CN109067936A - A kind of method and device of domain name mapping - Google Patents
A kind of method and device of domain name mapping Download PDFInfo
- Publication number
- CN109067936A CN109067936A CN201811034002.7A CN201811034002A CN109067936A CN 109067936 A CN109067936 A CN 109067936A CN 201811034002 A CN201811034002 A CN 201811034002A CN 109067936 A CN109067936 A CN 109067936A
- Authority
- CN
- China
- Prior art keywords
- domain name
- dns server
- domain
- resolved
- general
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000013507 mapping Methods 0.000 title claims description 41
- 230000004044 response Effects 0.000 claims abstract description 56
- 238000004458 analytical method Methods 0.000 claims description 63
- 230000005540 biological transmission Effects 0.000 claims description 24
- 230000015654 memory Effects 0.000 claims description 11
- 230000007246 mechanism Effects 0.000 claims description 5
- 238000009958 sewing Methods 0.000 claims description 2
- 238000012545 processing Methods 0.000 abstract description 28
- 238000010586 diagram Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 8
- 238000004590 computer program Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明公开了一种域名解析的方法及装置,该方法包括公共DNS服务器获取终端设备发送的域名解析请求消息,判断受到攻击时,向权威DNS服务器发送泛域名解析请求,然后获取权威DNS服务器发送的泛域名响应消息,在查询缓存中有响应域名的泛域名消息时,进行解析响应,并存储待解析域名的泛域名信息。可以实现在受到攻击时能够在本地缓存中获取到泛域名对应的IP地址,降低了向权威DNS服务器查询的次数,减轻了权威DNS服务器的处理负担。
The invention discloses a method and device for domain name resolution. The method comprises the steps of obtaining a domain name resolution request message sent by a terminal device by a public DNS server, and sending a generic domain name resolution request to an authoritative DNS server when it is judged that it is under attack, and then obtaining the domain name resolution request message sent by the authoritative DNS server. When there is a generic domain name message of the corresponding domain name in the query cache, the response message is parsed and the generic domain name information of the domain name to be resolved is stored. It can realize that the IP address corresponding to the generic domain name can be obtained in the local cache when under attack, reducing the number of queries to the authoritative DNS server and reducing the processing burden of the authoritative DNS server.
Description
Technical field
The present embodiments relate to the analytic technique fields domain name system (Domain Name System, DNS), more particularly to
A kind of method and device of domain name mapping.
Background technique
DNS system be on internet as the agreement (Internet Protocol, IP) interconnected between domain name and network
The distributed data base that location mutually maps, is able to use family and more easily accesses internet.DNS is as big absolutely in internet
The addressing system of majority application, importance are self-evident.
Current entire DNS system is that user terminal is asked with regard to designated domain name to public dns server initiation DNS query first
It asks, public DNS judges whether the domain name locally has not out of date caching at it, if there is just directly responding domain name to user terminal
Corresponding IP address is obtaining authority DNS clothes if it is not, needing to initiate inquiry to the corresponding Authoritative DNS server of domain name
It is engaged in after the IP address of device response, then is responded to user terminal, while will be corresponded in the expired time that Authoritative DNS server is specified
The IP address of domain name cache.The purpose of caching is exactly to cope with high-volume user terminal in the short time and be directed to same domain
Name initiates DNS query.
With high-performance transmitting-receiving and the development of caching technology, many dns servers have been able to cope with better big
The scene of concurrency request, but distributed denial of service (Distributed Denial of Service, DDoS) is attacked
Defence be still the weak link of comparison.Ddos attack can be by way of generating random sub-domain to public
Dns server initiates DNS query request, and since each domain name is all different, the caching mechanism of public DNS will not have protection
Effect, each inquiry request will be addressed to Authoritative DNS server and inquire, in this case, public dns server and
Authoritative DNS server will undertake attack bring processing load simultaneously, occupy a large amount of system resource.
Summary of the invention
The embodiment of the present invention provides a kind of method and device of domain name mapping, to realize in dns server by DDoS
The processing load of dns server is reduced when attack.
A kind of method of domain name mapping provided in an embodiment of the present invention, comprising:
Public dns server obtains the domain name mapping request message that terminal device is sent, domain name analysis request message
Including domain name to be resolved;
When the public dns server judges under attack, Extensive domain name analysis request is sent to Authoritative DNS server;
The public dns server obtains the general dns response message that the Authoritative DNS server is sent;
When having the general domain name message of response domain name in the public dns server query caching, resolution response is carried out, and deposit
Store up the general domain-name information of domain name to be resolved.
Public dns server is when determining under attack, by requesting domain name to be resolved corresponding to Authoritative DNS server
General domain-name information, then store the corresponding general domain-name information of the domain name to be resolved, may be implemented can when under attack
The corresponding IP address of general domain name is got in local cache, is reduced the number inquired to Authoritative DNS server, is alleviated power
The processing load of prestige dns server.
Optionally, when the public dns server judges under attack, Extensive domain name analysis is sent to Authoritative DNS server
Request, comprising:
The public server judges by after the domain name of distributed denial of service ddos attack and the domain name to be resolved
When sewing for the domain suffix of the ddos attack, Extensive domain name analysis request is sent to the Authoritative DNS server.
Optionally, the public dns server to the Authoritative DNS server send Extensive domain name analysis request before,
Further include:
When the public dns server determines whether to store the general domain-name information of the domain name to be resolved, if so, according to
The general domain-name information of the domain name to be resolved of storage sends the parsing content of the domain name to be resolved to the terminal device.
Public dns server, can be directly to terminal when determining locally has the general domain-name information for storing domain name to be resolved
Equipment response, without being inquired to Authoritative DNS server, to reduce the processing load of Authoritative DNS server.
Optionally, further includes: the public dns server does not inquire the general domain name message for having response domain name in caching
When, the parsing content of the domain name to be resolved is sent to the terminal device, and store in the parsing of the domain name to be resolved
Hold, the parsing content of the domain name to be resolved, which is the Authoritative DNS server, does not find the domain name to be resolved in determination
It is sent after general domain-name information.
When not including the general domain-name information of domain name to be resolved in the response message that public dns server receives, show to weigh
Also the general domain-name information of the domain name to be resolved is not configured in prestige dns server.
Optionally, the Extensive domain name analysis request is DNS mechanism (the Extension Mechanisms for of extension
DNS, EDNS) request message;
The general dns response message that the Authoritative DNS server is sent is EDNS response message.
Correspondingly, the embodiment of the invention also provides a kind of methods of domain name mapping, comprising:
Authoritative DNS server obtains the Extensive domain name analysis request message that public dns server is sent, the Extensive domain name analysis
Request includes domain name to be resolved;The Extensive domain name analysis request is public dns server transmission when judging under attack
's;
The Authoritative DNS server searches the general domain-name information of the domain name to be resolved according to the domain name to be resolved;
The Authoritative DNS server determine find the general domain-name information of the domain name to be resolved when, to described public
Dns server sends the general dns response message for carrying the general domain-name information of the domain name to be resolved.
Optionally, further includes:
The Authoritative DNS server is not when determination finds the general domain-name information of the domain name to be resolved, to the public affairs
Dns server sends the response message for carrying the parsing content of the domain name to be resolved altogether.
Optionally, the Extensive domain name analysis request is the public dns server by distributed denial of service DDoS
What the domain suffix of attack and the domain name to be resolved was sent when being the domain suffix of the ddos attack.
Correspondingly, the embodiment of the invention also provides a kind of devices of domain name mapping, comprising:
Acquiring unit, for obtaining the domain name mapping request message of terminal device transmission, domain name analysis request message
Including domain name to be resolved;
Transmission unit when for judging under attack, sends Extensive domain name analysis request to Authoritative DNS server;
The acquiring unit is also used to obtain the general dns response message that the Authoritative DNS server is sent;
Processing unit, for have in query caching response domain name general domain name message when, carry out resolution response, and store to
Parse the general domain-name information of domain name.
Optionally, the processing unit is specifically used for:
Judge by ddos attack and the domain suffix of the domain name to be resolved as the ddos attack domain suffix when,
Extensive domain name analysis request is sent to the Authoritative DNS server.
Optionally, the processing unit is also used to:
Before sending Extensive domain name analysis request to the Authoritative DNS server, it is determined whether the storage domain to be resolved
When the general domain-name information of name, if so, controlling the transmission unit according to the general domain-name information of the domain name to be resolved of storage
The parsing content of the domain name to be resolved is sent to the terminal device.
Optionally, the processing unit is also used to:
When not inquiring the general domain name message for having response domain name in caching, the transmission unit is controlled by the domain to be resolved
The parsing content of name is sent to the terminal device, and stores the parsing content of the domain name to be resolved, the domain name to be resolved
Parsing content to be the Authoritative DNS server send after determining the general domain-name information for not finding the domain name to be resolved
's.
Optionally, the Extensive domain name analysis request is EDNS request message;
The general dns response message that the Authoritative DNS server is sent is EDNS response message.
Correspondingly, the embodiment of the invention also provides a kind of devices of domain name mapping, comprising:
Acquiring unit, the Extensive domain name analysis request message sent for obtaining public dns server, the Extensive domain name analysis
Request includes domain name to be resolved;The Extensive domain name analysis request is public dns server transmission when judging under attack
's;
Processing unit, for searching the general domain-name information of the domain name to be resolved according to the domain name to be resolved;
Transmission unit, for the processing unit determine find the general domain-name information of the domain name to be resolved when, to
The public dns server sends the general dns response message for carrying the general domain-name information of the domain name to be resolved.
Optionally, transmission unit is also used to:
When the processing unit determines and do not find the general domain-name information of the domain name to be resolved, to the public DNS
Server sends the general dns response message for carrying the parsing content of the domain name to be resolved.
Optionally, the Extensive domain name analysis request is the public dns server by distributed denial of service DDoS
What the domain suffix of attack and the domain name to be resolved was sent when being the domain suffix of the ddos attack.
Correspondingly, the embodiment of the invention also provides a kind of calculating equipment, comprising:
Memory, for storing program instruction;
Processor executes above-mentioned domain name according to the program of acquisition for calling the program instruction stored in the memory
The method of parsing.
Correspondingly, the embodiment of the invention also provides a kind of computer-readable non-volatile memory medium, including computer
Readable instruction, when computer is read and executes the computer-readable instruction, so that computer executes above-mentioned domain name mapping
Method.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this
For the those of ordinary skill in field, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is a kind of schematic diagram of system architecture provided in an embodiment of the present invention;
Fig. 2 is a kind of flow diagram of the method for domain name mapping provided in an embodiment of the present invention;
Fig. 3 is a kind of flow diagram of the method for domain name mapping provided in an embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of the device of domain name mapping provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of the device of domain name mapping provided in an embodiment of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention make into
It is described in detail to one step, it is clear that described embodiments are only a part of the embodiments of the present invention, rather than whole implementation
Example.Based on the embodiments of the present invention, obtained by those of ordinary skill in the art without making creative efforts
All other embodiment, shall fall within the protection scope of the present invention.
The knot for the system architecture that the method that Fig. 1 illustratively shows domain name mapping provided in an embodiment of the present invention is applicable in
Structure, the system architecture may include terminal device 100, public dns server 200 and Authoritative DNS server 300.Wherein, terminal
Equipment 100 can be communicated by network with public dns server 200, and public dns server 200 can be with Authoritative DNS server
300 communications.
In embodiments of the present invention, which can be the equipment of support region name access, for example, mobile phone, hand
Ring, tablet computer, laptop, Ultra-Mobile PC (Ultra-Mobile Personal Computer,
UMPC), personal digital assistant (Personal Digital Assistant, PDA) equipment, mobile unit, wearable device etc.,
It is not limited solely to communication terminal.
The domain name mapping request that above-mentioned public dns server 200 is sent for receiving terminal apparatus 100, and to the terminal
Equipment 100 feeds back the IP address after corresponding domain name mapping.The public dns server 200 can determine local not stored end
The backward Authoritative DNS server 300 of the corresponding IP address of the domain name that end equipment 100 is requested is inquired.
The public dns server 20 may include attack recognition module, general domain name identification module, general domain-name information transmission mould
Block, general domain-name information cache module, general domain-name information feedback module.Wherein, attack recognition module can be used for identifying whether
It is subjected to attacking, if having occurred and that attack, further determines whether the attack of the domain name for same domain suffix.General domain
Whether name identification module stores general domain-name information for identification.General domain-name information transmission module is used for and Authoritative DNS server
300 are communicated.General domain-name information cache module for cache the general domain-name information received from Authoritative DNS server 300 or
IP address.General domain-name information feedback module is used to feed back corresponding IP address to terminal device 100.
Above-mentioned Authoritative DNS server 300 is used for after receiving public 200 inquiry request of dns server, public to this
Dns server 200 feeds back the IP address after corresponding domain name mapping.
The Authoritative DNS server 300 may include general domain-name information transmission module, general dns query message module and general domain
Name information group packet module.The general domain-name information transmission module with public dns server 200 for being communicated.General domain-name information
The inquiry request that enquiry module is used to be transmitted according to public dns server inquires corresponding content.General domain-name information group packet module
For the general domain-name information inquired write-in EDNS puppet resource record part and DNS record to be formed response message together.
Based on foregoing description, Fig. 2 illustratively shows a kind of process of domain name mapping, and this method can be by domain name mapping
Device execute, this will be described by way of the interaction of terminal device, public dns server and Authoritative DNS server below
The process of domain name mapping.
As shown in Fig. 2, the specific steps of the process comprises:
Step 201, terminal device sends domain name analysis request message.
The domain name mapping request message may include domain name to be resolved.The domain name mapping request message is that terminal device is needing
It is sent when accessing the corresponding IP address of domain name.
Step 202, when public dns server judges under attack, Extensive domain name analysis is sent to Authoritative DNS server and is asked
It asks.
Public dns server can first determine at this time after the domain name mapping request message for receiving terminal device transmission
Whether by ddos attack, if by ddos attack, it is also necessary to determine whether for the ddos attack for same domain suffix, when
When determination is for for the ddos attack of same domain suffix, public dns server is in the domain name for determining above-mentioned domain name to be resolved
When suffix is the domain suffix by ddos attack, Extensive domain name analysis request, the Extensive domain name analysis are sent to Authoritative DNS server
It include the domain name to be resolved that above-mentioned terminal device is sent in request.Public dns server can be by receiving in the unit time
Domain name mapping request message number number determine whether by ddos attack, this method is only example effect,
The embodiment of the present invention is without limitation.
The ddos attack refers to by means of client/server technology, multiple terminal devices is joined together flat as attack
Platform in the form of generating sub-domain at random to one or more target offensive attacks, to increase exponentially Denial of Service attack
Power.When by ddos attack, public dns server needs the moment to send inquiry request to Authoritative DNS server, leads to public affairs
Dns server and Authoritative DNS server require to bear huge processing load altogether.
In order to alleviate this processing load, public dns server sends Extensive domain name analysis to Authoritative DNS server and requests it
Before, can also first determine whether in the general domain-name information that the domain name to be resolved is locally stored, determine it is local it is not stored should be to
When parsing the general domain-name information of domain name, Extensive domain name analysis request is sent to Authoritative DNS server.Otherwise the public DNS clothes
Business device can be sent according to the general domain-name information for the domain name to be resolved being locally stored to terminal device in the parsing of domain name to be resolved
Hold.
For example, the domain name that terminal device needs to access is music.XXX.com, that is, domain name to be resolved is
Music.XXX.com, and public dns server is after receiving analysis request message, after the domain name for finding the domain name to be resolved
Sew XXX.com it is identical as the domain suffix of ddos attack when, public dns server first determines local whether stores
The general domain-name information of music.XXX.com, at this point, general domain-name information may include belong to same domain suffix domain name and its
Common corresponding IP address, general domain name can be expressed as * .XXX.com, and general domain-name information includes * .XXX.com and its direction
IP address.When public dns server determines, and the general domain-name information of the music.XXX.com has been locally stored, public DNS clothes
Business device no longer needs to send Extensive domain name analysis request to Authoritative DNS server, can directly send to terminal device
The corresponding parsing content of music.XXX.com.In embodiments of the present invention, the corresponding parsing content of domain name can be IP address,
Such as 111.111.111.111.When public dns server determines the general domain-name information of the local not stored music.XXX.com
When, public dns server can just send Extensive domain name analysis request to Authoritative DNS server.Include in Extensive domain name analysis request
The domain name music.XXX.com to be resolved.
It should be noted that above-mentioned Extensive domain name analysis request can be EDNS request message, wherein Extensive domain name analysis is requested
Information is stored in the pseudo- resource record of EDNS request message.
Same domain suffix can be XXX.com, XXX.XXX.com, XXX.XXX.XXX.com in embodiments of the present invention
Etc. forms suffix, how many grade be not intended to limit, be only example effect.
Step 203, Authoritative DNS server searches the general domain-name information of domain name to be resolved according to domain name to be resolved.
Authoritative DNS server, can be general according to this after receiving the Extensive domain name analysis request that public dns server is sent
The domain name to be resolved that includes in domain name mapping request searches the general domain-name information of the domain name to be resolved.There are general domains for general domain name
When name configuration, the general domain-name information for the domain name that authoritative DNS can be stored belongs to the domain name of same domain suffix convenient for quick response
Analysis request.
Step 204, Authoritative DNS server determine find the general domain-name information of the domain name to be resolved when, to described
Public dns server sends the general dns response message for carrying the general domain-name information of the domain name to be resolved.
Authoritative DNS server is when finding the general domain-name information of domain name to be resolved, so that it may send out to public dns server
General dns response message is sent, the general domain-name information of domain name to be resolved is carried in the response message.For example, Authoritative DNS server
To the general domain-name information of public dns server feedback music.XXX.com, it may also be said to be * .XXX.com and its direction
IP address.
If Authoritative DNS server does not find the general domain-name information of domain name to be resolved, just need directly to take to public DNS
Business device feedback carries the general dns response message of the parsing content of the domain name to be resolved.It is equivalent to, Authoritative DNS server is to public affairs
Dns server sends the corresponding IP address of single domain name altogether, that is to say, that Authoritative DNS server only needs with feeding back IP at this time
Location.
Step 205, when having the general domain name message of response domain name in public dns server query caching, resolution response is carried out,
And store the general domain-name information of domain name to be resolved.
Public server, can be to the general domain name after the general dns response message for receiving Authoritative DNS server transmission
Response message is cached, and when having the general domain name message of response domain name in public server query caching, carries out parsing the general domain
Name response message, then stores the general domain-name information of domain name to be resolved.After obtaining the general domain-name information of domain name to be resolved, just
The parsing content of domain name to be resolved can be sent to terminal device according to the general domain-name information of domain name to be resolved.For example, general domain name
Information is * .XXX.com and its IP address being directed toward, and the parsing content of the domain name to be resolved is for the * .XXX.com IP being directed toward
Location, it may also be said to be the IP address that music.XXX.com is directed toward.
If public dns server does not inquire the general domain name message for having response domain name in caching, illustrate authoritative DNS service
Device does not configure the corresponding general domain-name information of the domain name to be resolved, in the parsing for directly having fed back the domain name to be resolved
Hold, that is, the corresponding IP address of domain name to be resolved.At this point, public dns server will be in the parsing of the domain name to be resolved
Appearance is stored, and is sent to terminal device.
It should be noted that public dns server is in the general domain-name information or domain name to be resolved for storing domain name to be resolved
When parsing content, the time of storage can empirically be set.The purpose of storage is to cope with high-volume in the short time
The domain name mapping request that terminal device is initiated for the domain name of same domain suffix or same domain name, can reduce public DNS
Server initiates the number of inquiry to Authoritative DNS server, to reduce the processing load of Authoritative DNS server.
The process of the domain name mapping provided in embodiments of the present invention can be compatible with existing DNS system, public DNS service
Device is when initiating the EDNS request with general dns query message to Authoritative DNS server, if Authoritative DNS server supports this to ask
It asks, then the content to the response domain name mapping of public dns server and its corresponding general domain-name information;Otherwise Authoritative DNS server
To public dns server response format mistake or parsing failure news, public DNS is initiated to authoritative DNS without general domain at this time
The DNS request of name information inquiry, Authoritative DNS server can respond in domain name mapping in a usual manner to public dns server
Hold.
Embodiment in order to preferably explain the present invention will describe under specific implement scene to the stream of domain name mapping below
Journey.
As shown in figure 3, the process specifically includes:
Step 301, the domain name mapping request that public dns server receiving terminal apparatus is sent.
Terminal device needs to send domain name analysis request to public dns server, in the request when accessing a certain website
It include the domain name of request analysis.
Step 302, whether public dns server judgement is current by ddos attack, if so, being transferred to step 304, otherwise
It is transferred to step 303.
Step 303, usual manner response.
Public dns server carries out response in a manner of conventional inquiry of the domain name.
Step 304, public dns server judges whether the attack for same domain suffix, if so, being transferred to step
305, otherwise it is transferred to step 306.
Step 305, the domain suffix that public dns server judges the domain suffix of the domain name of request analysis and attacked is
It is no identical, if so, being transferred to step 307, otherwise it is transferred to step 306.
Step 306, using other attack protection counter-measures.
Public dns server is coped with using other attack protection modes.
Step 307, public dns server judges whether there is general domain-name information caching, if so, it is transferred to step 308, it is no
Then, it is transferred to step 309.
The public local general domain-name information whether being stored with the domain name of request analysis of dns server inquiry.
Step 308, public dns server reads the corresponding IP address of general domain name in caching, and responds to terminal device.
In the general domain-name information for the domain name for inquiring the local request analysis for having storage, the general domain name in caching is just read
Then the IP address is sent to terminal device by corresponding IP address.
Step 309, public dns server initiates the DNS query request with general domain name request to Authoritative DNS server.
When public dns server inquires the general domain-name information of the domain name of local not stored request analysis, need to authority
Dns server inquiry, can will request the partial write of general domain-name information into the pseudo- resource record of EDNS, to authority at this time
DNS, which initiates the DNS query with general domain name request, to be requested.
Step 310, Authoritative DNS server judges whether to get general domain-name information, if so, being transferred to step 311, otherwise
It is transferred to step 313.
Can Authoritative DNS server judge oneself get the general domain-name information of the domain name of the request analysis, if can be with
It gets, so that it may respond to public dns server.
Step 311, the general domain-name information that Authoritative DNS server will acquire responds to public dns server.
The general domain-name information that Authoritative DNS server will acquire is written in the pseudo- resource record of EDNS and general domain name pair
The IP address composition response message answered, responds to public dns server.
Step 312, public dns server records general domain-name information in the buffer, and by the corresponding IP address of general domain name
Respond to terminal device.
Public dns server delays general domain-name information after the response message for receiving Authoritative DNS server transmission
It deposits, the corresponding IP address of general domain name is then responded into terminal device.
Step 313, Authoritative DNS server responds the corresponding IP address of single domain name to public dns server.
If Authoritative DNS server does not get the general domain-name information of the domain name of request analysis, at this point, just directly to public
Dns server responds the IP address of the domain name of the request analysis.
Step 314, public dns server by single domain name corresponding IP address record in the buffer, and by the individual domain
The corresponding IP address of name responds to terminal device.
Public dns server, will after receiving the IP address of the domain name of request analysis of Authoritative DNS server response
The IP address is cached, and the IP address is responded to terminal device.
Above-described embodiment shows public dns server when determining by ddos attack, by Authoritative DNS server
Then the general domain-name information for requesting domain name to be resolved stores the general domain-name information of the domain name to be resolved, may be implemented by
General domain name corresponding IP address can be got when ddos attack in local cache, reduces and is inquired to Authoritative DNS server
Number, alleviate the processing load of Authoritative DNS server.
Based on the same technical idea, Fig. 4 illustratively shows a kind of domain name mapping provided in an embodiment of the present invention
The structure of device 40, the device 40 can execute the process of domain name mapping, which can be located in public dns server,
It can be the public dns server.
As shown in figure 4, the device 40 specifically includes:
Acquiring unit 401, for obtaining the domain name mapping request message of terminal device transmission, domain name analysis request disappears
Breath includes domain name to be resolved;
Transmission unit 402 when for judging under attack, sends Extensive domain name analysis request to Authoritative DNS server;
The acquiring unit 401 is also used to obtain the general dns response message that the Authoritative DNS server is sent;
Processing unit 403 carries out resolution response, and deposit when for there is the general domain name message of response domain name in query caching
Store up the general domain-name information of domain name to be resolved.
Optionally, the processing unit 403 is specifically used for:
Judge by ddos attack and the domain suffix of the domain name to be resolved as the ddos attack domain suffix when,
Extensive domain name analysis request is sent to the Authoritative DNS server.
Optionally, the processing unit 403 is also used to:
Before sending Extensive domain name analysis request to the Authoritative DNS server, it is determined whether the storage domain to be resolved
When the general domain-name information of name, if so, controlling the transmission unit according to the general domain-name information of the domain name to be resolved of storage
402 send the parsing content of the domain name to be resolved to the terminal device.
Optionally, the processing unit 403 is also used to:
When not inquiring the general domain name message for having response domain name in caching, the transmission unit 402 is controlled by described wait solve
The parsing content of analysis domain name is sent to the terminal device, and stores the parsing content of the domain name to be resolved, described to be resolved
The parsing content of domain name is the Authoritative DNS server after determination does not find the general domain-name information of the domain name to be resolved
It sends.
Optionally, the Extensive domain name analysis request is the DNS mechanism EDNS request message of extension;
The general dns response message that the Authoritative DNS server is sent is EDNS response message.
Based on the same technical idea, Fig. 5 illustratively shows a kind of domain name mapping provided in an embodiment of the present invention
The structure of device 50, the device 50 can be located in Authoritative DNS server, be also possible to the Authoritative DNS server.
As shown in figure 5, the device 50 specifically includes:
Acquiring unit 501, the Extensive domain name analysis request message sent for obtaining public dns server, the general domain name
Analysis request includes domain name to be resolved;The Extensive domain name analysis request is the public dns server when judging under attack
It sends;
Processing unit 502, for searching the general domain-name information of the domain name to be resolved according to the domain name to be resolved;
Transmission unit 503, for determining the general domain-name information for finding the domain name to be resolved in the processing unit 502
When, the general dns response message for carrying the general domain-name information of the domain name to be resolved is sent to the public dns server.
Optionally, transmission unit 503 is also used to:
When the processing unit 502 determines and do not find the general domain-name information of the domain name to be resolved, to described public
Dns server sends the general dns response message for carrying the parsing content of the domain name to be resolved.
Optionally, the Extensive domain name analysis request is the public dns server by distributed denial of service DDoS
What the domain suffix of attack and the domain name to be resolved was sent when being the domain suffix of the ddos attack.
Based on the same technical idea, the embodiment of the invention also provides a kind of calculating equipment, comprising:
Memory, for storing program instruction;
Processor executes above-mentioned domain name according to the program of acquisition for calling the program instruction stored in the memory
The method of parsing.
Based on the same technical idea, the embodiment of the invention also provides a kind of computer-readable non-volatile memories to be situated between
Matter, including computer-readable instruction, when computer is read and executes the computer-readable instruction, so that computer executes
The method for stating domain name mapping.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (10)
1. a kind of method of domain name mapping characterized by comprising
Common domain name system dns server obtains the domain name mapping request message that terminal device is sent, domain name analysis request
Message includes domain name to be resolved;
When the public dns server judges under attack, Extensive domain name analysis request is sent to Authoritative DNS server;
The public dns server obtains the general dns response message that the Authoritative DNS server is sent;
Have in the public dns server query caching response domain name general domain name message when, carry out resolution response, and store to
Parse the general domain-name information of domain name.
2. the method as described in claim 1, which is characterized in that when the public dns server judges under attack, to authority
Dns server sends Extensive domain name analysis request, comprising:
The public server judges that the domain suffix by distributed denial of service ddos attack and the domain name to be resolved is
When the domain suffix of the ddos attack, Extensive domain name analysis request is sent to the Authoritative DNS server.
3. the method as described in claim 1, which is characterized in that the public dns server is to the Authoritative DNS server
Before transmission Extensive domain name analysis request, further includes:
When the public dns server determines whether to store the general domain-name information of the domain name to be resolved, if so, according to storage
The general domain-name information of the domain name to be resolved the parsing content of the domain name to be resolved is sent to the terminal device.
4. the method as described in claim 1, which is characterized in that further include: the public dns server does not inquire in caching
When having the general domain name message of response domain name, the parsing content of the domain name to be resolved is sent to the terminal device, and store
The parsing content of the domain name to be resolved, the parsing content of the domain name to be resolved are that the Authoritative DNS server is determining not
Find the general domain-name information transmission later of the domain name to be resolved.
5. such as the described in any item methods of Claims 1-4, which is characterized in that the Extensive domain name analysis request is the DNS of extension
Mechanism EDNS request message;
The general dns response message that the Authoritative DNS server is sent is EDNS response message.
6. a kind of method of domain name mapping characterized by comprising
Authoritative domain name system DNS server obtains the Extensive domain name analysis request that public dns server is sent, the Extensive domain name analysis
Request includes domain name to be resolved;The Extensive domain name analysis request is public dns server transmission when judging under attack
's;
The Authoritative DNS server searches the general domain-name information of the domain name to be resolved according to the domain name to be resolved;
The Authoritative DNS server takes when determination finds the general domain-name information of the domain name to be resolved to the public DNS
Business device sends the general dns response message for carrying the general domain-name information of the domain name to be resolved.
7. method as claimed in claim 6, which is characterized in that further include:
The Authoritative DNS server is not when determination finds the general domain-name information of the domain name to be resolved, to the public DNS
Server sends the response message for carrying the parsing content of the domain name to be resolved.
8. method as claimed in claim 6, which is characterized in that the Extensive domain name analysis request is the public dns server
By distributed denial of service ddos attack and after the domain suffix of the domain name to be resolved is the domain name of the ddos attack
It is sent when sewing.
9. a kind of calculating equipment characterized by comprising
Memory, for storing program instruction;
Processor requires 1 to 8 according to the program execution benefit of acquisition for calling the program instruction stored in the memory
Described in any item methods.
10. a kind of computer-readable non-volatile memory medium, which is characterized in that including computer-readable instruction, work as computer
When reading and executing the computer-readable instruction, so that computer executes method as claimed in any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811034002.7A CN109067936B (en) | 2018-09-05 | 2018-09-05 | Method and device for domain name resolution |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811034002.7A CN109067936B (en) | 2018-09-05 | 2018-09-05 | Method and device for domain name resolution |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109067936A true CN109067936A (en) | 2018-12-21 |
| CN109067936B CN109067936B (en) | 2021-08-06 |
Family
ID=64759714
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811034002.7A Expired - Fee Related CN109067936B (en) | 2018-09-05 | 2018-09-05 | Method and device for domain name resolution |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109067936B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111092966A (en) * | 2019-12-30 | 2020-05-01 | 中国联合网络通信集团有限公司 | Domain name system, domain name access method and device |
| CN111953802A (en) * | 2020-07-06 | 2020-11-17 | 网宿科技股份有限公司 | A method, system, device and storage medium for resolving domain names |
| CN112929463A (en) * | 2021-01-26 | 2021-06-08 | 网宿科技股份有限公司 | Traffic proxy method, server and system based on DNS (Domain name System) |
| CN113452808A (en) * | 2021-06-29 | 2021-09-28 | 百果园技术(新加坡)有限公司 | Domain name resolution method, device, equipment and storage medium |
| CN113765988A (en) * | 2021-02-26 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Information processing method, device, electronic device and storage medium |
| CN113810518A (en) * | 2021-09-15 | 2021-12-17 | 北京知道未来信息技术有限公司 | Effective sub-domain name recognition method and device and electronic equipment |
| CN114666302A (en) * | 2022-02-25 | 2022-06-24 | 网宿科技股份有限公司 | Domain name resolution method, system, electronic device and storage medium |
| WO2024230502A1 (en) * | 2023-05-09 | 2024-11-14 | 北京有竹居网络技术有限公司 | Domain name resolution method and apparatus for content distribution network, electronic device, and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020087707A1 (en) * | 2000-12-29 | 2002-07-04 | Stewart Daniel B. | Network protocols for distributing functions within a network |
| CN102724129A (en) * | 2012-06-28 | 2012-10-10 | 奇智软件(北京)有限公司 | Device and method for queue scheduling and access controlling of extensive domain names |
| CN102882892A (en) * | 2012-10-26 | 2013-01-16 | 杭州迪普科技有限公司 | Method and device for protecting DNS (Domain Name Server) |
| CN103501358A (en) * | 2013-09-18 | 2014-01-08 | 北京蓝汛通信技术有限责任公司 | Domain name hosting management method and device |
| WO2017196558A1 (en) * | 2016-05-11 | 2017-11-16 | Cisco Technology, Inc. | Short term certificate management during distributed denial of service attacks |
-
2018
- 2018-09-05 CN CN201811034002.7A patent/CN109067936B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020087707A1 (en) * | 2000-12-29 | 2002-07-04 | Stewart Daniel B. | Network protocols for distributing functions within a network |
| CN102724129A (en) * | 2012-06-28 | 2012-10-10 | 奇智软件(北京)有限公司 | Device and method for queue scheduling and access controlling of extensive domain names |
| CN102882892A (en) * | 2012-10-26 | 2013-01-16 | 杭州迪普科技有限公司 | Method and device for protecting DNS (Domain Name Server) |
| CN103501358A (en) * | 2013-09-18 | 2014-01-08 | 北京蓝汛通信技术有限责任公司 | Domain name hosting management method and device |
| WO2017196558A1 (en) * | 2016-05-11 | 2017-11-16 | Cisco Technology, Inc. | Short term certificate management during distributed denial of service attacks |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111092966A (en) * | 2019-12-30 | 2020-05-01 | 中国联合网络通信集团有限公司 | Domain name system, domain name access method and device |
| CN111092966B (en) * | 2019-12-30 | 2022-04-26 | 中国联合网络通信集团有限公司 | Domain name system, domain name access method and device |
| CN111953802A (en) * | 2020-07-06 | 2020-11-17 | 网宿科技股份有限公司 | A method, system, device and storage medium for resolving domain names |
| CN112929463A (en) * | 2021-01-26 | 2021-06-08 | 网宿科技股份有限公司 | Traffic proxy method, server and system based on DNS (Domain name System) |
| CN113765988A (en) * | 2021-02-26 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Information processing method, device, electronic device and storage medium |
| CN113452808A (en) * | 2021-06-29 | 2021-09-28 | 百果园技术(新加坡)有限公司 | Domain name resolution method, device, equipment and storage medium |
| CN113452808B (en) * | 2021-06-29 | 2023-06-23 | 百果园技术(新加坡)有限公司 | Domain name resolution method, device, equipment and storage medium |
| CN113810518A (en) * | 2021-09-15 | 2021-12-17 | 北京知道未来信息技术有限公司 | Effective sub-domain name recognition method and device and electronic equipment |
| CN114666302A (en) * | 2022-02-25 | 2022-06-24 | 网宿科技股份有限公司 | Domain name resolution method, system, electronic device and storage medium |
| WO2024230502A1 (en) * | 2023-05-09 | 2024-11-14 | 北京有竹居网络技术有限公司 | Domain name resolution method and apparatus for content distribution network, electronic device, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109067936B (en) | 2021-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109067936A (en) | A kind of method and device of domain name mapping | |
| US11909639B2 (en) | Request routing based on class | |
| US10523783B2 (en) | Request routing utilizing client location information | |
| US10511567B2 (en) | Network resource identification | |
| US8463915B1 (en) | Method for reducing DNS resolution delay | |
| US9479476B2 (en) | Processing of DNS queries | |
| US9590946B2 (en) | Managing content delivery network service providers | |
| US7925782B2 (en) | Request routing using network computing components | |
| CN109729187B (en) | Proxy communication method, system, device and storage medium | |
| JP2017521929A (en) | Remote information query method and server | |
| JP2002358229A (en) | Cache device and computer program | |
| CN114513554A (en) | Network access method, device, equipment, computer readable storage medium and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210806 |