CN118055095B - Authoritative domain name server determination method and device, electronic equipment and storage medium - Google Patents
Authoritative domain name server determination method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN118055095B CN118055095B CN202410451609.4A CN202410451609A CN118055095B CN 118055095 B CN118055095 B CN 118055095B CN 202410451609 A CN202410451609 A CN 202410451609A CN 118055095 B CN118055095 B CN 118055095B
- Authority
- CN
- China
- Prior art keywords
- domain name
- server
- authoritative
- reverse
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000012795 verification Methods 0.000 claims abstract description 32
- 230000004044 response Effects 0.000 claims description 53
- 238000004590 computer program Methods 0.000 claims description 4
- 238000001514 detection method Methods 0.000 abstract description 9
- 238000010586 diagram Methods 0.000 description 10
- 238000012546 transfer Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 4
- 239000000306 component Substances 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 239000008358 core component Substances 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a determination method and device of an authoritative domain name server, electronic equipment and a storage medium, wherein the determination method comprises the following steps: acquiring a first reverse resolution record of a target server responding to a domain name reverse resolution request; preliminarily determining whether the target server is an authoritative domain name server of the own reverse domain name based on the first reverse resolution record; if the authoritative domain name server which is the self reverse domain name is preliminarily determined, further verifying whether the target server is the authoritative domain name server of the self reverse domain name based on the recursion resolution server; if the authoritative domain name server which is not the reverse domain name of the user is preliminarily determined, determining whether an unknown domain name exists in the reverse resolution record, and if so, determining the authoritative server domain name of the unknown domain name and the IP address set of the authoritative domain name server of the unknown domain name based on the recursion resolution server. The accuracy and the reliability of the verification of the authoritative domain name server are improved, and the detection range of the authoritative domain name server is enlarged.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and apparatus for determining an authoritative domain name server, an electronic device, and a storage medium.
Background
The domain name system is an infrastructure of the whole internet service, the authoritative domain name server is a core component part of the normal operation of the whole domain name resolution system, and DNS records under specific domain names are stored, wherein the DNS records comprise information such as IP addresses, mail exchange servers (MX), sub domain names and the like. When a user inputs a domain name in a browser, an operating system firstly queries a local DNS cache, and if the local DNS cache is not hit, a query request is initiated to an authoritative domain name server through a local DNS server to acquire an IP address corresponding to a target domain name, so that functions such as website access or email transmission are realized. In addition to web site access, authoritative domain name servers play an important role in network communication protocols. For example, in email transmission, SMTP (simple mail transfer protocol) finds a target mail server through MX record; FTP (file transfer protocol) or HTTP (hypertext transfer protocol) also relies on domain name resolution services in file transfer. At present, the discovery authority server is very dependent on domain names, and known domain names are required to discover the corresponding authority servers. The content of the domain name corresponds to the path and end point recorded when the recursive server accesses the authority. For authoritative servers of unknown domain names, lacking a path, this approach cannot be used to discover authoritative servers. Therefore, how to improve the accuracy of the determination of the authoritative domain name server becomes a non-trivial technical problem.
Disclosure of Invention
In view of the above, the present application aims to provide a method, a device, an electronic device and a storage medium for determining an authoritative domain name server, which determine the authoritative domain name server by using a recursive resolution server and a domain name reverse resolution request of a target server, thereby improving the accuracy and reliability of verification of the authoritative domain name server and expanding the detection range of the authoritative domain name server.
The embodiment of the application provides a determination method of an authoritative domain name server, which comprises the following steps:
sending a domain name reverse resolution request to an IP address of a target server, and obtaining a first reverse resolution record of the target server responding to the domain name reverse resolution request;
preliminarily determining whether the target server is an authoritative domain name server of a self reverse domain name based on the first reverse resolution record;
if the target server is primarily determined to be the authoritative domain name server of the self reverse domain name, verifying whether the target server is the authoritative domain name server of the self reverse domain name based on a recursion resolution server;
If the target server is preliminarily determined not to be an authoritative domain name server of the reverse domain name of the target server, determining whether an unknown domain name exists in the reverse resolution record, and if so, determining the authoritative server domain name of the unknown domain name and the IP address set of the authoritative domain name server of the unknown domain name based on the recursion resolution server.
In one possible implementation manner, the preliminary determining, based on the first reverse resolution record, whether the target server is an authoritative domain name server for its own reverse domain name includes:
detecting whether an authoritative response identifier exists in a response message field of the first reverse analysis record;
If the authoritative response identifier exists, the target server is an authoritative response, and the target server is primarily determined to be an authoritative domain name server of the reverse domain name of the target server;
and if the authoritative response identifier does not exist, preliminarily determining that the target server is not an authoritative domain name server of the reverse domain name of the target server.
In one possible implementation manner, the recursively resolving server further verifies whether the target server is an authoritative domain name server for its own reverse domain name, including:
Performing domain name reverse resolution request on the target server based on the recursion resolution server, and determining a second reverse resolution record from the recursion resolution server;
And matching the first reverse analysis record with the second reverse analysis record to determine whether the target server is an authoritative domain name server of the reverse domain name of the target server.
In one possible implementation manner, the matching the first reverse resolution record and the second reverse resolution record to determine whether the target server is an authoritative domain name server for its own reverse domain name includes:
Detecting whether the response message field of the first reverse analysis record is consistent with the response message field of the second reverse analysis record;
if yes, determining that the target server is an authoritative domain name server of the self reverse domain name;
If not, determining that the target server is not the authoritative domain name server of the self reverse domain name.
In one possible implementation manner, the determining, based on the recursively resolving server, the authoritative server domain name of the unknown domain name and the IP address set of the authoritative server domain name of the unknown domain name includes:
Performing domain name server record inquiry on the unknown domain name based on the recursion resolution server, and determining an authoritative server domain name of the unknown domain name;
and inquiring the domain name IP address of the authoritative server domain name of the unknown domain name based on the recursion resolution server, and determining the IP address set of the authoritative server domain name of the unknown domain name.
In one possible implementation manner, after determining whether an unknown domain name exists in the reverse resolution record, if so, determining, based on the recursion resolution server, an authoritative server domain name of the unknown domain name and an IP address set of an authoritative domain name server of the unknown domain name, where the determining method further includes:
Detecting whether the IP address of the target server exists in an IP address set of an authoritative domain name server of the unknown domain name;
if yes, determining that the target server is an authoritative domain name server of the unknown domain name;
if not, determining that the target server is not the authoritative domain name server of the unknown domain name.
The embodiment of the application also provides a determining device of the authoritative domain name server, which comprises the following components:
the first verification module is used for preliminarily determining whether the target server is an authoritative domain name server of a self reverse domain name based on the first reverse analysis record;
The second verification module is used for further verifying whether the target server is an authoritative domain name server of the self reverse domain name based on the recursion resolution server if the target server is primarily determined to be the authoritative domain name server of the self reverse domain name;
and the third verification module is used for determining whether an unknown domain name exists in the reverse resolution record if the target server is initially determined not to be the authoritative domain name server of the reverse domain name, and determining the authoritative server domain name of the unknown domain name and the IP address set of the authoritative domain name server of the unknown domain name based on the recursion resolution server if the unknown domain name exists in the reverse resolution record.
In one possible implementation manner, when the first verification module is configured to preliminarily determine, based on the first reverse resolution record, whether the target server is an authoritative domain name server for its own reverse domain name, the first verification module is specifically configured to:
detecting whether an authoritative response identifier exists in a response message field of the first reverse analysis record;
If the authoritative response identifier exists, the target server is an authoritative response, and the target server is primarily determined to be an authoritative domain name server of the reverse domain name of the target server;
and if the authoritative response identifier does not exist, preliminarily determining that the target server is not an authoritative domain name server of the reverse domain name of the target server.
The embodiment of the application also provides electronic equipment, which comprises: the system comprises a processor, a memory and a bus, wherein the memory stores machine-readable instructions executable by the processor, the processor and the memory communicate through the bus when the electronic device is running, and the machine-readable instructions are executed by the processor to perform the steps of the method for determining an authoritative domain name server as described above.
The embodiments of the present application also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method of determining an authoritative domain name server as described above.
The method, the device, the electronic equipment and the storage medium for determining the authoritative domain name server provided by the embodiment of the application comprise the following steps: sending a domain name reverse resolution request to an IP address of a target server, and obtaining a first reverse resolution record of the target server responding to the domain name reverse resolution request; preliminarily determining whether the target server is an authoritative domain name server of a self reverse domain name based on the first reverse resolution record; if the target server is initially determined to be the authoritative domain name server of the self reverse domain name, further verifying whether the target server is the authoritative domain name server of the self reverse domain name based on a recursion resolution server; if the target server is preliminarily determined not to be an authoritative domain name server of the reverse domain name of the target server, determining whether an unknown domain name exists in the reverse resolution record, and if so, determining the authoritative server domain name of the unknown domain name and the IP address set of the authoritative domain name server of the unknown domain name based on the recursion resolution server. The authoritative domain name server is determined by utilizing the domain name reverse resolution requests of the recursion resolution server and the target server, so that the accuracy and the reliability of verification of the authoritative domain name server are improved, and the detection range of the authoritative domain name server is enlarged.
In order to make the above objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a method for determining an authoritative domain name server according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a method for determining an authoritative domain name server according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an apparatus for determining an authoritative domain name server according to an embodiment of the present application;
FIG. 4 is a second schematic diagram of a device for determining an authoritative domain name server according to an embodiment of the present application;
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described with reference to the accompanying drawings in the embodiments of the present application, and it should be understood that the drawings in the present application are for the purpose of illustration and description only and are not intended to limit the scope of the present application. In addition, it should be understood that the schematic drawings are not drawn to scale. A flowchart, as used in this disclosure, illustrates operations implemented according to some embodiments of the present application. It should be appreciated that the operations of the flow diagrams may be implemented out of order and that steps without logical context may be performed in reverse order or concurrently. Moreover, one or more other operations may be added to or removed from the flow diagrams by those skilled in the art under the direction of the present disclosure.
In addition, the described embodiments are only some, but not all, embodiments of the application. The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by a person skilled in the art based on embodiments of the application without making any inventive effort, fall within the scope of the application.
In order to enable those skilled in the art to make use of the present disclosure, the following embodiments are provided in connection with a particular application scenario "determine authoritative domain name servers," and it will be apparent to those skilled in the art that the general principles defined herein may be applied to other embodiments and application scenarios without departing from the spirit and scope of the present disclosure.
First, an application scenario to which the present application is applicable will be described. The application can be applied to the technical field of communication.
The research shows that the domain name system is the infrastructure of the whole Internet service, the authoritative domain name server is a core component part of the whole domain name resolution system which normally operates, and DNS records under specific domain names are stored, wherein the DNS records comprise IP addresses, mail exchange servers (MX), sub domain names and other information. When a user inputs a domain name in a browser, an operating system firstly queries a local DNS cache, and if the local DNS cache is not hit, a query request is initiated to an authoritative domain name server through a local DNS server to acquire an IP address corresponding to a target domain name, so that functions such as website access or email transmission are realized. In addition to web site access, authoritative domain name servers play an important role in network communication protocols. For example, in email transmission, SMTP (simple mail transfer protocol) finds a target mail server through MX record; FTP (file transfer protocol) or HTTP (hypertext transfer protocol) also relies on domain name resolution services in file transfer. At present, the discovery authority server is very dependent on domain names, and known domain names are required to discover the corresponding authority servers. The content of the domain name corresponds to the path and end point recorded when the recursive server accesses the authority. For authoritative servers of unknown domain names, lacking a path, this approach cannot be used to discover authoritative servers. Therefore, how to improve the accuracy of the determination of the authoritative domain name server becomes a non-trivial technical problem.
Based on the above, the embodiment of the application provides a determination method of an authoritative domain name server, which determines the authoritative domain name server by using a recursion resolution server and a domain name reverse resolution request of a target server, improves the accuracy and reliability of verification of the authoritative domain name server, and enlarges the detection range of the authoritative domain name server.
Referring to fig. 1, fig. 1 is a flowchart of a method for determining an authoritative domain name server according to an embodiment of the present application. As shown in fig. 1, the determining method provided by the embodiment of the present application includes:
S101: and sending a domain name reverse resolution request to an IP address of a target server, and obtaining a first reverse resolution record of the target server responding to the domain name reverse resolution request.
In the step, a domain name reverse resolution request is sent to an IP address of a target server, and a first reverse resolution record of the target server responding to the domain name reverse resolution request is obtained.
Here, a reverse resolution self PTR request is sent to the target server IP1, and the purpose of this step is to verify whether the IP address of the target server is responsible for managing its own reverse resolution area, for example, a domain name reverse resolution request with a domain name of IP1.In-addr. Arpa, and if the target service returns a reverse resolution PTR record, it indicates that the target server is an authoritative domain name server for its own reverse domain name.
S102: and primarily determining whether the target server is an authoritative domain name server of the own reverse domain name based on the first reverse resolution record.
In the step, whether the target server is an authoritative domain name server of the reverse domain name of the target server is preliminarily determined according to the first reverse analysis record.
In one possible implementation manner, the preliminary determining, based on the first reverse resolution record, whether the target server is an authoritative domain name server for its own reverse domain name includes:
(1): and detecting whether an authoritative response identifier exists in a response message field of the first reverse analysis record.
Here, it is detected whether an authoritative answer identifier exists in a response message field of the first reverse parsing record.
(2): If the authoritative response identifier exists, the target server is an authoritative response, and the target server is primarily determined to be an authoritative domain name server of the reverse domain name of the target server.
If the authoritative response identifier exists, the target server is an authoritative response, and the target server is initially determined to be an authoritative domain name server of the reverse domain name of the target server.
(3): And if the authoritative response identifier does not exist, preliminarily determining that the target server is not an authoritative domain name server of the reverse domain name of the target server.
If the authoritative response identifier does not exist, the target server is preliminarily determined not to be the authoritative domain name server of the reverse domain name of the target server.
S103: if the target server is initially determined to be the authoritative domain name server of the own reverse domain name, further verifying whether the target server is the authoritative domain name server of the own reverse domain name based on the recursion resolution server.
In the step, if the target server is preliminarily determined to be the authoritative domain name server of the own reverse domain name, further verifying whether the target server is the authoritative domain name server of the own reverse domain name according to the recursion resolution server.
Here, the process of preliminarily determining that the target server is an authoritative domain name server for its own reverse domain name may be inaccurate, so that further verification is required.
Wherein the recursive resolution server is pre-established.
In one possible implementation manner, the recursively resolving server further verifies whether the target server is an authoritative domain name server for its own reverse domain name, including:
a: and determining a second reverse resolution record from the recursion resolution server based on the recursion resolution server performing a domain name reverse resolution request on the target server.
Here, a second reverse resolution record from the recursive resolution server is determined that responds to the domain name reverse resolution request from the target server according to the domain name reverse resolution request from the recursive resolution server.
Wherein, send domain name reverse analysis request with domain name IP1.In-addr. Arpa to recursion analysis server, receive reverse analysis record (second reverse analysis record) with response IP1.In-addr. Arpa authority from recursion analysis server.
B: and matching the first reverse analysis record with the second reverse analysis record to determine whether the target server is an authoritative domain name server of the reverse domain name of the target server.
Here, the first reverse resolution record and the second reverse resolution record are matched to determine whether the target server is an authoritative domain name server for the reverse domain name of the target server.
In one possible implementation manner, the matching the first reverse resolution record and the second reverse resolution record to determine whether the target server is an authoritative domain name server for its own reverse domain name includes:
a: and detecting whether the response message field of the first reverse analysis record is consistent with the response message field of the second reverse analysis record.
Here, it is detected whether the response message field of the first reverse resolution record is identical to the response message field of the second reverse resolution record.
B: if yes, determining that the target server is an authoritative domain name server of the self reverse domain name; if not, determining that the target server is not the authoritative domain name server of the self reverse domain name.
If the two types of the authority domain name servers are the same, the target server is determined to be the authority domain name server of the own reverse domain name, and if the two types of the authority domain name servers are different, the target server is determined not to be the authority domain name server of the own reverse domain name.
The same reverse parsing query is performed on the target server IP1 through the self-built recursive parsing server. The response from the recursive resolution server is compared to the response directly from IP1. The response from the recursive resolution server is the second reverse resolution record of the IP1.In-addr. Arpa domain name, and if the PTR records of the two match, i.e., the response result of IP1 is identical to the authoritative response result, the authoritative server that labels IP1 as its IP1.In-addr. Arpa domain name.
S104: if the target server is preliminarily determined not to be an authoritative domain name server of the reverse domain name of the target server, determining whether an unknown domain name exists in the reverse resolution record, and if so, determining the authoritative server domain name of the unknown domain name and the IP address set of the authoritative domain name server of the unknown domain name based on the recursion resolution server.
In the step, if the target server is preliminarily determined not to be the authoritative domain name server of the reverse domain name of the target server, determining whether an unknown domain name exists in the reverse resolution record, and if so, determining the authoritative server domain name of the unknown domain name and the IP address set of the authoritative domain name server of the unknown domain name according to the recursion resolution server.
Here, based on the first reverse resolution record obtained in step S101, it is recognized and determined whether or not an unknown domain name exists in the first reverse resolution record. If so, performing NS record inquiry on the unknown domain name by using a recursion resolution server to obtain an authoritative server domain name of the unknown domain name, and performing A record inquiry on the authoritative server domain name to obtain an IP address set of an authoritative domain name server of the unknown domain name so as to find a forward domain name possibly related to the IP address set.
Wherein the traditional method of discovering authoritative DNS servers using known domain names is limited in the size of the set of domain names for the discovery scale of authoritative servers. However, the full set of domain names is difficult to obtain, there are private domain names that are not serviced by the public, and such domain names are often not known to the public. However, in the scheme, not only can all the 43 billions of public network IP be used as detection targets to discover the authoritative domain name server, but also the unknown domain name can be discovered according to the PTR recording result obtained by detection and the authoritative domain name server of the unknown domain name can be discovered.
The process of identifying authoritative domain name servers in this scenario requires a self-built recursive resolution server to assist in verifying that the reverse resolution response from the target is correct. The reason for using a self-built recursive resolution server is to obtain information from the authoritative DNS server, preventing the impact of cache pollution. The method mainly comprises two processes, namely firstly judging whether a target server is an authoritative domain name server of a self reverse domain name, and secondly judging whether the target server is possibly the authoritative domain name server of a certain self reverse domain name.
In one possible implementation manner, the determining, based on the recursively resolving server, the authoritative server domain name of the unknown domain name and the IP address set of the authoritative server domain name of the unknown domain name includes:
i: and carrying out domain name server record inquiry on the unknown domain name based on the recursion resolution server, and determining the authoritative server domain name of the unknown domain name.
Here, the domain name server record query is performed on the unknown domain name according to the return resolution server, and the authoritative server domain name of the unknown domain name is determined.
II: and inquiring the domain name IP address of the authoritative server domain name of the unknown domain name based on the recursion resolution server, and determining the IP address set of the authoritative server domain name of the unknown domain name.
Here, the query of the domain name IP address is performed on the authoritative server domain name of the unknown domain name according to the recursion resolution server, and the IP address set of the authoritative server domain name of the unknown domain name is determined.
In one possible implementation manner, after determining whether an unknown domain name exists in the reverse resolution record, if so, determining, based on the recursion resolution server, an authoritative server domain name of the unknown domain name and an IP address set of an authoritative domain name server of the unknown domain name, where the determining method further includes:
i: and detecting whether the IP address of the target server exists in the IP address set of the authoritative domain name server of the unknown domain name.
Here, it is detected whether the IP address of the target server is among the IP address set of the authoritative domain name server for the unknown domain name.
Ii: if yes, determining that the target server is an authoritative domain name server of the unknown domain name; if not, determining that the target server is not the authoritative domain name server of the unknown domain name.
If yes, determining that the target server is an authoritative domain name server of the unknown domain name, and if not, determining that the target server is not the authoritative domain name server of the unknown domain name. Thereby it is achieved that by checking if the set of IP addresses contains the IP address of the target server, if so, it is indicated that the target server is one of the authoritative servers for the domain name, and if not, at least one unknown domain name and the authoritative server for the unknown domain name are found.
In the scheme, in the detection process of the authoritative domain name server, whether the target server is the authoritative DNS server for reversely resolving the domain name of the target server can be found and verified, an unknown domain name can be identified according to the content of the PTR record, the authoritative domain name server is found out through the unknown domain name, and whether the target server is the authoritative DNS server for the unknown domain name can be verified.
Further, referring to fig. 2, fig. 2 is a schematic diagram of a determination method of an authoritative domain name server according to an embodiment of the present application. As shown in fig. 2, an IP address of a target server is obtained, a domain name reverse resolution request with a domain name of IP1.In-addr. Arpa is sent to the IP address of the target server, after a first reverse resolution record from the target server is received, an unknown domain name is queried according to a recursive resolution server on a PTR record of the first reverse resolution record of the target server, and an authoritative server domain name of the unknown domain name and an IP address set of the authoritative server domain name of the unknown domain name are determined; detecting whether an authoritative response identifier exists in a response message field of the first reverse analysis record, if so, sending a domain name reverse analysis request with a domain name of IP1.In-addr. Arpa to a recursion analysis server, and determining a second reverse analysis record from the recursion analysis server; detecting whether the first reverse analysis record is consistent with the second reverse analysis record, if so, determining that the target server is an authoritative domain name server of IP1.in-addr.arpa, and if not, ending. If not, inquiring the unknown domain name according to the PTR record of the first reverse resolution record of the target server by the recursion resolution server, determining the authoritative server domain name of the unknown domain name and the IP address set of the authoritative server domain name of the unknown domain name, and detecting whether the IP address of the target server exists in the IP address set of the authoritative domain name server of the unknown domain name; if the domain name exists, determining that the target server is an authoritative domain name server of the unknown domain name.
The embodiment of the application provides a determination method of an authoritative domain name server, which comprises the following steps: sending a domain name reverse resolution request to an IP address of a target server, and obtaining a first reverse resolution record of the target server responding to the domain name reverse resolution request; preliminarily determining whether the target server is an authoritative domain name server of a self reverse domain name based on the first reverse resolution record; if the target server is initially determined to be the authoritative domain name server of the self reverse domain name, further verifying whether the target server is the authoritative domain name server of the self reverse domain name based on a recursion resolution server; if the target server is preliminarily determined not to be an authoritative domain name server of the reverse domain name of the target server, determining whether an unknown domain name exists in the reverse resolution record, and if so, determining the authoritative server domain name of the unknown domain name and the IP address set of the authoritative domain name server of the unknown domain name based on the recursion resolution server. The authoritative domain name server is determined by utilizing the domain name reverse resolution requests of the recursion resolution server and the target server, so that the accuracy and the reliability of verification of the authoritative domain name server are improved, and the detection range of the authoritative domain name server is enlarged.
Referring to fig. 3 and fig. 4, fig. 3 is a schematic structural diagram of an apparatus for determining an authoritative domain name server according to an embodiment of the present application; fig. 4 is a second schematic structural diagram of a device for determining an authoritative domain name server according to an embodiment of the present application. As shown in fig. 3, the determination device 300 of the authoritative domain name server includes:
a request sending module 310, configured to send a domain name reverse resolution request to an IP address of a target server, and obtain a first reverse resolution record of the target server responding to the domain name reverse resolution request;
a first verification module 320, configured to preliminarily determine, based on the first reverse resolution record, whether the target server is an authoritative domain name server for its own reverse domain name;
A second verification module 330, configured to further verify, based on the recursive resolution server, whether the target server is an authoritative domain name server for the reverse domain name of the target server if it is primarily determined that the target server is an authoritative domain name server for the reverse domain name of the target server;
And a third verification module 340, configured to determine whether an unknown domain name exists in the reverse resolution record if it is determined that the target server is not an authoritative domain name server for its own reverse domain name, and if so, determine an authoritative server domain name for the unknown domain name and an IP address set of an authoritative domain name server for the unknown domain name based on the recursive resolution server.
Further, when the first verification module 320 is configured to preliminarily determine whether the target server is an authoritative domain name server for its own reverse domain name based on the first reverse resolution record, the first verification module 320 is specifically configured to:
detecting whether an authoritative response identifier exists in a response message field of the first reverse analysis record;
If the authoritative response identifier exists, the target server is an authoritative response, and the target server is primarily determined to be an authoritative domain name server of the reverse domain name of the target server;
and if the authoritative response identifier does not exist, preliminarily determining that the target server is not an authoritative domain name server of the reverse domain name of the target server.
Further, when the second verification module 330 is configured to further verify, based on the recursion resolution server, whether the target server is an authoritative domain name server for its own reverse domain name, the second verification module 330 is specifically configured to:
Performing domain name reverse resolution request on the target server based on the recursion resolution server, and determining a second reverse resolution record from the recursion resolution server;
And matching the first reverse analysis record with the second reverse analysis record to determine whether the target server is an authoritative domain name server of the reverse domain name of the target server.
Further, when the second verification module 330 is configured to match the first reverse resolution record and the second reverse resolution record to determine whether the target server is an authoritative domain name server for its own reverse domain name, the second verification module 330 is specifically configured to:
Detecting whether the response message field of the first reverse analysis record is consistent with the response message field of the second reverse analysis record;
if yes, determining that the target server is an authoritative domain name server of the self reverse domain name;
If not, determining that the target server is not the authoritative domain name server of the self reverse domain name.
Further, when the third verification module 340 is configured to determine the authoritative server domain name of the unknown domain name based on the recursion resolution server and the IP address set of the authoritative server domain name of the unknown domain name, the third verification module 340 is specifically configured to:
Performing domain name server record inquiry on the unknown domain name based on the recursion resolution server, and determining an authoritative server domain name of the unknown domain name;
and inquiring the domain name IP address of the authoritative server domain name of the unknown domain name based on the recursion resolution server, and determining the IP address set of the authoritative server domain name of the unknown domain name.
Further, as shown in fig. 4, the determining apparatus of the authoritative domain name server further includes a fourth verification module 350, where the fourth verification module 350 is configured to:
Detecting whether the IP address of the target server exists in an IP address set of an authoritative domain name server of the unknown domain name;
if yes, determining that the target server is an authoritative domain name server of the unknown domain name;
if not, determining that the target server is not the authoritative domain name server of the unknown domain name.
The embodiment of the application provides a determining device of an authoritative domain name server, which comprises the following components: the request sending module is used for sending a domain name reverse resolution request to an IP address of a target server and obtaining a first reverse resolution record of the target server responding to the domain name reverse resolution request; the first verification module is used for preliminarily determining whether the target server is an authoritative domain name server of a self reverse domain name based on the first reverse analysis record; the second verification module is used for further verifying whether the target server is an authoritative domain name server of the self reverse domain name based on the recursion resolution server if the target server is primarily determined to be the authoritative domain name server of the self reverse domain name; and the third verification module is used for determining whether an unknown domain name exists in the reverse resolution record if the target server is initially determined not to be the authoritative domain name server of the reverse domain name, and determining the authoritative server domain name of the unknown domain name and the IP address set of the authoritative domain name server of the unknown domain name based on the recursion resolution server if the unknown domain name exists in the reverse resolution record. The authoritative domain name server is determined by utilizing the domain name reverse resolution requests of the recursion resolution server and the target server, so that the accuracy and the reliability of verification of the authoritative domain name server are improved, and the detection range of the authoritative domain name server is enlarged.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the application. As shown in fig. 5, the electronic device 500 includes a processor 510, a memory 520, and a bus 530.
The memory 520 stores machine-readable instructions executable by the processor 510, and when the electronic device 500 is running, the processor 510 communicates with the memory 520 through the bus 530, and when the machine-readable instructions are executed by the processor 510, the steps of the method for determining an authoritative domain name server in the method embodiments shown in fig. 1 and fig. 2 may be executed, and specific implementation may be referred to method embodiments, which are not repeated herein.
The embodiment of the present application further provides a computer readable storage medium, where a computer program is stored, where the computer program when executed by a processor may perform the steps of the method for determining an authoritative domain name server in the method embodiments shown in fig. 1 and fig. 2, and a specific implementation manner may refer to the method embodiment and will not be described herein.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer readable storage medium executable by a processor. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Finally, it should be noted that: the above examples are only specific embodiments of the present application, and are not intended to limit the scope of the present application, but it should be understood by those skilled in the art that the present application is not limited thereto, and that the present application is described in detail with reference to the foregoing examples: any person skilled in the art may modify or easily conceive of the technical solution described in the foregoing embodiments, or perform equivalent substitution of some of the technical features, while remaining within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application. Therefore, the protection scope of the application is subject to the protection scope of the claims.
Claims (10)
1. A method for determining an authoritative domain name server, the method comprising:
sending a domain name reverse resolution request to an IP address of a target server, and obtaining a first reverse resolution record of the target server responding to the domain name reverse resolution request;
preliminarily determining whether the target server is an authoritative domain name server of a self reverse domain name based on the first reverse resolution record;
If the target server is initially determined to be the authoritative domain name server of the self reverse domain name, further verifying whether the target server is the authoritative domain name server of the self reverse domain name based on a recursion resolution server;
If the target server is preliminarily determined not to be an authoritative domain name server of the reverse domain name of the target server, determining whether an unknown domain name exists in the reverse resolution record, and if so, determining the authoritative server domain name of the unknown domain name and the IP address set of the authoritative domain name server of the unknown domain name based on the recursion resolution server.
2. The method according to claim 1, wherein the preliminary determination of whether the target server is an authoritative domain name server for its own reverse domain name based on the first reverse resolution record, comprises:
detecting whether an authoritative response identifier exists in a response message field of the first reverse analysis record;
If the authoritative response identifier exists, the target server is an authoritative response, and the target server is primarily determined to be an authoritative domain name server of the reverse domain name of the target server;
and if the authoritative response identifier does not exist, preliminarily determining that the target server is not an authoritative domain name server of the reverse domain name of the target server.
3. The method according to claim 1, wherein the recursively resolving server further verifies whether the target server is an authoritative domain name server for its own reverse domain name, comprising:
Performing domain name reverse resolution request on the target server based on the recursion resolution server, and determining a second reverse resolution record from the recursion resolution server;
And matching the first reverse analysis record with the second reverse analysis record to determine whether the target server is an authoritative domain name server of the reverse domain name of the target server.
4. The method for determining as recited in claim 3, wherein said matching the first reverse resolution record and the second reverse resolution record to determine whether the target server is an authoritative domain name server for its own reverse domain name comprises:
Detecting whether the response message field of the first reverse analysis record is consistent with the response message field of the second reverse analysis record;
if yes, determining that the target server is an authoritative domain name server of the self reverse domain name;
If not, determining that the target server is not the authoritative domain name server of the self reverse domain name.
5. The method according to claim 1, wherein the determining, based on the recursively resolving server, the authoritative server domain name for the unknown domain name and the set of IP addresses for the authoritative server domain name for the unknown domain name includes:
Performing domain name server record inquiry on the unknown domain name based on the recursion resolution server, and determining an authoritative server domain name of the unknown domain name;
and inquiring the domain name IP address of the authoritative server domain name of the unknown domain name based on the recursion resolution server, and determining the IP address set of the authoritative server domain name of the unknown domain name.
6. The method according to claim 1, wherein after determining whether an unknown domain name exists in the reverse resolution record, if so, determining an authoritative server domain name for the unknown domain name based on the recursive resolution server and an IP address set of an authoritative domain name server for the unknown domain name, the method further comprises:
Detecting whether the IP address of the target server exists in an IP address set of an authoritative domain name server of the unknown domain name;
if yes, determining that the target server is an authoritative domain name server of the unknown domain name;
if not, determining that the target server is not the authoritative domain name server of the unknown domain name.
7. An authoritative domain name server determining device, characterized in that the determining device comprises:
The request sending module is used for sending a domain name reverse resolution request to an IP address of a target server and obtaining a first reverse resolution record of the target server responding to the domain name reverse resolution request;
the first verification module is used for preliminarily determining whether the target server is an authoritative domain name server of a self reverse domain name based on the first reverse analysis record;
The second verification module is used for further verifying whether the target server is an authoritative domain name server of the self reverse domain name based on the recursion resolution server if the target server is primarily determined to be the authoritative domain name server of the self reverse domain name;
and the third verification module is used for determining whether an unknown domain name exists in the reverse resolution record if the target server is initially determined not to be the authoritative domain name server of the reverse domain name, and determining the authoritative server domain name of the unknown domain name and the IP address set of the authoritative domain name server of the unknown domain name based on the recursion resolution server if the unknown domain name exists in the reverse resolution record.
8. The determining apparatus of claim 7, wherein the first verification module, when configured to initially determine whether the target server is an authoritative domain name server for its own reverse domain name based on the first reverse resolution record, is specifically configured to:
detecting whether an authoritative response identifier exists in a response message field of the first reverse analysis record;
If the authoritative response identifier exists, the target server is an authoritative response, and the target server is primarily determined to be an authoritative domain name server of the reverse domain name of the target server;
and if the authoritative response identifier does not exist, preliminarily determining that the target server is not an authoritative domain name server of the reverse domain name of the target server.
9. An electronic device, comprising: a processor, a memory and a bus, said memory storing machine readable instructions executable by said processor, said processor and said memory communicating via said bus when the electronic device is running, said machine readable instructions when executed by said processor performing the steps of the method of determining an authoritative domain name server according to any one of claims 1 to 6.
10. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, performs the steps of the method of determining an authoritative domain name server according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410451609.4A CN118055095B (en) | 2024-04-16 | 2024-04-16 | Authoritative domain name server determination method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410451609.4A CN118055095B (en) | 2024-04-16 | 2024-04-16 | Authoritative domain name server determination method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN118055095A CN118055095A (en) | 2024-05-17 |
| CN118055095B true CN118055095B (en) | 2024-06-07 |
Family
ID=91053930
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410451609.4A Active CN118055095B (en) | 2024-04-16 | 2024-04-16 | Authoritative domain name server determination method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118055095B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104954401A (en) * | 2014-03-27 | 2015-09-30 | 阿里巴巴集团控股有限公司 | Flow scheduling method and apparatus |
| WO2017173766A1 (en) * | 2016-04-08 | 2017-10-12 | 网宿科技股份有限公司 | Domain name parsing acceleration method, system and apparatus |
| CN107980217A (en) * | 2017-07-14 | 2018-05-01 | 深圳前海达闼云端智能科技有限公司 | Method and device for acquiring address of local domain name server and authoritative domain name server |
| CN112866432A (en) * | 2021-01-21 | 2021-05-28 | 清华大学 | Domain name resolution method, system, electronic equipment and storage medium |
| CN116938875A (en) * | 2023-08-03 | 2023-10-24 | 清华大学 | Domain name detection method, domain name resolver, electronic device, and storage medium |
-
2024
- 2024-04-16 CN CN202410451609.4A patent/CN118055095B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104954401A (en) * | 2014-03-27 | 2015-09-30 | 阿里巴巴集团控股有限公司 | Flow scheduling method and apparatus |
| WO2017173766A1 (en) * | 2016-04-08 | 2017-10-12 | 网宿科技股份有限公司 | Domain name parsing acceleration method, system and apparatus |
| CN107980217A (en) * | 2017-07-14 | 2018-05-01 | 深圳前海达闼云端智能科技有限公司 | Method and device for acquiring address of local domain name server and authoritative domain name server |
| CN112866432A (en) * | 2021-01-21 | 2021-05-28 | 清华大学 | Domain name resolution method, system, electronic equipment and storage medium |
| CN116938875A (en) * | 2023-08-03 | 2023-10-24 | 清华大学 | Domain name detection method, domain name resolver, electronic device, and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| DNS技术的应用分析;谭明佳;计算机工程与设计;20040428(第04期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN118055095A (en) | 2024-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10999384B2 (en) | Method and system for identifying website visitors | |
| US9231903B2 (en) | System and method for resolving a DNS request using metadata | |
| US7472201B1 (en) | Method and system for resolving domain name system queries in a multiprotocol communications network | |
| EP2666281B1 (en) | Domain name system server | |
| CN110430188B (en) | Rapid URL filtering method and device | |
| CN106068639A (en) | The Transparent Proxy certification processed by DNS | |
| CN110855636B (en) | DNS hijacking detection method and device | |
| CN113992626A (en) | Method, device and storage medium for realizing DNS | |
| CN111182059B (en) | Query analysis method for domain name cache updating | |
| JP5644710B2 (en) | Node detection apparatus, node detection method, and program | |
| CN109995885B (en) | Domain name space structure presentation method, device, equipment and medium | |
| CN113810518A (en) | Effective sub-domain name recognition method and device and electronic equipment | |
| RU2008121872A (en) | NEAREST NODE FOR CONNECTIONS OF DISTRIBUTED SERVICES | |
| CN118055095B (en) | Authoritative domain name server determination method and device, electronic equipment and storage medium | |
| CN113766046B (en) | Iterative traffic tracking method, DNS server and computer readable storage medium | |
| US11637807B1 (en) | Domain name system analysis on edge network devices | |
| CN114301872B (en) | Domain name based access method and device, electronic equipment and storage medium | |
| CN112422577B (en) | Method, device, server and storage medium for preventing original address spoofing attack | |
| CN110300193B (en) | Method and device for acquiring entity domain name | |
| KR101645222B1 (en) | Advanced domain name system and management method | |
| WO2023040070A1 (en) | Method and apparatus for detecting domain name takeover vulnerability | |
| CN115189901B (en) | Method and device for identifying abnormal request, server and storage medium | |
| CN114051015B (en) | Domain name traffic map construction method, device, equipment and storage medium | |
| CN110875894B (en) | Communication safety protection system and method and message cache node | |
| WO2008048061A1 (en) | Method for processing native language internet address and storage medium for saving program of executing the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |