CN117118741A - Method and system for solving DNS hijacking based on httpDS - Google Patents

Method and system for solving DNS hijacking based on httpDS Download PDF

Info

Publication number
CN117118741A
CN117118741A CN202311321397.XA CN202311321397A CN117118741A CN 117118741 A CN117118741 A CN 117118741A CN 202311321397 A CN202311321397 A CN 202311321397A CN 117118741 A CN117118741 A CN 117118741A
Authority
CN
China
Prior art keywords
domain name
httpdns
server
target
name resolution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311321397.XA
Other languages
Chinese (zh)
Inventor
沈陈姗
刘海原
李文鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Booslink Suzhou Information Technology Co ltd
Original Assignee
Booslink Suzhou Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Booslink Suzhou Information Technology Co ltd filed Critical Booslink Suzhou Information Technology Co ltd
Priority to CN202311321397.XA priority Critical patent/CN117118741A/en
Publication of CN117118741A publication Critical patent/CN117118741A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0663Performing the actions predefined by failover planning, e.g. switching to standby network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention discloses a method, a system, electronic equipment and a storage medium for solving the problem of DNS hijacking based on httpNS, wherein the method for solving the problem of DNS hijacking based on httpNS comprises the following steps: sending a domain name resolution request to an httpDNS server, wherein the domain name resolution request comprises a target domain name to be resolved; receiving a domain name resolution result returned by the httpDNS server, wherein the domain name resolution result comprises a target IP address corresponding to the target domain name; and connecting the target IP address to access a page corresponding to the target domain name. The method for solving the problem of DNS hijacking based on httpNS solves the problem that the prior art cannot fundamentally solve the problem of DNS hijacking.

Description

Method and system for solving DNS hijacking based on httpDS
Technical Field
The invention relates to the technical field of computers, in particular to a method, a system, electronic equipment and a storage medium for solving the problem of DNS hijacking based on httpNS.
Background
DNS hijacking refers to a malicious interference and tampering DNS (DomainName System) resolution process, which redirects a domain name resolution request of a user to a malicious IP address or webpage, so that the user cannot normally access a desired website, and even the user is subjected to network fraud or malicious software attack.
DNS hijacking is now typically solved by using encrypted DNS resolution, using VPN services and DNS cache settings;
however, the encrypted DNS resolution requires additional encryption and decryption processes, which increases network delay and resource consumption, affecting resolution speed and user experience. And the encrypted DNS resolution requires that both the client and the server support corresponding encryption protocols, otherwise encrypted communication cannot be performed, so that some old versions of operating systems or devices cannot enjoy the encrypted DNS resolution.
Connecting to a VPN using VPN services introduces an extra network layer, resulting in a possible impact of network speed and reduced internet experience. And in some countries or regions, the use of VPN services may violate local legal restrictions.
DNS cache setup can reduce the impact of DNS hijacking to some extent, but the expiration time of the cache is limited. If the TTL (Time-To-Live) setting of the DNS record is short, DNS hijacking may still be encountered after the cache Time expires. When a DNS record changes, it is necessary to wait for the expiration time of the cache to arrive to update the record. In this process, access abnormality or DNS hijacking may be caused in a period of time, and the DNS hijacking technology is continuously evolved and evolved, and the novel hijacking mode may bypass protection of DNS cache setting. Thus, relying solely on DNS cache settings may not fully address all DNS hijacking issues.
Summarizing, the conventional method for solving the DNS hijacking has a plurality of defects, and cannot fundamentally solve the problem of DNS hijacking.
There is a need for a method that can fundamentally solve DNS hijacking.
Disclosure of Invention
The embodiment of the invention aims to provide a method, a system, electronic equipment and a storage medium for solving the problem that the DNS hijacking cannot be fundamentally solved in the prior art.
In order to achieve the above objective, an embodiment of the present invention provides a method for solving DNS hijacking based on httpDNS, where the method specifically includes:
sending a domain name resolution request to an httpDNS server, wherein the domain name resolution request comprises a target domain name to be resolved;
receiving a domain name resolution result returned by the httpDNS server, wherein the domain name resolution result comprises a target IP address corresponding to the target domain name;
and connecting the target IP address to access a page corresponding to the target domain name.
Based on the technical scheme, the invention can also be improved as follows:
further, the sending a domain name resolution request to the httpDNS server, where the domain name resolution request includes a target domain name to be resolved, includes:
and acquiring geographic position information of the client, and selecting an httpDS server corresponding to the client based on the geographic position information.
Further, the sending a domain name resolution request to the httpDNS server, where the domain name resolution request includes a target domain name to be resolved, further includes:
receiving abnormal condition information returned by the httpDS server, wherein the abnormal condition information comprises network connection failure or analysis failure;
and determining a corresponding solution based on the abnormal condition information.
Further, the receiving the domain name resolution result returned by the httpDNS server, where the domain name resolution result includes a target IP address corresponding to the target domain name, includes:
obtaining an httpDNS server set for domain name resolution, the httpDNS server set comprising a plurality of httpDNS servers;
when the httpDNS server receives abnormal information returned by the domain name resolution request, the domain name resolution request is automatically switched to the httpDNS server based on the httpDNS server set.
Further, the receiving the domain name resolution result returned by the httpDNS server, where the domain name resolution result includes a target IP address corresponding to the target domain name, further includes:
matching the IP address of the httpDNS server in an abnormal httpDNS server IP list and/or a normal httpDNS server IP list;
determining whether the target domain name has DNS hijacking or not based on the matching result;
and if the target domain name has DNS hijacking, terminating the domain name access behavior.
Further, the receiving the domain name resolution result returned by the httpDNS server, where the domain name resolution result includes a target IP address corresponding to the target domain name, further includes:
a caching mechanism is added between the client and the httpDNS server to reduce the frequency of requests.
Further, the httpDNS-based method for solving DNS hijacking further comprises:
acquiring the addresses of the httpDNS servers in the httpDNS server set;
the address of the httpDNS server is configured on the client to ensure that all domain name resolution requests are handled by the httpDNS server.
A httpDNS-based system for resolving DNS hijacking, comprising:
a request sending module, configured to send a domain name resolution request to an httpDNS server, where the domain name resolution request includes a target domain name to be resolved;
the resolution result receiving module is used for receiving a domain name resolution result returned by the httpDNS server, wherein the domain name resolution result comprises a target IP address corresponding to the target domain name;
and the address connection module is used for connecting the target IP address so as to access a page corresponding to the target domain name.
An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method when the computer program is executed.
A non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method.
The embodiment of the invention has the following advantages:
the method for solving the DNS hijacking based on httpDS sends a domain name resolution request to an httpDS server, wherein the domain name resolution request comprises a target domain name to be resolved; receiving a domain name resolution result returned by the httpDNS server, wherein the domain name resolution result comprises a target IP address corresponding to the target domain name; the target IP address is connected to access the page corresponding to the target domain name, so that the problem that the DNS hijacking cannot be fundamentally solved in the prior art is solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It will be apparent to those skilled in the art from this disclosure that the drawings described below are merely exemplary and that other embodiments may be derived from the drawings provided without undue effort.
The structures, proportions, sizes, etc. shown in the present specification are shown only for the purposes of illustration and description, and are not intended to limit the scope of the invention, which is defined by the claims, so that any structural modifications, changes in proportions, or adjustments of sizes, which do not affect the efficacy or the achievement of the present invention, should fall within the scope of the invention.
FIG. 1 is a flow chart of a method for resolving DNS hijacking based on httpNS of the present invention;
FIG. 2 is a first architecture diagram of a system for resolving DNS hijacking based on httpNS of the present invention;
FIG. 3 is a second architecture diagram of the system of the present invention for resolving DNS hijacking based on httpNS;
fig. 4 is a schematic diagram of an entity structure of an electronic device according to the present invention.
Wherein the reference numerals are as follows:
the system comprises a request sending module 10, an analysis result receiving module 20, an address connecting module 30, a selecting module 40, a switching module 50, a judging module 60, a configuration module 70, an electronic device 80, a processor 801, a memory 802 and a bus 803.
Detailed Description
Other advantages and advantages of the present invention will become apparent to those skilled in the art from the following detailed description, which, by way of illustration, is to be read in connection with certain specific embodiments, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Examples
Fig. 1 is a flowchart of an embodiment of a method for solving DNS hijacking based on httpDNS according to the present invention, as shown in fig. 1, where the method for solving DNS hijacking based on httpDNS provided by the embodiment of the present invention includes the following steps:
s101, sending a domain name resolution request to an httpDS server, wherein the domain name resolution request comprises a target domain name to be resolved;
specifically, geographic position information of a client is obtained, and an httpDS server corresponding to the client is selected based on the geographic position information. The access speed and performance are improved.
When a user communicates with a host in the internet, the IP address of the other party must be known, however, it is difficult for the user to memorize an IP binary host address up to 32 bits long, and even a decimal IP address is not easy to memorize. To facilitate memorization, a domain name system is introduced to facilitate the conversion of machine names used by humans into IP addresses. The mapping relationship between the domain name and the IP address is recorded in the DNS server.
HTTPNDS is, in fact, not to walk through traditional DNS resolution, but to build a cluster of DNS servers based on the HTTP protocol, distributed across multiple sites and multiple operators. When the client needs DNS resolution, the client requests the server cluster directly through an HTTPS protocol to obtain a nearby address.
Because of the nature of HTTP's natural "plaintext", the entire transmission process is completely transparent, anyone can intercept, modify or forge request/response messages in the link, and the data is not trusted. The HTTPS protocol is thus created for security.
(1) The client sends the algorithm list supported by the client and a random number used as a key generation key to the server;
(2) the server selects an encryption algorithm from the algorithm list and sends the encryption algorithm and a certificate containing a public key of the server to the client; the certificate also contains the identity of the server for authentication purposes, and the server also provides a random number that is used as a key for generation;
(3) the client verifies the certificate of the server (the related verification certificate can refer to digital signature), and extracts the public key of the server; then, a random password string called pre_master_secret is generated again, encrypted (reference asymmetric encryption/decryption) by using the public key of the server, and the encrypted information is sent to the server;
(4) the client and the server independently calculate encryption and MAC keys (refer to DH key exchange algorithm) according to the pre-master-secret and the random values of the client and the server;
(5) the client sends the MAC values of all handshake messages to the server;
(6) the server sends the MAC values of all handshake messages to the client.
httpDNS typically communicate using the HTTPS protocol, such that data during transmission of requests and responses is encrypted, providing greater security and confidentiality.
Meanwhile, because the default domain name resolution is DNS walking, the httpDNS needs to bypass the default DNS path, so most of the httpDNS applications are mobile phone applications, and the client SDKs supporting httpDNS need to be embedded in the mobile phone terminal.
Receiving abnormal condition information returned by the httpDS server, wherein the abnormal condition information comprises network connection failure or analysis failure;
and determining a corresponding solution based on the abnormal condition information.
Preferably, the solution is:
if the client fails to request the httpDS server, starting an alternative, going through a normal DNS analysis process, and initiating a request to a LocalDNS; the LocalDNS performs recursive query; finally returning a DNS result; after the client takes the optimal IP, connection is established, and normal access operation is initiated.
By using httpDS, the localDNS server of the operator is bypassed, the risk of hijacking of the operator is eliminated, and the user is ensured to visit a real target website.
The format of the domain name resolution request is defined, including the data structure and parameters of the request, so that the server can resolve correctly and return the resolution result.
S102, receiving a domain name resolution result returned by the httpDS server, wherein the domain name resolution result comprises a target IP address corresponding to a target domain name;
specifically, an httpDNS server set for domain name resolution is obtained, wherein the httpDNS server set comprises a plurality of httpDNS servers;
when the httpDNS server receives abnormal information returned by the domain name resolution request, the domain name resolution request is automatically switched to the httpDNS server based on the httpDNS server set.
httpDNS services typically provide multiple alternative authoritative DNS servers that can automatically switch to other available servers when one server fails to provide service normally, improving availability and stability.
Matching the IP address of the httpDNS server in an abnormal httpDNS server IP list and/or a normal httpDNS server IP list;
determining whether the target domain name has DNS hijacking or not based on the matching result;
and if the target domain name has DNS hijacking, terminating the domain name access behavior.
A caching mechanism is added between the client and the httpDNS server to reduce the frequency of requests. The domain name resolution time can be reduced through the local cache and the dedicated httpDNS server, and the user access speed and response efficiency are improved.
S103, connecting the target IP address to access a page corresponding to the target domain name;
the method for solving the DNS hijacking based on httpNS further comprises the following steps:
acquiring the addresses of the httpDNS servers in the httpDNS server set;
the address of the httpDNS server is configured on the client to ensure that all domain name resolution requests are handled by the httpDNS server.
httpDNS mode of operation
And dynamically requesting the server from the SDK of the client to acquire an IP list of the httpDS server, and caching the IP list to the local. With the domain name being continuously resolved, the SDK also locally caches the DNS domain name resolution result;
when the mobile phone application needs to access an address, firstly, whether a local cache exists or not is checked, if so, the mobile phone application directly returns, and if not, the httpDS server is requested;
the server requesting httpDNS provides an api interface, selects a corresponding interface to send out an interface request, and returns an IP list of a website to be accessed;
the client can select IP after receiving the returned IP list, establish connection and initiate normal access operation.
The method for solving the DNS hijacking based on the httpDNS sends a domain name resolution request to an httpDNS server, wherein the domain name resolution request comprises a target domain name to be resolved; receiving a domain name resolution result returned by the httpDNS server, wherein the domain name resolution result comprises a target IP address corresponding to the target domain name; and connecting the target IP address to access a page corresponding to the target domain name. The problem that the prior art cannot fundamentally solve the problem of DNS hijacking is solved.
FIGS. 2-3 are flowcharts of an embodiment of a system for resolving DNS hijacking based on httpNS in accordance with the present invention; as shown in fig. 2-3, the system for solving DNS hijacking based on httpDNS provided by the embodiment of the present invention includes the following steps:
a request sending module 10, configured to send a domain name resolution request to an httpDNS server, where the domain name resolution request includes a target domain name to be resolved;
the resolution result receiving module 20 is configured to receive a domain name resolution result returned by the httpDNS server, where the domain name resolution result includes a target IP address corresponding to the target domain name;
and the address connection module 30 is used for connecting the target IP address so as to access the page corresponding to the target domain name.
A selection module 40, configured to obtain geographic location information of a client, and select an httpDNS server corresponding to the client based on the geographic location information;
the method comprises the steps that a client receives abnormal situation information returned by an httpDS server, wherein the abnormal situation information comprises network connection failure or analysis failure; determining a corresponding solution based on the abnormal situation information;
a switching module 50 for obtaining an httpDNS server set for domain name resolution, the httpDNS server set comprising a plurality of httpDNS servers; when the httpDNS server receives abnormal information returned by the domain name resolution request, the domain name resolution request is automatically switched to the httpDNS server based on the httpDNS server set.
A judging module 60, configured to match the IP address of the httpDNS server with an abnormal httpDNS server IP list and/or a normal httpDNS server IP list; determining whether the target domain name has DNS hijacking or not based on the matching result; and if the target domain name has DNS hijacking, terminating the domain name access behavior.
A caching mechanism is added between the client and the httpDNS server to reduce the frequency of requests.
A configuration module 70, configured to obtain an address of the httpDNS server in the httpDNS server set; the address of the httpDNS server is configured on the client to ensure that all domain name resolution requests are handled by the httpDNS server.
The system for solving the DNS hijacking based on httpDNS sends a domain name resolution request to an httpDNS server through a request sending module 10, wherein the domain name resolution request comprises a target domain name to be resolved; receiving a domain name resolution result returned by the httpDNS server through a resolution result receiving module 20, wherein the domain name resolution result comprises a target IP address corresponding to the target domain name; the address connection module 30 is used for connecting the target IP address to access the page corresponding to the target domain name. The method for solving the problem of DNS hijacking based on httpNS solves the problem that the prior art cannot fundamentally solve the problem of DNS hijacking.
The method for solving the problem of DNS hijacking based on httpDS is realized. By using httpDNS, a DNS query request is sent to a dedicated DNS server, and then the returned result is directly used to initiate the request, thereby bypassing the operator's localDNS server, and effectively eliminating the risk of operator hijacking.
Fig. 4 is a schematic diagram of an entity structure of an electronic device according to an embodiment of the present invention, as shown in fig. 4, an electronic device 80 includes: a processor 801 (processor), a memory 802 (memory), and a bus 803;
the processor 801 and the memory 802 complete communication with each other through the bus 803;
the processor 801 is configured to invoke program instructions in the memory 802 to perform the methods provided by the above-described method embodiments, including, for example: sending a domain name resolution request to an httpDNS server, wherein the domain name resolution request comprises a target domain name to be resolved; receiving a domain name resolution result returned by the httpDNS server, wherein the domain name resolution result comprises a target IP address corresponding to the target domain name; and connecting the target IP address to access a page corresponding to the target domain name.
The present embodiment provides a non-transitory computer readable storage medium storing computer instructions that cause a computer to perform the methods provided by the above-described method embodiments, for example, including: sending a domain name resolution request to an httpDNS server, wherein the domain name resolution request comprises a target domain name to be resolved; receiving a domain name resolution result returned by the httpDNS server, wherein the domain name resolution result comprises a target IP address corresponding to the target domain name; and connecting the target IP address to access a page corresponding to the target domain name.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: various storage media such as ROM, RAM, magnetic or optical disks may store program code.
The apparatus embodiments described above are merely illustrative, wherein elements illustrated as separate elements may or may not be physically separate, and elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on such understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the embodiments or the methods of some parts of the embodiments.
While the invention has been described in detail in the foregoing general description and specific examples, it will be apparent to those skilled in the art that modifications and improvements can be made thereto. Accordingly, such modifications or improvements may be made without departing from the spirit of the invention and are intended to be within the scope of the invention as claimed.

Claims (10)

1. A method for solving DNS hijacking based on httpDNS, comprising the steps of:
sending a domain name resolution request to an httpDNS server, wherein the domain name resolution request comprises a target domain name to be resolved;
receiving a domain name resolution result returned by the httpDNS server, wherein the domain name resolution result comprises a target IP address corresponding to the target domain name;
and connecting the target IP address to access a page corresponding to the target domain name.
2. The httpDNS-based DNS hijacking resolution method according to claim 1, wherein the sending a domain name resolution request to the httpDNS server, wherein the domain name resolution request includes a target domain name to be resolved, includes:
and acquiring geographic position information of the client, and selecting an httpDS server corresponding to the client based on the geographic position information.
3. The httpDNS-based DNS hijacking resolution method according to claim 1, wherein the sending a domain name resolution request to the httpDNS server, wherein the domain name resolution request includes a target domain name to be resolved, further includes:
receiving abnormal condition information returned by the httpDS server, wherein the abnormal condition information comprises network connection failure or analysis failure;
and determining a corresponding solution based on the abnormal condition information.
4. The httpDNS-based DNS hijacking resolution method according to claim 3, wherein the receiving the domain name resolution result returned by the httpDNS server, where the domain name resolution result includes a target IP address corresponding to the target domain name, includes:
obtaining an httpDNS server set for domain name resolution, the httpDNS server set comprising a plurality of httpDNS servers;
when the httpDNS server receives abnormal information returned by the domain name resolution request, the domain name resolution request is automatically switched to the httpDNS server based on the httpDNS server set.
5. The httpDNS-based DNS hijacking resolution method according to claim 1, wherein the receiving the domain name resolution result returned by the httpDNS server, where the domain name resolution result includes a target IP address corresponding to the target domain name, further includes:
matching the IP address of the httpDNS server in an abnormal httpDNS server IP list and/or a normal httpDNS server IP list;
determining whether the target domain name has DNS hijacking or not based on the matching result;
and if the target domain name has DNS hijacking, terminating the domain name access behavior.
6. The httpDNS-based DNS hijacking resolution method according to claim 1, wherein the receiving the domain name resolution result returned by the httpDNS server, where the domain name resolution result includes a target IP address corresponding to the target domain name, further includes:
a caching mechanism is added between the client and the httpDNS server to reduce the frequency of requests.
7. The httpDNS-based DNS hijacking resolution method according to claim 1, further comprising:
acquiring the addresses of the httpDNS servers in the httpDNS server set;
the address of the httpDNS server is configured on the client to ensure that all domain name resolution requests are handled by the httpDNS server.
8. A system for resolving DNS hijacking based on httpDNS, comprising:
a request sending module, configured to send a domain name resolution request to an httpDNS server, where the domain name resolution request includes a target domain name to be resolved;
the resolution result receiving module is used for receiving a domain name resolution result returned by the httpDNS server, wherein the domain name resolution result comprises a target IP address corresponding to the target domain name;
and the address connection module is used for connecting the target IP address so as to access a page corresponding to the target domain name.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any one of claims 1 to 7 when the computer program is executed.
10. A non-transitory computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method according to any of claims 1 to 7.
CN202311321397.XA 2023-10-13 2023-10-13 Method and system for solving DNS hijacking based on httpDS Pending CN117118741A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311321397.XA CN117118741A (en) 2023-10-13 2023-10-13 Method and system for solving DNS hijacking based on httpDS

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311321397.XA CN117118741A (en) 2023-10-13 2023-10-13 Method and system for solving DNS hijacking based on httpDS

Publications (1)

Publication Number Publication Date
CN117118741A true CN117118741A (en) 2023-11-24

Family

ID=88813055

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311321397.XA Pending CN117118741A (en) 2023-10-13 2023-10-13 Method and system for solving DNS hijacking based on httpDS

Country Status (1)

Country Link
CN (1) CN117118741A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118157993A (en) * 2024-05-10 2024-06-07 中移(苏州)软件技术有限公司 Domain name resolution method and device, domain name resolution system and electronic equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118157993A (en) * 2024-05-10 2024-06-07 中移(苏州)软件技术有限公司 Domain name resolution method and device, domain name resolution system and electronic equipment

Similar Documents

Publication Publication Date Title
US20210176079A1 (en) Supporting secure sessions in a cloud-based proxy service
US8239549B2 (en) Dynamic host configuration protocol
EP1965558B1 (en) Method, apparatuses and computer program product for robust digest authentication using two types of nonce values
US20090070582A1 (en) Secure Network Location Awareness
US20170279617A1 (en) Dns provider configuring a registry dnssec record
KR20080024469A (en) Preventing fraudulent internet account access
WO2022247751A1 (en) Method, system and apparatus for remotely accessing application, device, and storage medium
EP2638496B1 (en) Method and system for providing service access to a user
CN113381979A (en) Access request proxy method and proxy server
US11784993B2 (en) Cross site request forgery (CSRF) protection for web browsers
CN117118741A (en) Method and system for solving DNS hijacking based on httpDS
US20170317836A1 (en) Service Processing Method and Apparatus
CN112468442A (en) Double-factor authentication method and device, computer equipment and storage medium
US8112535B2 (en) Securing a server in a dynamic addressing environment
US10931662B1 (en) Methods for ephemeral authentication screening and devices thereof
CN116633562A (en) Network zero trust security interaction method and system based on WireGuard
CN114666056B (en) Providing a first digital certificate and a DNS response
Pansa et al. Architecture and protocols for secure LAN by using a software-level certificate and cancellation of ARP protocol
CN114006724A (en) Method and system for discovering and authenticating encrypted DNS (Domain name Server) resolver
WO2004099949A1 (en) Web site security model
US20230344795A1 (en) Delegation of a naming identifier resolution function
TWI795148B (en) Device, method and system of handling access control
CN107517178B (en) Authentication method, device and system
Rafiee et al. Challenges and Solutions for DNS Security in IPv6
JP2024502773A (en) Traffic redirection methods, corresponding terminals, controllers, authorization servers, name resolution servers, and computer programs

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination