution request if the resolution policy indicates that pre-stored data is used;
a resolution module 422, configured to perform DNS resolution according to the DNS resolution request if the resolution policy indicates that the pre-stored data is not used, so as to obtain target resolution data;
and a return module 430, configured to return the target resolution data.
In some embodiments, the reading module 421 is specifically configured to:
reading first resolution data matched with the DNS resolution request from the pre-stored data;
and if the first analysis data meets the condition, determining that the first analysis data is the target analysis data.
In some embodiments, the parsing module 422 is further configured to:
and if the first analysis data does not meet the conditions, performing DNS analysis according to the DNS analysis request to obtain target analysis data.
In some embodiments, the conditions include: the first analysis data is obtained by analysis of the target DNS server.
In some embodiments, if the resolution policy indicates that the pre-stored data is not used, DNS resolution device 400 further includes:
and the storage module is used for storing the target analysis data if the analysis strategy indicates to store the data.
In some embodiments, DNS resolution device 400 further includes:
and the configuration module is used for configuring the storage valid period of the target analysis data.
In some embodiments, if the DNS resolution request is initiated by a domain name tamper monitoring end, the resolution policy indicates that the pre-stored data is not to be used.
The implementation process of the functions and roles of each module in the above device is specifically shown in the implementation process of the corresponding steps in the above method, and will not be described herein again.
Based on the DNS resolution method described in any of the foregoing embodiments, the present application further provides a schematic structural diagram of an electronic device as shown in fig. 5. At the hardware level, as in fig. 5, the electronic device includes a processor, an internal bus, a network interface, a memory, and a non-volatile storage, although it may include hardware required for other services. The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs to implement a DNS resolution method as described in any of the above embodiments.
The present application also provides a computer storage medium storing a computer program which, when executed by a processor, is operable to perform a DNS resolution method as described in any of the above embodiments.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other manners as well. The apparatus embodiments described above are merely illustrative, for example, flow diagrams and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely exemplary embodiments of the present application and is not intended to limit the scope of the present application, and various modifications and variations may be suggested to one skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application. It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

Claims (10)

1. A DNS resolution method, the method comprising:
receiving a DNS resolution request carrying a resolution policy;
if the analysis strategy indicates to use pre-stored data, reading target analysis data according to the DNS analysis request;
if the analysis strategy indicates that the pre-stored data is not used, DNS analysis is carried out according to the DNS analysis request, and target analysis data is obtained;
and returning the target analysis data.
2. The method of claim 1, wherein if the resolution policy indicates that pre-stored data is used, the reading the target resolution data according to the DNS resolution request comprises:
reading first resolution data matched with the DNS resolution request from the pre-stored data;
and if the first analysis data meets the condition, determining that the first analysis data is the target analysis data.
3. The method according to claim 2, wherein the method further comprises:
and if the first analysis data does not meet the conditions, performing DNS analysis according to the DNS analysis request to obtain target analysis data.
4. A method according to any one of claims 2-3, wherein the conditions comprise: the first analysis data is obtained by analysis of the target DNS server.
5. The method of claim 1, wherein if the resolution policy indicates that the pre-stored data is not to be used, the method further comprises:
and if the analysis strategy indicates to store data, storing and processing the target analysis data.
6. The method of claim 5, wherein the method further comprises:
and configuring the storage effective period of the target analysis data.
7. The method of claim 1, wherein the resolution policy indicates that the pre-stored data is not to be used if the DNS resolution request is initiated by a domain name tamper monitoring end.
8. A DNS resolution device, the device comprising:
the receiving module is used for receiving the DNS resolution request carrying the resolution strategy;
the reading module is used for reading target analysis data according to the DNS analysis request if the analysis strategy indicates to use pre-stored data;
the analysis module is used for carrying out DNS analysis according to the DNS analysis request to obtain target analysis data if the analysis strategy indicates that the pre-stored data is not used;
and the return module is used for returning the target analysis data.
9. An electronic device, the electronic device comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor, when invoking the executable instructions, performs the operations of the method of any of claims 1-7.
10. A computer readable storage medium having stored thereon computer instructions which when executed by a processor implement the steps of the method of any of claims 1-7.
CN202310575779.9A 2023-05-19 2023-05-19 DNS analysis method and device electronic device and storage medium Pending CN116489127A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310575779.9A CN116489127A (en) 2023-05-19 2023-05-19 DNS analysis method and device electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310575779.9A CN116489127A (en) 2023-05-19 2023-05-19 DNS analysis method and device electronic device and storage medium

Publications (1)

Publication Number Publication Date
CN116489127A true CN116489127A (en) 2023-07-25

Family

ID=87225212

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310575779.9A Pending CN116489127A (en) 2023-05-19 2023-05-19 DNS analysis method and device electronic device and storage medium

Country Status (1)

Country Link
CN (1) CN116489127A (en)

Similar Documents

Publication Publication Date Title
CN109587133B (en) Single sign-on system and method
CN110830458B (en) Domain name access method, system, device and computer readable storage medium
US9883002B2 (en) Method and system for accessing website
CN108989355B (en) Vulnerability detection method and device
US7865618B2 (en) Defeating cache resistant domain name systems
JP6435398B2 (en) Method and system for facilitating terminal identifiers
CN109040052B (en) Information processing method, terminal and computer readable medium
US7461120B1 (en) Method and system for identifying a visitor at a website server by requesting additional characteristic of a visitor computer from a visitor server
CN105592011B (en) Account login method and device
CN110888838B (en) Request processing method, device, equipment and storage medium based on object storage
CN111431753A (en) Asset information updating method, device, equipment and storage medium
CN110716743B (en) Aggregation API development method and system suitable for multiparty collaborative development
CN110232279A (en) A kind of leak detection method and device
CN111090449A (en) API service access method and device and electronic equipment
CN111432041A (en) Domain name acquisition method, system, terminal and computer readable storage medium
CN112613893A (en) Method, system, equipment and medium for identifying malicious user registration
CN111885212B (en) Domain name storage method and device
CN111414642B (en) Link generation method and device based on gateway, server and storage medium
CN110457900B (en) Website monitoring method, device and equipment and readable storage medium
US20100082690A1 (en) System And Method For Recording Files Of Data
CN116489127A (en) DNS analysis method and device electronic device and storage medium
CN111212153A (en) IP address checking method, device, terminal equipment and storage medium
CN114465926B (en) Recursive server monitoring method, device, equipment and storage medium
CN114866277A (en) Application access method, device, equipment and storage medium
CN114168945A (en) Method and device for detecting potential risk of sub-domain name

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination