CN114710560A - Data processing method, system, proxy device, and terminal device - Google Patents

Abstract

The embodiment of the application provides a data processing method, a data processing system, proxy equipment and terminal equipment. Wherein the method comprises the following steps: configuring parameters corresponding to a terminal to realize that domain name resolution requests initiated by the terminal are all directed to a virtual network card of the terminal to be sent out after the terminal accesses a virtual private network; intercepting the domain name resolution request sent by the virtual network card; and sending the domain name resolution request to a corresponding domain name server according to preset corresponding relation information of the parameters and the domain name server address. By adopting the technical scheme provided by the embodiment of the application, the problem that the domain name is wrongly analyzed can be effectively avoided, so that the accuracy of domain name analysis is ensured.

Description

Data processing method, system, proxy device, and terminal device

technical field

The present application relates to the field of computer technology, and in particular, to a data processing method, system, proxy device, and terminal device.

Background technique

Domain name resolution refers to the process of converting a domain name to an IP (Internet Protocol, Internet Protocol) address, which is often completed by a DNS server (ie, a domain name server). VPN (Virtual Private Network, virtual private network) is a private intranet dedicated line virtualized in the public network. After the terminal is connected to the VPN network, when accessing the VPN intranet resources, the virtual network card in the terminal usually sends the DNS request ( Namely, the domain name resolution request) is sent to its configured intranet DNS server, and the intranet DNS server parses the NPV intranet domain name to be resolved into an intranet IP address and feeds it back to the terminal, so that the terminal can access the internal network through the intranet IP address. web resources.

However, due to the limitation of the operating system of some terminals, the network card for sending DNS requests cannot be set, and the priority of the physical network card in the terminal is higher than that of the virtual network card by default. The network card sends it to its configured public network DNS server for resolution, so that the intranet domain name cannot be resolved or is incorrectly resolved to a public network IP address, thus preventing the terminal from correctly accessing intranet resources.

SUMMARY OF THE INVENTION

The present application provides a data processing method, system, proxy device, and terminal device that solve the above problems or at least partially solve the above problems.

In one embodiment of the present application, a data processing method is provided. The method includes:

Configuring the parameters corresponding to the terminal, so that after the terminal accesses the virtual private network, all domain name resolution requests initiated by the terminal are directed to the virtual network card of the terminal for sending;

intercepting the domain name resolution request sent by the virtual network card;

The domain name resolution request is sent to the corresponding domain name server according to the preset correspondence information between the parameter and the domain name server address.

In another embodiment of the present application, a data processing method is also provided. The method includes:

Establish a network connection to the virtual private network;

According to the parameters configured by the proxy device for itself, direct the domain name resolution request initiated by itself to the virtual network card within itself;

The domain name resolution request is sent through the virtual network card, so that the proxy device intercepts the domain name resolution request, and sends the domain name resolution request to the corresponding domain name server.

In yet another embodiment of the present application, a data processing system is also provided. The system includes:

The proxy device is used to configure the parameters corresponding to the terminal, so as to realize that after the terminal device accesses the virtual private network, all the domain name resolution requests initiated by the terminal device are directed to the virtual network card of the terminal device for sending; the domain name resolution request sent by the virtual network card; according to the preset correspondence information between the parameter and the domain name server address, send the domain name resolution request to the corresponding domain name server;

The terminal device is used to establish a network connection with the virtual private network; according to the parameters configured by the proxy device for itself, the domain name resolution request initiated by itself is directed to the virtual network card within itself for sending.

In yet another embodiment of the present application, a proxy device is also provided. The proxy device includes: a memory and a processor, wherein the memory is used for storing one or more computer programs; the processor is coupled with the memory and is used for executing the one or more stored in the memory. A plurality of computer programs are used to implement the steps in the data processing method provided by the first embodiment of the present application.

In yet another embodiment of the present application, a terminal device is also provided. The terminal device includes: a memory and a processor, wherein the memory is used for storing one or more computer programs; the processor is coupled with the memory and is used for executing the one or more computer programs stored in the memory A plurality of computer programs are used to implement the steps in the data processing method provided by the second embodiment of the present application.

In the technical solutions provided by the embodiments of this application, the proxy device can configure the parameters corresponding to the terminal, so that after the terminal accesses the virtual private network, the domain name resolution requests initiated by the terminal are directed to the virtual network card of the terminal for sending; further, the proxy device It can intercept the domain name resolution request sent by the virtual network card of the terminal, and send the domain name resolution request to the corresponding domain name server for resolution according to the correspondence information between the preset parameters and the domain name server address. This solution can effectively avoid the problem that the domain name is erroneously resolved, thereby ensuring the correctness of the domain name resolution, and the whole solution is simple and easy to implement, and has strong compatibility and wide application range.

Description of drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present application. For those of ordinary skill in the art, other drawings can also be obtained based on these drawings without any creative effort.

Fig. 1 is a kind of principle schematic diagram of existing DNS request;

2 is a schematic flowchart of a data processing method provided by an embodiment of the present application;

3 is a schematic schematic diagram of a DNS request provided by an embodiment of the present application;

4a is a schematic diagram of a data message format corresponding to a DNS request and a DNS response provided by an embodiment of the present application;

4b is a schematic diagram of the format of a flag field provided by an embodiment of the application;

5 is a schematic flowchart of a data processing method provided by another embodiment of the present application;

FIG. 6 is a structural block diagram of a data processing apparatus according to an embodiment of the present application;

FIG. 7 is a structural block diagram of a data processing apparatus provided by another embodiment of the present application;

FIG. 8 is a structural block diagram of a proxy device provided by an embodiment of the present application.

Detailed ways

Before introducing the technical solutions provided by the embodiments of the present application, some proper terms involved in the present application will be explained first.

DNS (Domain Name System, Domain Name System) is a distributed database that maps domain names and IP addresses on the Internet. Read the IP string. DNS usually adopts the "client/server" architecture mode. The mapping of domain names to IP addresses is usually stored in the DNS server (domain name server, that is, the server that provides domain name resolution), and the IP address corresponding to the specified domain name is determined through the mapping in the DNS server. The process is the domain name resolution. In the above, the domain name is the name of a computer or computer group on the Internet consisting of a string of words or abbreviations separated by dots, and is used to identify the location of the computer when data is transmitted. Each domain name corresponds to a unique IP address.

DNS protocol is an application layer protocol built on UDP protocol (or TCP protocol), which is mainly responsible for converting domain names into IP addresses that can be recognized by machines. By default, port 53 is used. Once port 53 is blocked, it will cause If the domain name resolution cannot be performed, it will also make it impossible to use the domain name to access the network.

The DNS proxy is used to forward DNS requests (namely, domain name resolution requests) and domain name resolution responses (also called response packets) between DNS clients and DNS servers. For a detailed description of the forwarding function of the DNS proxy, see the related content below. The above DNS client refers to any device that needs to resolve domain names, for example, the DNS client can be a terminal device used by a user, such as a PC (personal computer), a smart phone, a tablet computer, and the like.

VPN (Virtual Private Network, virtual private network) is a remote access technology, which refers to relying on ISP (Internet Service Provider) and other NSP (Network Service Provider) to establish a dedicated data communication network in the public network. In the virtual private network, the connection between any two nodes does not have the end-to-end physical link required by the traditional private network, but is dynamically formed by using the resources of a certain public network. A virtual private network can realize the interconnection between components and resources of different networks, and can use the infrastructure of the Internet or other public Internet networks to create tunnels for users, and provide the same security and functional guarantees as licensure networks.

In order to make those skilled in the art better understand the solutions of the present application, the following will clearly and completely describe the technical solutions in the embodiments of the present application with reference to the accompanying drawings in the embodiments of the present application.

Some of the processes described in the specification, claims, and above-mentioned figures of the present application contain operations that occur in a particular order, and the operations may be performed out of the order in which they are presented herein or in parallel. The sequence numbers of the operations, such as 101, 102, etc., are only used to distinguish different operations, and the sequence numbers themselves do not represent any execution order. Additionally, these flows may include more or fewer operations, and these operations may be performed sequentially or in parallel. It should be noted that the descriptions such as "first" and "second" in this document are used to distinguish different messages, devices, modules, etc., and do not represent a sequence, nor do they limit "first" and "second" are different types. In this application, the term "or/and" is only an association relationship to describe the associated objects, indicating that three relationships can exist, for example: A or/and B, indicating that A can exist alone, and A and B can exist at the same time. There are three cases of B; the character "/" in this application generally indicates that the related objects before and after are an "or" relationship. It should also be noted that the terms "comprising", "comprising" or any other variation thereof are intended to encompass non-exclusive inclusion, such that a commodity or system comprising a list of elements includes not only those elements, but also includes not explicitly listed other elements, or elements inherent to the commodity or system. Without further limitation, an element defined by the phrase "comprising a..." does not preclude the presence of additional identical elements in the article or system that includes the element. In addition, the following embodiments are only a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by those skilled in the art without creative efforts shall fall within the protection scope of this application.

At present, when users access Internet resources through a DNS client, they can directly enter a domain name that is easy to remember (such as www.example.com) through the domain name system, and then the DNS server in the network resolves the domain name to the correct IP address, and then Obtain Internet resources according to the IP address resolved by the DNS server. Specifically, the specific interaction between the DNS client and the DNS server is: the DNS client obtains the IP address corresponding to the domain name by sending a DNS request carrying the domain name to be resolved to the DNS server, and the DNS server receives the DNS request according to the DNS request. After the DNS server finally obtains the IP address corresponding to the domain name requested by the DNS client, the corresponding IP address is put in the DNS response and fed back to the DNS client, so that the DNS client After the client obtains this IP address, it can request network services from this IP address. When the DNS proxy is set, the DNS client does not directly send DNS requests to the DNS server, but uses the DNS proxy as a DNS server, sends DNS requests to the DNS proxy, and obtains it through the interaction between the DNS proxy and the DNS server. the corresponding IP address. After using the DNS proxy, when the address of the DNS server changes, only the configuration on the DNS proxy needs to be changed, and there is no need to change the configuration of each DNS client in the local area network, which simplifies network management.

In the domain name resolution process described above, when the DNS client accesses the VPN network and uses the VPN to access intranet resources, in order to ensure the correct resolution of the domain name, you can usually configure the intranet DNS server for the corresponding virtual network card in the DNS client and set The priority of the virtual network card, so that when the DNS terminal accesses the VPN intranet resources, it first sends the DNS request to the internal network DNS server configured by the virtual network card, and the internal network DNS server will resolve the internal network domain name that needs to be resolved in the DNS request. After the resolution becomes the corresponding intranet IP address, it is fed back to the DNS client. However, as shown in Figure 1, if some DNS clients access the VPN network, due to operating system restrictions and other reasons, the priority setting of the network card is not allowed, and the priority of the physical network card in the DNS client is by default. Higher than the virtual network card, this will cause the domain name that the DNS client needs to resolve, whether it is the VPN intranet domain name or the public network domain name, the physical network card will send the domain name resolution request to its configured public network DNS server for resolution. The public network DNS server generally does not store the mapping relationship between the VPN intranet IP address and the domain name, so it is impossible to resolve the intranet IP address corresponding to the intranet domain name or resolve the intranet domain name to the public network IP address. , resulting in the failure of the VPN intranet domain name resolution, and the DNS client cannot normally access intranet resources. When the existing solution solves the above problems, it mainly modifies the priority of the physical network card of the DNS client through manual changes such as modifying the registry, modifying the hop number of the network card, etc., so as to realize the preferential use of the intranet DNS server for the VPN intranet domain name. DNS requests are resolved. However, the above-mentioned existing solutions have problems such as complex configuration, and in practical applications, there is still a problem that the priority of the physical network card cannot be modified by using the above-mentioned conventional method due to limitations of the operating system and other reasons.

In order to solve the above problems, the present application provides a technical solution for data processing. In the data processing solution provided by this application, the VPN client (that is, the virtual private network client) is used as the DNS proxy, and the DNS server addresses corresponding to the physical network card and the virtual network card in the DNS client are configured as The same fake address, and a route to the virtual network card is set for the fake address, and the route will be added to the routing table of the DNS client when the DNS client accesses the VPN network. Through the above configuration of the DNS client, the DNS client can send a DNS request to a fake address, and according to the route set for the fake address, the DNS request will be processed and sent through the virtual network card. The VPN client can intercept the DNS request sent by the virtual network card, and send the DNS request to the corresponding domain name server for domain name resolution according to the corresponding relationship between the preset fake address and the real domain name server address, so that the domain name in the DNS request can be is correctly parsed.

The following describes in detail the data processing technical solutions provided by the embodiments of the present application.

FIG. 2 shows a schematic flowchart of a data processing method provided by an embodiment of the present application. The data processing method is applied to a proxy device, where the proxy device is a VPN client, and the VPN client may refer to client software that provides VPN access services for users, such as a web client or an APP application. During specific implementation, the VPN client can be built into the terminal, or placed in other external devices and connected to the terminal through their respective wired or wireless methods, or even partially built into the terminal, while other parts are placed in other external devices and connected to the terminal For device connection, this embodiment does not limit the inclusion relationship between the VPN client and the terminal, as long as the purpose of data transmission between the VPN client and the terminal can be achieved. For the introduction to the terminal, please refer to the related content below. As shown in Figure 2, the data processing method includes the following steps:

101. Configure parameters corresponding to the terminal, so that after the terminal accesses the virtual private network, all domain name resolution requests initiated by the terminal are directed to the virtual network card of the terminal for sending;

102. Intercept the domain name resolution request sent by the virtual network card;

103. Send the domain name resolution request to a corresponding domain name server according to the preset correspondence information between the parameter and the domain name server address.

In the above 101, the terminal is the DNS client described above, but different expressions are used in different description scenarios. The terminal can be any device that needs to resolve domain names, and can access the intranet service after it is connected to the virtual private network (ie VPN network); the intranet can be a set local area network, such as an enterprise intranet, a school intranet or Intranet services of government units, etc., intranet services can include domain name resolution services and application services, which are provided by the intranet domain name server and the intranet origin server deployed in the intranet respectively. The above VPN network can be implemented based on, but not limited to, SD-WAN (Software Defined WAN, software-defined wide area network) technology. In specific implementation, the terminal can be any electronic device with a network access function, more specifically any electronic device that can access the VPN network and access intranet resources, for example, the terminal can be but not limited to a smart phone, a tablet computer, a laptop Computers, desktop computers, smart wearable devices (such as smart watches, smart reality glasses), etc.

In this embodiment, in order to simplify network management, when a terminal accesses the VPN network to access intranet resources, the VPN client is used as a proxy to forward data (such as DNS requests and domain name resolution responses) between the terminal and the DNS server. However, considering that in practical applications, if the terminal is connected to the VPN network, the physical network card and virtual network card in the terminal are usually configured with a public network DNS server and an intranet DNS server, respectively, and the public network DNS server stores the public network. The mapping relationship between the IP address and the domain name is only stored in the intranet DNS server. The mapping relationship between the intranet IP address and the domain name is stored in the intranet DNS server. Therefore, in order to ensure that the terminal can access the intranet resources normally, the terminal needs to send a message to the intranet DNS server through the virtual network card. DNS request, in order to correctly resolve the domain name to be resolved to the corresponding intranet IP address by the intranet DNS server. However, based on the above descriptions, if the operating system of the terminal has restrictions, etc., the DNS request sent by the terminal, whether it is for the VPN intranet domain name or the public domain name, is sent by the physical network card to its configuration. Therefore, it is easy to cause the VPN intranet domain name resolution to fail, and the terminal cannot access intranet resources normally. In order to solve the above problem, as shown in FIG. 3 , the VPN client in this embodiment not only has the data forwarding function, but also has the function of configuring the corresponding parameters of the terminal, so as to realize the resolution of the domain name initiated by the terminal after the terminal accesses the VPN network. Requests are directed to the virtual network card of the terminal for issuance. Specifically, the VPN client can configure the domain name server addresses corresponding to the physical network card and virtual network card of the terminal to the same fake address, and set the route corresponding to the fake address to point to the virtual network card, so as to realize all DNS requests sent by the terminal. The destination addresses are all this fake address, and the terminal sends the DNS request through the virtual network card in the routing according to the fake address. The subsequent VPN client can intercept the DNS request sent by the terminal's virtual network card, and send the DNS request to the virtual network card. The request is forwarded to the corresponding DNS server for resolution, so as to ensure that the domain name to be resolved can be correctly resolved. Based on,

That is, in a specific technical solution that can be implemented, the "configure the parameters corresponding to the terminal" in the above 101 may include the following steps:

1011. Configure the domain name server addresses corresponding to the physical network card and the virtual network card in the terminal to be the same false address;

1012. Set a designated route for the fake address; wherein, the designated route is used to direct the domain name resolution request whose destination address is the fake address to the virtual network card;

1013. When the terminal accesses the virtual private network, add the specified route to a routing table of the terminal.

In the above 1011, the same false address configured for the domain name server addresses corresponding to the physical network card and the virtual network card in the terminal can be flexibly set according to the actual situation, as long as the IP address format is ensured. For example, the fake address can be 1.2.3.4. In the process of configuring the fake address, it can be manually triggered by the administrator, or automatically triggered by the VPN client, which is not limited here. For example, in a specific example, after the VPN client is started, it can immediately call the corresponding computer program stored in itself to reconfigure the domain name server addresses corresponding to the physical network card and the virtual network card in the terminal, so as to configure the same false address (eg 1.2.3.4).

In the above 1012 to 1013, after completing the configuration of the domain name server addresses corresponding to the physical network card and the virtual network card of the terminal through the above step 1011, when the terminal accesses network resources, whether it is for the intranet domain name or the public domain name. Send a DNS request, The destination address carried in the DNS request is the fake address. In this case, in order to send DNS requests through the virtual network card, a designated route pointing to the terminal virtual network card can be set for the virtual address, and the terminal's routing table can be modified to add the designated route to the terminal's routing table when the terminal accesses the VPN network. In the routing table, in this way, when the terminal initiates a DNS request carrying a false destination address, it will direct the DNS request to the virtual network card of the terminal according to the specified route corresponding to the virtual address in the routing table. For the specific implementation of setting the designated route to the virtual network card of the terminal for the virtual address, please refer to the existing content.

It should be added here that the DNS request initiated by the terminal may be specifically generated by an application program such as a browser running on the terminal. For the data packet format corresponding to the DNS request (or DNS response), reference may be made to the format shown in FIG. 4a. As shown in Figure 4a, the message is composed of a 12-byte header and 4 variable-length fields; among them, the flag field in the 12 bytes is 16 bits (bit) and is divided into Figure 4b several subfields of . Among the fields shown in Fig. 4b, the QR is a 1-bit field, which defines whether the message is a request or a response. When the QR is 0, it indicates a request, and when it is 1, it indicates a response. For the meanings of other fields in the data format shown in Figure 4a and Figure 4b, reference may be made to the existing content.

It should be added here that after the terminal accesses the VPN network, it does not mean that the terminal can only access resources in the intranet. In some embodiments, the user can set the terminal to enable the terminal connected to the VPN network to access both resources. Intranet resources without affecting access to public network resources, that is to say, when the terminal accesses the VPN network, it can initiate DNS requests for the intranet domain name or public domain name. The embodiment does not limit this. However, after the configuration of the corresponding parameters of the terminal by the VPN client described above, the DNS request initiated by the terminal, whether for the intranet domain name or the public domain name, is directed to the virtual network card of the terminal for processing and sending.

After the DNS request initiated by the terminal is directed to the virtual network card of the terminal, before the virtual network card sends the received DNS request, it will first encapsulate the DNS request to generate a corresponding encapsulated data packet, and then convert the generated The encapsulated data packet is sent to the domain name resolution port (also called the source port) of the terminal for sending. In the above, the encapsulation processing of the DNS request may be implemented based on, but not limited to, the UDP protocol, and the domain name resolution port of the terminal is usually port 53. Based on this, in the above 102, the VPN client can monitor the terminal's virtual network card by monitoring port 53 of the terminal to send a DNS request, and when monitoring the terminal's virtual network card to send a DNS request, the terminal's virtual network card sends a DNS request. The DNS request sent by the network card is intercepted. That is, an achievable technical solution of the above 102 "intercepting the domain name resolution request sent by the virtual network card" is:

1021. Monitor the domain name resolution port of the terminal to determine whether the virtual network card sends a domain name resolution request according to the monitoring result;

1022. When it is determined that the virtual network card sends a domain name resolution request, intercept the domain name resolution request sent by the virtual network card.

In specific implementation, the domain name resolution port of the terminal is monitored according to the same virtual address and the port number corresponding to the domain name resolution port configured for the physical network card and the virtual network card of the terminal, so as to realize the DNS sent by the virtual network card of the terminal. Request to be intercepted. For example, following the example above, suppose the virtual address is 1.2.3.4 and the domain name resolution port is port 53, then the VPN client can intercept the DNS request sent by the virtual network card of the terminal through "1.2.3.4:53". It should be noted that: since the virtual network card sends out the DNS request after encapsulation processing, for this reason, the DNS request intercepted here is essentially the encapsulated DNS request, which is the above-mentioned encapsulated data packet; encapsulation The data packet contains but is not limited to source port (such as port 53), protocol version (such as UDP protocol), source address (ie terminal address), destination address (ie false address), etc. The specific data format of the encapsulated data packet Reference can be made to the existing content, and details are not repeated here.

Referring to FIG. 3, in order to ensure that the VPN client can forward the intercepted DNS request to the corresponding domain name server for correct resolution, in the technical solution provided by this embodiment, the VPN client is preset with parameters and domain name servers The corresponding relationship information of the address (which is the real domain name server address), specifically, the corresponding relationship information between the virtual address and the domain name server address is preset. After the VPN client intercepts the DNS request sent by the virtual network card of the terminal, based on its own The preset correspondence information can forward the DNS request to the corresponding DNS server for domain name resolution. In the above, the correspondence information includes the correspondence between the virtual address and the address of at least one domain name server and also includes the priority of at least one domain name server, and the VPN client can determine and the virtual address according to the correspondence in the correspondence information On the basis of the corresponding at least one domain name server address, and further according to the priority of the at least one domain name server address, select one domain name server address from the at least one domain name server as the target domain name server address, so as to send the intercepted DNS request to the domain name server corresponding to the target domain name server address for resolution. That is, the correspondence information in the above 103 includes the correspondence between the virtual address and the address of the at least one domain name server, and the priority of the at least one domain name server. , send the domain name resolution request to the corresponding domain name server", which may specifically include:

1031. Based on the corresponding relationship, determine at least one domain name server address corresponding to the virtual address;

1032. According to the priority, select one domain name server address from the at least one domain name server address as the target domain name server address;

1033. Send the domain name resolution request to a domain name server corresponding to the target domain name server address.

During the specific implementation, it can be seen from the above content related to step 101 that through the configuration of the corresponding parameters of the terminal by the VPN client, the DNS request initiated by the terminal, whether it is for an intranet domain name or a public domain name, is directed to the terminal. It is processed and sent by the virtual network card, which means that the DNS request intercepted by the VPN client may be a DNS request for an intranet domain name or a DNS request for a public network domain name. DNS requests can be correctly parsed, and at least one domain name server address corresponding to the set virtual address must be able to resolve all types of DNS requests. Generally, in addition to storing the mapping relationship between the intranet IP address and the domain name as described above, the intranet DNS server also stores most of the mapping relationship between the public network IP address and the domain name. Based on this, in some embodiments , the domain name server type corresponding to at least one domain name server address in the preset correspondence information in the VPN client may all be intranet DNS servers. Certainly, in some other embodiments, the domain name server type corresponding to at least one domain name server address may be part of the intranet DNS server and part of the public network DNS server. This embodiment does not specifically limit the domain name server type corresponding to the at least one domain name server address, as long as it can be ensured that the domain name server corresponding to the at least one domain name server address can correctly resolve the DNS request of the type described by the terminal. However, considering that when the terminal accesses the VPN network, the terminal mostly accesses intranet resources. Therefore, the domain name server type corresponding to the above at least one domain name server address includes both the intranet DNS server and the public network DNS server. In this case, the priority of the domain name server address corresponding to the intranet DNS server can be higher than the domain name server address corresponding to the public network DNS server.

In the process of selecting one domain name server address from the at least one domain name server address as the target domain name server address according to the priority of the at least one domain name server address, one domain name server address with the highest priority may be used as the target first. Domain name server address. That is to say, the above 1032 "according to the priority, select a domain name server address from the at least one domain name server address as the target domain name server address" can be implemented by the following steps:

10321. According to the priority, select a domain name server address with the highest priority from the at least one domain name server address as the target domain name server address.

After the target domain name server address is determined, as shown in Figure 3, the VPN client can also forward the intercepted DNS request to the domain name server corresponding to the target server address for resolution. While forwarding, the VPN client can also record the source port corresponding to the DNS request (ie, port 53), so that after receiving the DNS response fed back by the domain name server, it can send the DNS response to the source port of the DNS request cached by the terminal. Thus, the DNS response is fed back to the terminal through the source port, so that the terminal can access corresponding network resources based on the IP address carried in the DNS response.

After forwarding the DNS request to the domain name server corresponding to the target domain name server address, if the domain name server stores the mapping relationship between the corresponding domain name and the IP address, the corresponding DNS response will generally be quickly fed back to the VPN client; Conversely, if the mapping relationship between the corresponding domain name and IP address is not stored, the VPN client cannot receive the corresponding DNS response even after a long wait, and this will also reduce the rate at which the terminal accesses network resources. In order to avoid the above-mentioned useless waiting of the VPN client, which reduces the rate at which the terminal accesses network resources, in this embodiment, a set time is set. If the VPN client detects that it has not received the target domain name server within the set time In response to the DNS response fed back by the domain name server corresponding to the address, a new domain name server address will be selected from the at least one domain name server address as the target server address according to the priority of the at least one domain name server address, and the DNS request will be re-selected. Forward to the domain name server corresponding to the newly selected domain name server address for resolution. That is, in the technical solution provided by this embodiment, the above 103 may further include the following steps:

1034. Detect whether the domain name resolution response fed back by the domain name server corresponding to the target domain name server address is received within the set time;

1035. If the domain name resolution response is not received, return to execute the step of selecting a domain name server address from the at least one domain name server address as the target domain name server address according to the priority; if the domain name server address is received A resolution response is sent, the domain name resolution response is sent to the terminal.

During specific implementation, the above-mentioned setting time may be flexibly set according to the actual situation, for example, the setting time may be 1 second, 3 seconds, 4 seconds, etc., which is not limited here. If the corresponding DNS response is not received within the set time, according to the priority of the at least one domain name resolution server address, one of the at least one domain name resolution server addresses can be prioritized only lower than the last selected domain name The domain name server address of the server address is used as the new target domain name resolution server address, and the DNS request is forwarded to the domain name server corresponding to the new target domain name server address for resolution. On the other hand, if a responsive DNS response is received within the set time, the DNS response is forwarded to the terminal. For the specific implementation of forwarding the DNS response to the terminal, please refer to the above related content.

Combined with the described content related to the above 103, take an example, assuming that domain name server address 1, domain name server address 2, domain name server address 3 and domain name server address 1, these four domain name server addresses and virtual addresses (such as 1.2.3.4 ) have a corresponding relationship. For the convenience of description, the above-mentioned four domain name server addresses are referred to as address 1, address 2, address 3 and address 4, respectively, and the priorities of address 1, address 2, address 3 and address 4 gradually decrease in sequence. According to the priority of address 1, address 2, address 3 and address 4, the VPN client will first forward the intercepted DNS request to the domain name resolution server corresponding to address 1 with the highest priority for resolution. If the corresponding DNS response is not received, the DNS request will be re-forwarded to the domain name resolution server corresponding to address 2 whose priority is only lower than address 1 for resolution, and so on until the corresponding DNS response is received.

The technical content provided in the above embodiment can be summarized as the interaction process of the terminal, the VPN client and the DNS server as shown in FIG. 3 . That is, in this embodiment, the VPN client can configure parameters corresponding to the terminal while acting as a DNS proxy, so that all DNS requests initiated by the terminal are processed and sent through the virtual network card of the terminal; the VPN client can intercept the virtual network card of the terminal. The DNS request sent by the network card, and when forwarding the intercepted DNS request, it can also determine the priority order of forwarding the DNS request to the corresponding DNS server. By using the above technical means, this solution can effectively avoid the problem that the domain name is incorrectly resolved.

To sum up, in the technical solution provided by this embodiment, after the terminal accesses the virtual private network, by configuring the parameters corresponding to the terminal, all domain name resolution requests initiated by the terminal are directed to the virtual network card of the terminal for sending; further, the The domain name resolution request sent by the virtual network card of the terminal can be intercepted, and the domain name resolution request can be sent to the corresponding domain name server according to the correspondence information between the preset parameters and the domain name server address. By adopting this scheme, the problem that the domain name is erroneously resolved can be effectively avoided, thereby ensuring the correctness of the domain name resolution, and the whole scheme is simple and easy to implement. In addition, this solution also has strong compatibility and wide application range, and can support most platforms. Specifically, the supported platforms include but are not limited to Windows, MacOS, Linux, iOS, Android, and the like.

Another embodiment of the present application also provides a data processing method. The data processing method is a schematic flowchart shown in FIG. 5 , and the execution subject of the method is a terminal device (that is, the DNS client described above). During specific implementation, the terminal device can be any electronic device with a network access function, more specifically, any electronic device that can access the VPN network and access intranet resources. Laptops, desktop computers, smart wearable devices (such as smart watches, smart reality glasses), etc. For the specific introduction of the terminal device, please refer to the above related content. As shown in FIG. 5 , the data processing method provided by this embodiment includes the following steps:

201. Establish a network connection with the virtual private network;

202. Direct the domain name resolution request initiated by itself to a virtual network card within itself according to the parameters configured by the proxy device for itself;

203. Send the domain name resolution request through the virtual network card, so that the proxy device intercepts the domain name resolution request, and sends the domain name resolution request according to the preset correspondence information between the parameter and the domain name server address. sent to the appropriate domain name server.

In the above 201, the specific method for the terminal device to establish the network connection with the virtual private (VPN) can be referred to the existing content, which will not be described in detail here.

In the above 202, the proxy device is a virtual private network client (ie, a VPN client). For the specific introduction of the VPN client, please refer to the above related content. In addition, for the specific implementation of the above 202 to 203, reference may also be made to the above related content, which will not be described in detail here.

Further, an achievable technical solution for "sending the domain name resolution request through the virtual network card" in 203 above is:

2031. Send the domain name resolution request after encapsulating the domain name resolution request through the virtual network card.

For the specific implementation of the above 2031, please refer to the above related content.

An embodiment of the present application further provides a data processing system. The structure of the data processing system is as shown in FIG. 3 . Specifically, the data processing system includes: an agent device 200 and a terminal device 100; wherein,

The proxy device 200 is configured to configure parameters corresponding to the terminal, so that after the terminal device accesses the virtual private network, all domain name resolution requests initiated by the terminal device are directed to the virtual network card of the terminal device for sending; the domain name resolution request sent by the virtual network card; sending the domain name resolution request to the corresponding domain name server according to the preset correspondence information between the parameter and the domain name server address;

The terminal device 100 is used for establishing a network connection with the virtual private network; according to the parameters configured for itself by the proxy device, the domain name resolution request initiated by itself is directed to a virtual network card within itself for sending.

The above proxy device is a virtual private network client (that is, a VPN client)

It should be noted here that the data processing system provided by the above embodiments can implement the technical solutions described in the above method embodiments, and the specific implementation principles of the above modules or units can refer to the corresponding content in the above corresponding method embodiments, here No longer.

FIG. 6 shows a schematic structural diagram of a data processing apparatus provided by an embodiment of the present application. As shown in FIG. 6 , the apparatus includes: a configuration module 31 , an interception module 32 and a transmission module 33 . in,

The configuration module 31 is configured to configure parameters corresponding to the terminal, so that after the terminal accesses the virtual private network, all domain name resolution requests initiated by the terminal are directed to the virtual network card of the terminal for sending;

An interception module 32, configured to intercept the domain name resolution request sent by the virtual network card;

The sending module 33 is configured to send the domain name resolution request to the corresponding domain name server according to the preset correspondence information between the parameter and the domain name server address.

Further, when the configuration module 31 is used to configure the parameters corresponding to the terminal, it is specifically used to: configure the domain name server addresses corresponding to the physical network card and the virtual network card in the terminal as the same fake address; route; wherein the specified route is used to direct the domain name resolution request whose destination address is the fake address to the virtual network card; when the terminal accesses the virtual private network, the specified route is added to the terminal routing table.

Further, the above-mentioned correspondence information includes the correspondence between the false address and at least one domain name server address, and the priority of the at least one domain name server address; accordingly, the above-mentioned sending module 33 is used to preset the parameter according to the The correspondence information with the domain name resolution server address, when the domain name resolution request is sent to the corresponding domain name server, is specifically used for: determining at least one domain name server address corresponding to the virtual address based on the correspondence; According to the priority, one domain name server address is selected from the at least one domain name server address as the target domain name server address; the domain name resolution request is sent to the domain name server corresponding to the target domain name server address.

Further, when the above-mentioned sending module 33 is used to select a domain name server address from the at least one domain name server address as the target domain name server address according to the priority, it is specifically used for: according to the priority, from From the at least one domain name server address, one domain name server address with the highest priority is selected as the target domain name server address.

Further, the device provided in this embodiment further includes:

a detection module, configured to detect whether the domain name resolution response fed back by the domain name server corresponding to the target domain name server address is received within a set time;

Execute the sending module, for if the domain name resolution response is not received, then return to execute the step of selecting a domain name server address from the at least one domain name server address as the target domain name server address according to the priority; When the domain name resolution response is received, the domain name resolution response is sent to the terminal.

Further, before sending the domain name resolution request, the virtual network card of the terminal will encapsulate the domain name resolution request.

It should be noted here that the data processing apparatus provided in the above embodiments can implement the technical solutions described in the data processing method embodiments shown in FIG. 2 , and the specific implementation principles of the above modules or units can be referred to in the above-mentioned FIG. 2 . Corresponding content in the embodiments of the data processing method will not be repeated here.

FIG. 7 shows a schematic structural diagram of a data processing apparatus provided by another embodiment of the present application. As shown in FIG. 7 , the apparatus includes: a establishing module 41 , an orientation module 42 and a sending module 43 . in,

establishing module 41 for establishing a network connection with the virtual private network;

Orientation module 42, configured to direct the domain name resolution request initiated by itself to the virtual network card within itself according to the parameters configured for itself by the proxy device;

The sending module 43 is configured to send the domain name resolution request through the virtual network card, so that the proxy device intercepts the domain name resolution request, and according to the preset correspondence information between the parameters and the domain name server address, sends the The above domain name resolution request is sent to the corresponding domain name server.

Further, when the sending module 43 is configured to send the domain name resolution request through the virtual network card, it is specifically configured to send the domain name resolution request after encapsulation processing through the virtual network card.

Further, the above-mentioned proxy device is a virtual private network client.

It should be noted here that the data processing apparatus provided by the above embodiments can implement the technical solutions described in the data processing method embodiments shown in FIG. Corresponding content in the embodiments of the data processing method will not be repeated here.

FIG. 8 shows a schematic structural diagram of a proxy device provided by an embodiment of the present application. The proxy device includes a memory 51 and a processor 52 . Wherein, the memory 51 is used to store one or more computer instructions, and the processor 52, coupled with the memory 51, is used for one or more computer instructions (such as computer instructions for implementing data storage logic) to use for implementing the steps in the data processing method embodiment shown in FIG. 2 above.

The above-mentioned memory 51 may be implemented by any type of volatile or non-volatile memory device or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read only memory (EEPROM), erasable Programmable Read Only Memory (EPROM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Magnetic Memory, Flash Memory, Magnetic or Optical Disk.

Further, as shown in FIG. 8 , the proxy device further includes: a communication component 53 , a power supply component 54 , and an audio component 55 and other components. Only some components are schematically shown in FIG. 8 , which does not mean that the proxy device only includes the components shown in FIG. 8 .

Another embodiment of the present application further provides a terminal device, and the structure of the terminal device is similar to the schematic structural diagram of the proxy device shown in FIG. 8 . Specifically, the terminal device includes a memory and a processor. Wherein, the memory is used for storing one or more computer instructions; the processor, coupled with the memory, is used for executing the at least one or more computer instructions (such as computer instructions for implementing data storage logic), to Steps or functions in the data processing method shown in FIG. 5 are implemented. It should be noted that, in addition to the components shown in FIG. 5 , the terminal device also includes components such as physical network cards, virtual network cards, etc., which are not shown in FIG. 5 .

Still another embodiment of the present application provides a computer program product (not shown in the accompanying drawings in the description). The computer program product includes a computer program or instructions, which, when executed by a processor, cause the processor to implement the steps in the roaming processing methods provided in the foregoing embodiments.

Correspondingly, the embodiments of the present application further provide a computer-readable storage medium storing a computer program, and when the computer program is executed by a computer, the steps or functions of the roaming processing methods provided by the above embodiments can be implemented.

From the description of the above embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on this understanding, the above-mentioned technical solutions can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products can be stored in computer-readable storage media, such as ROM/RAM, magnetic A disc, an optical disc, etc., includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the methods described in various embodiments or some parts of the embodiments.

Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present application, but not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still be The technical solutions described in the foregoing embodiments are modified, or some technical features thereof are equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions in the embodiments of the present application.

Claims (13)

1. a data processing method, is characterized in that, comprises: Configuring the parameters corresponding to the terminal, so that after the terminal accesses the virtual private network, all domain name resolution requests initiated by the terminal are directed to the virtual network card of the terminal for sending; intercepting the domain name resolution request sent by the virtual network card; The domain name resolution request is sent to the corresponding domain name server according to the preset correspondence information between the parameter and the domain name server address. 2. The method according to claim 1, wherein the parameter corresponding to the configuration terminal comprises: Configuring the domain name server addresses corresponding to the physical network card and the virtual network card in the terminal to be the same false address; Setting a designated route for the fake address; wherein, the designated route is used to direct the domain name resolution request whose destination address is the fake address to the virtual network card; When the terminal accesses the virtual private network, the specified route is added to the routing table of the terminal. 3. The method according to claim 2, wherein the correspondence information comprises the correspondence between the fake address and at least one domain name server address, and the priority of the at least one domain name server address; And, sending the domain name resolution request to the corresponding domain name server according to the preset correspondence information between the parameter and the domain name resolution server address, including: Based on the corresponding relationship, determining at least one domain name server address corresponding to the virtual address; According to the priority, select one domain name server address from the at least one domain name server address as the target domain name server address; Send the domain name resolution request to a domain name server corresponding to the target domain name server address. 4. The method according to claim 3, wherein, according to the priority, selecting a domain name server address from the at least one domain name server address as the target domain name server address, comprising: According to the priority, a domain name server address with the highest priority is selected from the at least one domain name server address as the target domain name server address. 5. The method of claim 3, further comprising: Detecting whether the domain name resolution response fed back by the domain name server corresponding to the target domain name server address is received within the set time; If the domain name resolution response is not received, the step of selecting a domain name server address from the at least one domain name server address as the target domain name server address according to the priority is returned; if the domain name resolution response is received , the domain name resolution response is sent to the terminal. 6 . The method according to claim 1 , wherein, before sending the domain name resolution request, the virtual network card of the terminal performs encapsulation processing on the domain name resolution request. 7 . 7. A data processing method, comprising: establish a network connection to the virtual private network; According to the parameters configured by the proxy device for itself, direct the domain name resolution request initiated by itself to the virtual network card within itself; The domain name resolution request is sent through the virtual network card, so that the proxy device intercepts the domain name resolution request, and sends the domain name resolution request to The corresponding domain name server. 8. The method according to claim 7, wherein sending the domain name resolution request through the virtual network card comprises: The domain name resolution request is encapsulated and sent through the virtual network card. 9. The method according to claim 7, wherein the proxy device is a virtual private network client. 10. A data processing system, comprising: The proxy device is used to configure the parameters corresponding to the terminal, so as to realize that after the terminal device accesses the virtual private network, all the domain name resolution requests initiated by the terminal device are directed to the virtual network card of the terminal device for sending; the domain name resolution request sent by the virtual network card; according to the preset correspondence information between the parameter and the domain name server address, send the domain name resolution request to the corresponding domain name server; The terminal device is used for establishing a network connection with the virtual private network; according to the parameters configured by the proxy device for itself, the domain name resolution request initiated by itself is directed to the virtual network card within itself for sending. 11. The system according to claim 10, wherein the proxy device is a virtual private network client. 12. An agent device, comprising: a memory and a processor, wherein, the memory for storing one or more computer programs; The processor, coupled to the memory, executes the one or more computer programs stored in the memory for implementing the steps in the method of any one of claims 1 to 6 above. 13. A terminal device, comprising: a virtual network card, a memory and a processor, wherein, the memory for storing one or more computer programs; The processor, coupled to the memory, executes the one or more computer programs stored in the memory for implementing the steps in the method of any of the preceding claims 7 to 9.

Images