EP4078931A1 - Procede de resolution d'identifiants de nommage - Google Patents
Procede de resolution d'identifiants de nommageInfo
- Publication number
- EP4078931A1 EP4078931A1 EP20845197.1A EP20845197A EP4078931A1 EP 4078931 A1 EP4078931 A1 EP 4078931A1 EP 20845197 A EP20845197 A EP 20845197A EP 4078931 A1 EP4078931 A1 EP 4078931A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- equipment
- naming
- naming identifier
- server
- resolution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims description 60
- 238000004891 communication Methods 0.000 claims abstract description 44
- 238000013475 authorization Methods 0.000 claims abstract description 42
- 230000005540 biological transmission Effects 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 4
- 230000001627 detrimental effect Effects 0.000 abstract description 2
- 238000012545 processing Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 7
- 238000004364 calculation method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 5
- 239000000470 constituent Substances 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 230000001052 transient effect Effects 0.000 description 3
- 238000004377 microelectronic Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/69—Types of network addresses using geographic information, e.g. room number
Definitions
- TITLE Method for resolving naming identifiers
- the field of the invention is that of the resolution of naming identifiers such as domain names. More specifically, the invention relates to the selection of servers associated with naming identifiers to be resolved as a function of constraints relating to the protection of privacy expressed by a user of a device requiring the resolution of a naming identifier.
- Such naming identifiers are, for example, domain names.
- the [Fig. IA] represents a first scenario for resolving naming identifiers.
- a device 10 sends a request for resolution of FQDN naming identifiers (in English fully qualified domain name) to a resolver of naming identifiers 11 managed by an Internet service provider ISP (in English Internet Service Provider) to from which a user of the equipment 10 has subscribed to a service offer.
- the resolver 11 regularly exchanges messages with at least one authoritative server 12 associated with a naming identifier.
- the authoritative server 12 determines from a network address of the identifier of a sub-network in which the equipment 10 is located or from a network address of the resolver 11 the servers 13 most suitable to serve the resource in a zone of the network managed by the resolver 11.
- a network address is for example an IP (Internet Protocol) address of the IPv4 or IPv6 type.
- the resolver 11 thus obtains from the authoritative server 12 IP addresses associated with servers 13 associated with a naming identifier to be resolved, these servers 13 storing data relating to the implementation of a service required by the equipment 10 such as data relating to a web page or data relating to downloadable content, etc.
- the resolver 11 transmits at least one of the IP addresses associated with the servers 13 to the device 10.
- the device 10 then establishes a connection with the device. corresponding server 13 and can access data relating to the implementation of the required service.
- the servers 13 associated with a naming identifier to be resolved are either known to the authoritative server 12 as being topologically close to the equipment 10 as described for example on the Wikipedia page referenced https://en.wikipedia.org / wiki / Geolocation software), or known to the authoritative server 12 as being managed by the internet service provider ISP from which a user of the equipment 10 has subscribed to a service offer, thus favoring in particular the performance of the service.
- the [Fig. IB] represents a second scenario for resolving naming identifiers, the elements common to FIG. IA are numbered identically.
- the equipment 10 sends, in an encrypted connection, a request for resolution of naming identifiers ERQDN intended for a resolver of public naming identifiers 14 managed by a third company.
- the public resolver 14 On receipt of the request for resolution of encrypted naming identifiers EFQDN (External FQDN), the public resolver 14 sends a message comprising an identifier of a sub-network in which the equipment 10 is located to the associated authoritative server 12 with a naming identifier.
- the public resolver 14 thus obtains from the authoritative server 12 IP (Internet Protocol) addresses associated with servers 13 associated with the naming identifier to be resolved, these servers 13 storing data relating to the implementation of a service. required by the equipment 10 such as data relating to a web page or data relating to downloadable content, etc. Once in possession of the IP (Internet Protocol) addresses associated with the servers 13, the public resolver 14 transmits at least one of the IP addresses associated with the servers 13 to the equipment 10. The equipment 10 then establishes a connection with the corresponding server 13 and can access the data relating to the implementation of the required service.
- IP Internet Protocol
- the authoritative server 12 having knowledge of the location of the device 10, it provides the device 10 with IP addresses relating to servers 13 associated with a naming identifier to be resolved which are either topologically close or managed by the Internet service provider ISP from which a user of the equipment 10 has subscribed to a service offer, also favoring the performance of the service.
- the [Fig. IC] represents a third scenario of resolution of naming identifiers, the elements common to figure IA and to figure IB are numbered identically.
- the device 10 sends an EFQDN encrypted naming identifier resolution request to a public naming identifier resolver 14 managed by a third-party company.
- the public resolver 14 On receipt of the request for resolution of EFQDN encrypted naming identifiers, the public resolver 14 sends a message to the authoritative server 12 associated with a naming identifier.
- the public resolver 14 then obtains from the authoritative server 12 IP (Internet Protocol) addresses associated with servers 15 associated with the naming identifier to be resolved, these servers 15 storing data relating to the implementation of a service.
- IP Internet Protocol
- Such servers 15 are located in a separate third-party network which is not managed by the Internet service provider ISP with which a user of the equipment 10 has subscribed to a service offer.
- the public resolver 14 transmits at least one of the IP addresses associated with the servers 15 to the equipment 10.
- the equipment 10 then establishes a connection with the corresponding server 15 and can access the data relating to the implementation of the required service.
- respect for the privacy of the user of the equipment 10 is privileged since the location of the equipment is never shared.
- the invention meets this need by providing a method for resolving at least one naming identifier, said method being implemented by a naming identifier resolver and comprising the following steps:
- the latter further comprises:
- the resolver transmits either a network address of a server associated with the naming identifier to be resolved requiring information. location of the equipment, thus favoring performance, ie a network address of a server associated with the naming identifier to be resolved that does not require information on the location of the equipment, thus favoring respect for privacy.
- the resolver can also transmit the IP addresses of the two servers associated with the naming identifier to be resolved to the user equipment.
- a user of a device can choose, when browsing the Internet, to favor respect for his private life or the performance of the service consulted.
- the resolver when the resolver has the authorization information for sharing said location parameter of said device, the resolver transmits said at least one network address of the device. one of the two servers at the equipment requesting the resolution of said naming identifier.
- the sharing authorization information of the location parameter of the equipment is a sharing authorization.
- the resolver transmits the network address of a server associated with the naming identifier to be resolved requiring information from location of the equipment.
- the server thus selected is most often located in the same subnet as the equipment, which offers short response or transfer times.
- Such a configuration is particularly advantageous when the service consulted is for example a continuous or streaming content service in English.
- the sharing authorization information of the location parameter of the equipment is a sharing prohibition.
- the resolver transmits the network address of a server associated with the naming identifier to be resolved, requiring no no equipment location information.
- the resolver when the resolver does not have the authorization information for sharing said location parameter of said device, the resolver transmits said at least one network address of the first server and said at least one network address of the second server to the equipment requiring the resolution of said naming identifier.
- the resolver transmits both the network address of a server associated with the naming identifier to be resolved requiring equipment location information and the network address of a server associated with the naming identifier to be resolved not requiring any item of equipment location information.
- the resolver thus delegates the selection of the server with which to establish communication to the equipment.
- the method for resolving at least one naming identifier comprises a step of receiving a message comprising the authorization information for sharing said device location parameter, said device. message being sent by the equipment.
- the device thus transmits information for sharing the location parameter of the device explicitly to the resolver.
- the message comprising the authorization information for sharing said device location parameter is the request for resolution of the naming identifier sent by the device. 'equipment.
- the item of equipment location parameter sharing information being included in the naming identifier resolution request, it is only valid for this naming identifier resolution request.
- the message comprising the authorization information for sharing said device location parameter is a request message for the establishment of a session. communication between the device and the naming identifier resolver sent by the device.
- the information for sharing the location parameter of the device being included in the message for establishing a communication session between the device and the resolver, the information for sharing the location parameter of the device being included in the message for establishing a communication session between the device and the resolver.
- the equipment is applied to all the naming identifier resolution requests sent by the equipment during the communication session.
- the latter comprises, prior to the reception step, a step of transmitting at least one message requiring the transmission of at least one network address a first server and at least one network address of a second server both associated with the same naming identifier, the first server requesting a location parameter of a device requiring resolution of the naming identifier, and the second server requiring no location parameter of said equipment.
- the latter transmits a request to obtain this information.
- This request can be, for example, transmitted to an authoritative server associated with the naming identifier to be resolved.
- the invention also relates to a method for requesting the resolution of at least one naming identifier, said method being implemented by an item of equipment and comprising at least:
- the message comprising the authorization information for sharing said device location parameter is a request for resolution of the naming identifier.
- the message comprising the sharing authorization information of said device location parameter is a request message for establishment of a communication session between the device and the naming identifier resolver.
- Another object of the invention is a method of communication between an authoritative server and a naming identifier resolver, said method being implemented by the authoritative server and comprising at least:
- the invention also relates to a naming identifier resolver comprising means for:
- Another object of the invention is a device requiring a resolution of at least one naming identifier, said device comprising means for:
- the subject of the invention is also an authoritative server capable of communicating with at least one naming identifier resolver, said authoritative server comprising means for:
- the invention finally relates to computer program products comprising program code instructions for implementing the methods as described above, when they are executed by a processor.
- the invention also relates to a recording medium readable by a computer on which are recorded computer programs comprising program code instructions for the execution of the steps of the methods according to the invention as described above.
- Such a recording medium can be any entity or device capable of storing the programs.
- the medium may comprise a storage means, such as a ROM, for example a CD ROM or a microelectronic circuit ROM, or else a magnetic recording means, for example a USB key or a hard disk.
- such a recording medium can be a transmissible medium such as an electrical or optical signal, which can be conveyed via an electrical or optical cable, by radio or by other means, so that the programs computer it contains can be executed remotely.
- the programs according to the invention can in particular be downloaded over a network, for example the Internet.
- the recording medium can be an integrated circuit in which the programs are incorporated, the circuit being adapted to execute or to be used in the execution of the aforementioned methods of the invention.
- FIG. IA this figure represents a first scenario for resolving naming identifiers
- FIG. IB this figure represents a second scenario for resolving naming identifiers
- FIG. IC this figure represents a third scenario for resolving naming identifiers
- FIG. 2 this figure represents a diagram of exchanges between different communication equipments involved in a first mode of implementation of the methods of resolution of at least one naming identifier, of request for resolution of at least one naming identifier and communication between an authoritative server and a naming identifier resolver,
- FIG. 3 this figure represents a diagram of exchanges between different communication equipments involved in a second mode of implementation of the methods of resolution of at least one naming identifier, of request for resolution of at least one naming identifier and communication between an authoritative server and a naming identifier resolver,
- FIG. 4 this figure represents a diagram of exchanges between different communication equipments involved in a third mode of implementation of the methods of resolution of at least one naming identifier, of request for resolution of at least one naming identifier and communication between an authoritative server and a naming identifier resolver,
- FIG. 5 this figure shows equipment 10 according to one embodiment of the invention.
- Such a device 10 is able to implement the various embodiments of the method for requesting the resolution of a naming identifier, s
- FIG. 6 this figure represents a resolver 11 capable of implementing the various embodiments of the method for resolving naming identifiers
- fig. 7 this figure represents an authoritative server 12 able to implement the various embodiments of the communication method.
- the general principle of the invention is based on the one hand on the provision, to a naming identifier resolver, of authorization information for sharing a parameter relating to a device requiring a resolution of '' a naming identifier and on the other hand on the transmission, to the resolver of naming identifiers by authoritative servers, of IP addresses associated with servers associated with the naming identifier to be resolved, some servers requiring a device location parameter requiring a naming identifier resolution, and other servers not requiring any device location parameter.
- FIG. 2 a diagram of exchanges between different communication equipments involved in a first mode of implementation of the methods of resolution of at least one naming identifier, of request for resolution of at least one naming identifier and of communication between a authoritative server and a naming identifier resolver.
- an item of equipment 10 sends a request message for the establishment of a communication session HS to a naming identifier resolver 11.
- communication is for example a message of the DoH HTTPS handshake type (DoH meaning DNS over HTTPS) specified in the document RFC8484 (Request for Comment) published by the IETF (Internet Engineering Task Force).
- the device 10 sends, in a step E2, a request for resolution of the FQDN naming identifier to the resolver 11 for the log naming identifier .Fr.
- This FQDN naming identifier resolution request is for example a message of the DoH query type also specified in the IETF document RFC8484.
- a field, HTTP DNS_RELAY_CONSENT, of the message for establishing a DoH HTTPS handshake communication session is used to transport authorization information for sharing a parameter relating to the equipment 10.
- a such a parameter relating to the equipment is for example a location parameter of the equipment 10.
- such a parameter relating to the equipment 10 is for example information relating to the nature of the equipment 10 , such as user terminal, resolver, etc.
- the parameter relating to the equipment 10 can also be information on the computing power of the equipment 10.
- the parameter relating to the equipment 10 is a location parameter.
- Such information is either a sharing authorization in which case the HTTP DNS_RELAY_CONSENT field includes TRUE information, or a sharing refusal in which case the HTTP DNS_RELAY_CONSENT field includes FALSE information.
- the sharing information of the location parameter of the device 10 being included in the message for establishing a communication session between the device 10 and the resolver 11 the sharing information of the device location parameter is applied to all the naming identifier resolution requests sent by the device 10 during the communication session.
- the field, HTTP DNS_RELAY_CONSENT, of RQDN naming identifier resolution request is used to transport the authorization information for sharing a location parameter of the device 10.
- Such information is either a sharing authorization in which case the HTTP DNS_RELAY_CONSENT field includes TRUE information, or a sharing refusal in which case the HTTP DNS_RELAY_CONSENT field includes FALSE information.
- the information for sharing the location parameter of the device 10 being included in the request for resolution of the RQDN naming identifier is not valid. that for this request for resolution of journal.fr naming identifier.
- the resolver 11 On receipt of the RQDN naming identifier resolution request for the journal.fr naming identifier, the resolver 11 issues, in a step E3, a first RQ1 request for resolution of a naming identifier associated with the identifier journal.fr naming.
- the request RQ1 is sent to one or more servers 20 constituting a network of DNS nodes.
- the servers 20 store, in the cache, the IP addresses of servers associated with the same naming identifier, some of these servers requiring a location parameter for the equipment 10, and other servers not requiring any location parameter for the device. equipment 10.
- the servers 20 receive, during a step E0, the IP addresses of servers associated with the same naming identifier, some of these servers requiring a location parameter of the equipment 10, and other servers not requiring any parameters. location of the equipment 10.
- This information is transmitted by authoritative servers 12 associated with naming identifiers.
- the authoritative server 12 associated with the journal.fr naming identifier transmits a first Record 1 message such as, for example, a DNS record ESNI type message comprising an extension called "geo" comprising a parameter relating to a location of an item of equipment 10, intended for a server 20.
- a first Record 1 message such as, for example, a DNS record ESNI type message comprising an extension called "geo" comprising a parameter relating to a location of an item of equipment 10, intended for a server 20.
- An example of such a Record 1 message is given below:
- the 'geo' extension gives the list of content servers which are regionalised: in the example it This is the IP address mask: 10.1.1.0/24.
- the authoritative server 12 associated with the journal.fr naming identifier also transmits a second Record 2 message such as, for example, a DNS record type message comprising a list of IP addresses associated with servers 13, 15 associated with the 'journal.fr naming identifier, intended for a server 20.
- a second Record 2 message such as, for example, a DNS record type message comprising a list of IP addresses associated with servers 13, 15 associated with the 'journal.fr naming identifier, intended for a server 20.
- the server 20 applies the 'geo' extension to the content of the Record 2 message in order to identify on the one hand regionalized servers ⁇ 10.10.1.1, 10.1.1.10 ⁇ and on the other hand a global server ⁇ 10.1.1.11 ⁇ .
- Step E0 is implemented on receipt of a request sent by a server 20 when the latter does not have in its cache memory the information necessary for the resolution of a naming identifier.
- step EO can be implemented throughout the execution of the methods described.
- the query RQ1 sent by the resolver 11 is for example a message of the DNS query ESNI (Domain Name System query Encrypted Server Name Indication) type.
- the server 20 On receipt of this request RQ1, the server 20 sends an IN ESNI message to the resolver 11 in a step E4.
- an example of such an IN ESNI message is: IN ESNI ⁇ ... ⁇ geo: 10.1.1.0/24 ⁇ .
- the resolver 11 has an IP address mask: 10.1.1.0/24.
- a second request RQ2 for the resolution of a naming identifier associated with the journal.fr naming identifier is sent to one or more servers 20 constituting a network of DNS nodes by the resolver 11.
- the request RQ2 sent by the resolver 11 is for example a message of the DNS query journal.fr type.
- the server 20 sends a message IN A to the resolver 11 in a step E6.
- an example of such an IN A message is as follows: IN A 10.10.1.1, 10.1.1.10, 10.1.1.11.
- the resolver 11 has a list of IP addresses associated with servers associated with the journal.fr naming identifier.
- the resolver 11 determines, as a function of the authorization information for sharing a location parameter of the equipment 10 received during step E1 or during step E2 which address network it must transmit to the device 10 in response to the journal.fr naming identifier resolution request.
- the resolver 11 applies the mask 10.1.1.0/24 received during step E4 and identifies the server whose network address 10.10.1.1 does not belong to the mask. This means that this server is located in a remote network and that it is not necessary to have information on the location of the equipment 10 in order to communicate with this server.
- a step E8 the equipment 10 establishes a communication with the server whose network address is 10.10.1.1.
- the resolver 11 applies the mask 10.1.1.0/24 received during of step E4 and identifies the servers whose IP addresses 10.1.1.10, and 10.1.1.11 belong to the mask. This means that these servers are close to the equipment 10 since each IP address mask transmitted by an authoritative server corresponds to a particular subnet.
- the equipment 10 establishes a communication session with one of the servers whose IP addresses are 10.1.1.10, 10.1.1.11.
- a step F1 the equipment 10 sends a first request RQ3 to the resolver 11 for the journal.fr naming identifier.
- the request RQ3 sent by the equipment 10 is for example a message of the DNS type queryjournal.fr.
- the resolver 11 on receipt of the request RQ3, the resolver 11 sends, in a step F2, a second request RQ4 for the resolution of a naming identifier associated with the journal.fr naming identifier.
- the request RQ41 is sent to one or more servers 20 constituting a network of DNS nodes.
- the servers 20 store, in the cache, the IP addresses of servers associated with the same naming identifier, some of these servers requiring a location parameter for the equipment 10, and other servers not requiring any location parameter for the device. equipment 10.
- the servers 20 receive, during a step E0, the IP addresses of servers associated with the same naming identifier, some of these servers requiring a location parameter of the equipment 10, and other servers not requiring any parameters. location of the equipment 10. This information is transmitted by authoritative servers 12 associated with naming identifiers.
- the authoritative server 12 associated with the journal.fr naming identifier transmits a first Record 1 message such as, for example, a DNS record ESNI type message comprising an extension called “anycast”. comprising a parameter relating to a location of the equipment whose network addresses are 10.1.1.10 and 10.1.1.11, intended for a server 20.
- a first Record 1 message such as, for example, a DNS record ESNI type message comprising an extension called “anycast”. comprising a parameter relating to a location of the equipment whose network addresses are 10.1.1.10 and 10.1.1.11, intended for a server 20.
- the parameter relating to a location of a device 10 is an IP address mask: 10.1.1.0/24.
- Anycast is an addressing and routing technique for redirecting data to the "closest” or “most efficient” server among a set of servers using a single address, depending on the routing policy chosen.
- the "anycast” routing technique is usually implemented using the BGP (Boarder Gateway Protocol) protocol which simultaneously announces the same range of IP addresses accessible from several places on a communication network. In this way, the data packets are routed to the "nearest" network node announcing the destination route.
- BGP Boarder Gateway Protocol
- the authoritative server 12 associated with the journal.fr naming identifier also transmits a second Record 2 message such as, for example, a DNS record type message comprising a list of IP addresses associated with servers 13, 15 associated with the 'journal.fr naming identifier, intended for a server 20.
- a second Record 2 message such as, for example, a DNS record type message comprising a list of IP addresses associated with servers 13, 15 associated with the 'journal.fr naming identifier, intended for a server 20.
- An example of such a Record 2 message is given below:
- Step E0 is implemented on receipt of a request sent by a server 20 when the latter does not have in its cache memory the information necessary for the resolution of a naming identifier.
- step EO can be implemented throughout the execution of the methods described.
- the request RQ3 sent by the resolver 11 is for example a message of the DNS query journal.fr type.
- the server 20 On receipt of this request RQ3, the server 20 sends, in a step F3, a message IN A to the resolver 11.
- a third request RQ5 for the resolution of a naming identifier associated with the journal.fr naming identifier is sent to one or more servers 20 constituting a network of DNS nodes by the resolver 11.
- the resolver 11 has an IP address mask: 10.1.1.0/24
- the RQ5 query sent by the resolver 11 is for example a message of the DNS query ESNI (Domain Name System query Encrypted Server Name Indication) type.
- the server 20 sends an IN ESNI message to the resolver 11 in a step F5.
- an example of such an IN ESNI message is: IN ESNI ⁇ ... ⁇ anycast: 10.1.1.0/24 ⁇ .
- the resolver 11 has an IP address mask: 10.1.1.0/24.
- steps F4 and F5 are not implemented.
- the device 10 sends a fourth request RQ6 to the resolver 11 in a step F6.
- the RQ6 request sent by the equipment 10 is for example a message of the DNS query ESNI (Domain Name System query Encrypted Server Name Indication) type associated with the journal.fr naming identifier.
- DNS query ESNI Domain Name System query Encrypted Server Name Indication
- a step F7 the request RQ5 for resolving a naming identifier associated with the journal.fr naming identifier is sent by the resolver 11 to one or more servers 20 constituting a network of DNS nodes.
- the RQ5 query sent by the resolver 11 is for example a message of the DNS query ESNI (Domain Name System query Encrypted Server Name Indication) type.
- the server 20 sends an IN ESNI message to the resolver 11 in a step F8.
- an example of such an IN ESNI message is: IN ESNI ⁇ ... ⁇ anycast: 10.1.1.0/24 ⁇ .
- the resolver 11 has an IP address mask: 10.1.1.0/24.
- the resolver 11 determines, as a function of authorization information for sharing a location parameter of the equipment 10 which address network it must transmit to the device 10 in response to the journal.fr naming identifier resolution request.
- the resolver 11 is for example configured to select IP addresses of the “anycast” type.
- the resolver 11 applies the mask 10.1.1.0/24 received during step F5 and identifies the servers whose network addresses are 10.1.1.10, and 10.1.1.11 belong to the mask. This means that these servers are close in the sense of the authoritative server of the equipment 10 since each IP address mask transmitted by an authoritative server corresponds to a particular subnet.
- a step F10 the resolver 11 transmits a message IN A to the equipment 10.
- An example of such a message IN A is as follows: IN A 10.1.1.10, 10.1.1.11.
- the resolver 11 transmits a message IN A to the equipment 10.
- An example of such a message IN A is as follows: IN A 10.10.1.1, 10.1.1.10, 10.1.1.11 and the following IN ESNI message: IN ESNI ⁇ ... ⁇ anycast: 10.1.1.0/24 ⁇ .
- the equipment 10 determines, in a step F12, as a function of authorization information for sharing a location parameter of the equipment 10, the server with which to establish a communication session.
- the servers whose IP addresses are 10.1.1.10, 10.1.1.11 receive, during a step G0, the IP addresses of servers associated with the same naming identifier, some of these servers requiring a device location parameter 10, and other servers not requiring any location parameters for the equipment 10. This information is transmitted by authoritative servers 12 associated with naming identifiers.
- the authoritative server 12 associated with the journal.fr naming identifier transmits a first Record 1 message such as, for example, a DNS record ESNI type message comprising an extension called "geo" comprising a parameter relating to a location of an item of equipment 10, intended for a server 20.
- a first Record 1 message such as, for example, a DNS record ESNI type message comprising an extension called "geo" comprising a parameter relating to a location of an item of equipment 10, intended for a server 20.
- An example of such a Record 1 message is given below:
- the parameter relating to a location of a device 10 is an IP address mask: 10.1.1.0/24.
- the authoritative server 12 associated with the journal.fr naming identifier also transmits a second Record 2 message such as, for example, a DNS record type message comprising a list of IP addresses associated with servers 13, 15 associated with the 'journal.fr naming identifier, intended for a server whose IP address is 10.1.1.10, or 10.1.1.11.
- a DNS record type message comprising a list of IP addresses associated with servers 13, 15 associated with the 'journal.fr naming identifier, intended for a server whose IP address is 10.1.1.10, or 10.1.1.11.
- An example of such a Record 2 message is given below:
- Step G0 is implemented on receipt of a request sent by a server whose IP address is 10.1.1.10, or 10.1.1.11 when the latter does not have in its cache memory the information necessary for the resolution of d 'a naming identifier.
- step G0 can be implemented throughout the execution of the methods described.
- a device 10 receives an MSG message of DHCP (Dynamic Host Configuration Protocol) RA (Router Advertisement) type sent by a communication device 30 of the Internet service provider IPS to which the user of equipment 10 has subscribed to an offer.
- MSG message comprises information making it possible to select a server associated with a naming identifier with which the equipment 10 can establish a communication session.
- An example of an MSG message is as follows:
- the equipment 10 sends a request message for the establishment of a communication session HS to the naming identifier resolver 11.
- a message for establishing a communication session is for example a DoH HTTPS handshake type message (DoH meaning DNS over HTTPS) specified in the RFC8484 document published by the IETF.
- a field, DoH Hints, of the message for establishing a DoH HTTPS handshake communication session is used to transport selection information from a server associated with a naming identifier to be resolved. Such information is one of the information contained in the MSG message.
- the equipment 10 sends, in a step G3, a request for resolution of the naming identifier FQDN to a public resolver 14 for the identifier. journal.fr naming.
- This FQDN naming identifier resolution request is for example a message of the DoH query type.
- a field, HTTP DNS_RELAY_VIEW, of the RQDN naming identifier resolution request is used to carry the server selection information associated with the naming identifier to be resolved.
- HTTP DNS_RELAY_VIEW 'subnet'.
- the information for sharing the location parameter of the device 10 being included in the request for resolution of the RQDN naming identifier is not valid. only for this request for resolution of the journal.fr naming identifier.
- the public resolver 14 transmits a message IN A comprising the IP addresses of servers associated with the naming identifier to be resolved and being located in the same sub-network as the device 10, to the device 10.
- a message IN A comprising the IP addresses of servers associated with the naming identifier to be resolved and being located in the same sub-network as the device 10, to the device 10.
- An example of such an IN A message is as follows: IN A 10.1.1.10, 10.1.1.11.
- a step G5 the equipment 10 establishes a communication session with one of the servers whose IP addresses are 10.1.1.10, or 10.1.1.11.
- the equipment 10 sends in a step E2, a second request for resolution of the naming identifier FQDN2 intended for the resolver 11 for the orange.fr naming identifier.
- This FQDN2 naming identifier resolution request is for example a message of the DoH query type.
- a field, HTTP DNS_RELAY_VIEW, of the FQDN2 naming identifier resolution request is used to carry the server selection information associated with the naming identifier to be resolved.
- HTTP DNS_RELAY_VIEW "host”.
- the resolver 11 sends an RQ6 query of the DNS query orange.fr type to a server whose network address is 10.1.1.10, or 10.1.1.11.
- the server whose network address is 10.1.1.10, or 10.1.1.11 received during step GO a DNS record orange.fr IN A 192.169.1.1 message sent by a server associated with the orange naming identifier. fr whose network address is 192.169.1.1.
- the server whose IP address is 10.1.1.10, or 10.1.1.11 sends, in a step G8, a message IN A to the resolver 11.
- a step G9 the resolver 11 transmits a message IN A to the equipment 10.
- An example of such a message IN A is as follows: IN A 192.169.1.1.
- the device 10 establishes, in a step G10, a communication session with the server associated with the orange.fr naming identifier whose network address is 192.169.1.1.
- the [fig. 5] shows equipment 10 according to one embodiment of the invention. Such a device 10 is able to implement the different embodiments of the method for requesting resolution of a naming identifier according to FIGS. 2-4.
- An item of equipment 10 may include at least one hardware processor 501, a storage unit 502, an input device 503, a display device 504, an interface 505, and at least one network interface 506 which are connected to each other across. of a bus 507.
- the constituent elements of the equipment 10 can be connected by means of a connection other than a bus.
- the processor 501 controls the operations of the equipment 10.
- the storage unit 502 stores at least one program for implementing the method according to an embodiment of the invention to be executed by the processor 501, and various data, such as parameters used for calculations performed by processor 501, intermediate data from calculations performed by processor 501, and the like.
- the processor 501 can be formed by any known and suitable hardware or software, or by a combination of hardware and software.
- the processor 501 can be formed by dedicated hardware such as a processing circuit, or by a programmable processing unit such as a Central Processing Unit which executes a program stored in a memory of this one.
- the storage unit 502 may be formed by any suitable means capable of storing the program or programs and data in a computer readable manner. Examples of storage unit 502 include computer readable non-transient storage media such as solid-state memory devices, and magnetic, optical, or magneto-optical recording media loaded in a read and write unit. 'writing.
- Input device 503 may be formed by a keyboard, a pointing device such as a mouse for use by a user to enter commands.
- the display device 504 can also be formed by a display module, such as for example a graphical user interface or GUI (for Graphical User Interface).
- Interface 505 provides an interface between equipment 10 and other equipment.
- At least one network interface 506 provides a connection between the equipment 10 and the resolver 11.
- the [fig. 6] represents a resolver 11 capable of implementing the various embodiments of the method for resolving naming identifiers according to FIGS. 2-4.
- a resolver 11 can comprise at least one hardware processor 601, a storage unit 602, an interface 603, and at least one network interface 604 which are connected to each other through a bus 605.
- the constituent elements of the resolver 11 can be connected by means of a connection other than a bus.
- the processor 601 controls the operations of the resolver 11.
- the storage unit 602 stores at least one program for the implementation of the method according to an embodiment to be executed by the processor 601, and various data, such as parameters used. for calculations performed by the processor 601, intermediate data of calculations performed by the processor 601, etc.
- the processor 601 can be formed by any known and suitable hardware or software, or by a combination of hardware and software.
- the processor 601 can be formed by dedicated hardware such as a processing circuit, or by a programmable processing unit such as a Central Processing Unit which executes a program stored in a memory of this one.
- the storage unit 602 may be formed by any suitable means capable of storing the program or programs and data in a computer readable manner. Examples of storage unit 602 include computer readable non-transient storage media such as solid-state memory devices, and magnetic, optical, or magneto-optical recording media loaded in a read and write unit. 'writing.
- Interface 603 provides an interface between resolver 11 and at least the authoritative server
- At least one network interface 604 provides a connection between the resolver 11 and the equipment 10.
- the [fig. 7] represents an authoritative server 12 able to implement the various embodiments of the communication method according to FIGS. 2-4.
- An authoritative server 12 can comprise at least one hardware processor 701, a storage unit 702, an interface 703, and at least one network interface 704 which are connected to each other through a bus 705.
- the constituent elements of the authoritative server 12 can be connected by means of a connection other than a bus.
- the processor 601 controls the operations of the authoritative server 12.
- the storage unit 702 stores at least one program for the implementation of the method according to an embodiment to be executed by the processor 701, and various data, such as parameters. used for calculations performed by processor 701, intermediate data of calculations performed by processor 701, etc.
- Processor 701 may be formed by any known and suitable hardware or software, or by a combination of hardware and software.
- the processor 701 can be formed by dedicated hardware such as a processing circuit, or by a programmable processing unit such as a Central Processing Unit which executes a program stored in a memory of this one.
- Storage unit 702 may be formed by any suitable means capable of storing program or programs and data in a computer readable manner. Examples of storage unit 702 include computer readable non-transient storage media such as solid-state memory devices, and magnetic, optical, or magneto-optical recording media loaded in a read and write unit. 'writing.
- Interface 703 provides an interface between authoritative server 12 and resolver 11.
- At least one network interface 704 provides a connection between authoritative server 12 and other servers associated with naming identifiers.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1915142A FR3105678A1 (fr) | 2019-12-20 | 2019-12-20 | Procédé de résolution d’identifiants de nommage |
PCT/FR2020/052430 WO2021123593A1 (fr) | 2019-12-20 | 2020-12-14 | Procede de resolution d'identifiants de nommage |
Publications (1)
Publication Number | Publication Date |
---|---|
EP4078931A1 true EP4078931A1 (fr) | 2022-10-26 |
Family
ID=70738636
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP20845197.1A Pending EP4078931A1 (fr) | 2019-12-20 | 2020-12-14 | Procede de resolution d'identifiants de nommage |
Country Status (5)
Country | Link |
---|---|
US (1) | US20230044885A1 (fr) |
EP (1) | EP4078931A1 (fr) |
CN (1) | CN115211090B (fr) |
FR (1) | FR3105678A1 (fr) |
WO (1) | WO2021123593A1 (fr) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115297029B (zh) * | 2022-09-30 | 2022-12-06 | 中国信息通信研究院 | 工业互联网标识解析性能的测试方法和装置、设备和介质 |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6839421B2 (en) * | 2001-10-29 | 2005-01-04 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus to carry out resolution of entity identifier in circuit-switched networks by using a domain name system |
US7499998B2 (en) * | 2004-12-01 | 2009-03-03 | Cisco Technology, Inc. | Arrangement in a server for providing dynamic domain name system services for each received request |
CN101834910A (zh) * | 2007-04-04 | 2010-09-15 | 华为技术有限公司 | 域名解析方法及装置 |
US20110078104A1 (en) * | 2009-09-29 | 2011-03-31 | Nokia Corporation | Method and apparatus of constraint verification in distributed information spaces |
US8489637B2 (en) * | 2009-11-19 | 2013-07-16 | International Business Machines Corporation | User-based DNS server access control |
US8819283B2 (en) * | 2010-09-28 | 2014-08-26 | Amazon Technologies, Inc. | Request routing in a networked environment |
US9026782B2 (en) * | 2012-04-24 | 2015-05-05 | Verizon Patent And Licensing Inc. | Token-based entitlement verification for streaming media decryption |
US10205698B1 (en) * | 2012-12-19 | 2019-02-12 | Amazon Technologies, Inc. | Source-dependent address resolution |
WO2014118647A2 (fr) * | 2013-01-09 | 2014-08-07 | Nathanson Martin D | Communications dans des véhicules par l'intermédiaire d'un environnement de véhicule à accès sans fil |
CN104348924A (zh) * | 2013-07-30 | 2015-02-11 | 深圳市腾讯计算机系统有限公司 | 一种域名解析方法、系统及装置 |
US9817841B2 (en) * | 2014-12-22 | 2017-11-14 | Sap Se | Scheduled synchronization |
US10645057B2 (en) * | 2016-06-22 | 2020-05-05 | Cisco Technology, Inc. | Domain name system identification and attribution |
US10182033B1 (en) * | 2016-09-19 | 2019-01-15 | Amazon Technologies, Inc. | Integration of service scaling and service discovery systems |
US10135916B1 (en) * | 2016-09-19 | 2018-11-20 | Amazon Technologies, Inc. | Integration of service scaling and external health checking systems |
US10243919B1 (en) * | 2016-09-28 | 2019-03-26 | Amazon Technologies, Inc. | Rule-based automation of DNS service discovery |
US10616250B2 (en) * | 2016-10-05 | 2020-04-07 | Amazon Technologies, Inc. | Network addresses with encoded DNS-level information |
US10924579B2 (en) * | 2017-08-14 | 2021-02-16 | Level 3 Communications, Llc | System and method for metro mid-tier mapping in a content delivery network |
-
2019
- 2019-12-20 FR FR1915142A patent/FR3105678A1/fr not_active Withdrawn
-
2020
- 2020-12-14 EP EP20845197.1A patent/EP4078931A1/fr active Pending
- 2020-12-14 US US17/786,853 patent/US20230044885A1/en active Pending
- 2020-12-14 WO PCT/FR2020/052430 patent/WO2021123593A1/fr unknown
- 2020-12-14 CN CN202080093963.4A patent/CN115211090B/zh active Active
Non-Patent Citations (1)
Title |
---|
BORTZMEYER AFNIC S DICKINSON SINODUN IT S: "DNS Privacy Considerations; draft-ietf-dprive-rfc7626-bis-03.txt", no. 3, 18 November 2019 (2019-11-18), pages 1 - 28, XP015136521, Retrieved from the Internet <URL:https://tools.ietf.org/html/draft-ietf-dprive-rfc7626-bis-03> [retrieved on 20191118] * |
Also Published As
Publication number | Publication date |
---|---|
CN115211090B (zh) | 2024-06-11 |
CN115211090A (zh) | 2022-10-18 |
US20230044885A1 (en) | 2023-02-09 |
FR3105678A1 (fr) | 2021-06-25 |
WO2021123593A1 (fr) | 2021-06-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
FR2883437A1 (fr) | Dispositif et procede de communication dans un reseau | |
EP2294798B1 (fr) | Procede de routage d'un paquet de donnees dans un reseau et dispositif associe | |
JP2023510272A (ja) | 特定ネットワークデバイス並びに特定ローカルエリアネットワークの接続、コンテンツ発見、データ転送、及び制御方法 | |
FR3064437A1 (fr) | Procede de recommandation d'une pile de communication | |
WO2021015909A1 (fr) | Dispositif de réseau spécial | |
EP3568989A1 (fr) | Procédés et dispositifs de vérification de la validité d'une délégation de diffusion de contenus chiffrés | |
EP4078931A1 (fr) | Procede de resolution d'identifiants de nommage | |
EP3811587A1 (fr) | Procédé de modification de messages par un équipement sur un chemin de communication établi entre deux noeuds | |
JP2013531852A (ja) | トポロジサーバを用いた、通信アーキテクチャにわたって分散されたノードのネットワークに対する秘密または保護されたアクセス | |
EP2446360B1 (fr) | Technique de determination d'une chaine de fonctions elementaires associee a un service | |
FR3023098A1 (fr) | Procede et systeme de traitement d'une demande de resolution d'un nom d'un serveur, emise par une application cliente sur un reseau de communication. | |
FR3080967A1 (fr) | Procede d'envoi d'une information et de reception d'une information pour la gestion de reputation d'une ressource ip | |
EP2918059A1 (fr) | Procédé de transmission d'information de routage | |
EP3149902B1 (fr) | Technique d'obtention d'une politique de routage de requêtes émises par un module logiciel s'exécutant sur un dispositif client | |
WO2023083772A1 (fr) | Procédés de contrôle et de transmission, et entités configurées pour mettre en œuvre ces procédés | |
WO2024083694A1 (fr) | Procédé de traitement d'une requête en résolution d'au moins un identifiant de nommage, dispositif et programme d'ordinateur correspondants | |
EP3526956A1 (fr) | Procédé de négociation d'une qualité de service offerte par une passerelle à des terminaux | |
US11877025B1 (en) | Latency-reduced service-level content delivery network | |
EP2446608B1 (fr) | Technique de contrôle d'accès par une entité cliente à un service | |
EP4128717A1 (fr) | Délégation d'une fonction de résolution d'identifiants de nommage | |
WO2024068722A1 (fr) | Procedes de resolution de nom, de communication, de traitement de messages et serveur, dispositif client et noeud relais correspondants | |
FR3118561A1 (fr) | Procede de configuration d'une interface securisee entre un reseau de transport et un reseau elementaire d'une pluralite de reseaux elementaires federes a travers le reseau de transport ; interface associee | |
WO2024156613A1 (fr) | Procédé de révocation d'un jeton de certification permettant d'authentifier l'établissement d'une connexion entre deux équipements de communication, dispositifs et programmes d'ordinateur correspondants | |
WO2017098171A1 (fr) | Procede de controle de messages de recommandation dans un reseau de communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20220614 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20230705 |
|
RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: ORANGE |