CN119402301A

CN119402301A - Domain name resource transmission method, device, computer equipment and readable storage medium

Info

Publication number: CN119402301A
Application number: CN202510006422.8A
Authority: CN
Inventors: 姬东岑; 冯禹铭; 杨书徒; 张宇; 张伟哲; 张宾; 杨镕玮; 董国忠
Original assignee: Peng Cheng Laboratory
Current assignee: Peng Cheng Laboratory
Priority date: 2025-01-03
Filing date: 2025-01-03
Publication date: 2025-02-07

Abstract

The embodiment of the application provides a domain name resource transmission method, a domain name resource transmission device, computer equipment and a readable storage medium. The method comprises the steps of obtaining domain name resources to be transmitted, dividing the domain name resources to be transmitted into a plurality of file fragments to be transmitted according to domain name types, generating corresponding identification code signatures, packaging each file fragment to be transmitted and the corresponding identification code signature into transmission tasks, respectively determining target transmission channels corresponding to each transmission task from a plurality of transmission channels according to domain name grades corresponding to each transmission task, respectively transmitting the corresponding plurality of transmission tasks to corresponding receiving nodes through the plurality of target transmission channels, sequentially verifying the plurality of identification code signatures in the plurality of transmission tasks according to identification information shared by a sending node, and updating the target domain name resources of corresponding storage areas according to verification results obtained through verification. Therefore, the efficiency and the safety of domain name resource transmission can be improved.

Description

Domain name resource transmission method, device, computer equipment and readable storage medium

Technical Field

The present application relates to the field of internet data transmission technologies, and in particular, to a domain name resource transmission method, a domain name resource transmission device, a computer device, and a readable storage medium.

Background

The Domain name system (Domain NAME SYSTEM, DNS) is a distributed database for mapping Domain names and internet protocol addresses to each other, so that a user can access websites and web services by inputting Domain names convenient to remember, ensuring convenience of operation and communication of the internet.

However, without approval or legal authorization by the domain name owner, the domain name registrar, or any person or organization having access to and control the domain name system may be unaware of the act of revoking, deleting, or modifying the domain name resource. These actions can have serious impact on domain owners, including but not limited to service interruption, equity infringement, and resource loss. Therefore, in order to prevent the above risks, the domain name system participants need to establish a safe and reliable domain name exchange channel, so as to ensure the integrity and security of domain name resource data.

In the related art, when processing multiple transmission tasks, the system only supports serial transmission, i.e., only one task can be processed at a time. However, in the process of transmitting in a serial transmission mode, on one hand, when waiting for the completion of the current task, other parts of the system may be in an idle state, so that system resources cannot be fully utilized, and the domain name resource transmission efficiency is reduced.

Disclosure of Invention

The embodiment of the application mainly aims to provide a domain name resource transmission method, a device, computer equipment and a readable storage medium, which can improve the efficiency and the safety of domain name resource transmission.

To achieve the above object, a first aspect of an embodiment of the present application provides a domain name resource transmission method, applied to a sending node, where the method includes:

Acquiring domain name resources to be transmitted;

Dividing the domain name resource to be transmitted into a plurality of file fragments to be transmitted according to the domain name type, and generating a corresponding identification password signature for each file fragment to be transmitted;

Encapsulating the file fragments to be transmitted and the corresponding identification code signatures into a transmission task;

Determining a target transmission channel corresponding to each transmission task from a plurality of transmission channels according to the domain name grade corresponding to each transmission task, wherein different transmission channels support different transmission protocols, and the encryption grade of the transmission protocol supported by each transmission channel is positively correlated with the corresponding domain name grade;

And respectively transmitting the corresponding multiple transmission tasks to the corresponding receiving nodes through the multiple target transmission channels, so that the receiving nodes sequentially verify the multiple identification password signatures in the multiple transmission tasks according to the identification information shared by the sending nodes, and updating the target domain name resources of the corresponding storage areas according to verification results obtained by verification.

Accordingly, a second aspect of an embodiment of the present application proposes a domain name resource transmission device, applied to a sending node, where the device includes:

The acquisition module is used for acquiring domain name resources to be transmitted;

The generation module is used for dividing the domain name resource to be transmitted into a plurality of file fragments to be transmitted according to the domain name type, and generating a corresponding identification password signature for each file fragment to be transmitted;

The packaging module is used for packaging the file fragments to be transmitted and the corresponding identification code signatures into a transmission task;

The system comprises a determining module, a judging module and a judging module, wherein the determining module is used for respectively determining a target transmission channel corresponding to each transmission task from a plurality of transmission channels according to the domain name grade corresponding to each transmission task, wherein different transmission channels support different transmission protocols, and the encryption grade of the transmission protocol supported by each transmission channel is positively related to the corresponding domain name grade;

And the transmission module is used for respectively transmitting a plurality of corresponding transmission tasks to the corresponding receiving nodes through a plurality of target transmission channels, so that the receiving nodes sequentially verify a plurality of identification password signatures in the plurality of transmission tasks according to the identification information shared by the sending nodes, and update the target domain name resources of the corresponding storage areas according to verification results obtained by verification.

In some embodiments, the domain name resource transmission device further includes an allocation module configured to:

Aiming at each transmission task in each target transmission channel, acquiring a sub-resource allocation index of each transmission task;

Determining a channel resource allocation index of each target transmission channel according to the sum of a plurality of sub-resource allocation indexes corresponding to a plurality of transmission tasks transmitted by each target transmission channel;

determining a total resource allocation index according to the sum of a plurality of channel resource allocation indexes corresponding to a plurality of target transmission channels respectively;

Determining, for each target transmission channel, an allocation resource of each target transmission channel based on a ratio of the corresponding channel resource allocation index to the total resource allocation index;

and allocating the computing resources of each target transmission channel based on the allocated resources.

In some embodiments, the allocation module is further to:

aiming at each transmission task in each target transmission channel, acquiring task weight preset for each transmission task, data volume value and preset retransmission times;

determining the data gain of each transmission task according to the retransmission times and the task weight;

and determining a sub-resource allocation index of each corresponding transmission task according to the task weight, the product of the data volume value and the data gain.

In some embodiments, the allocation module is further to:

After all the allocated transmission tasks are transmitted by any one first transmission channel, determining a first resource allocation amount released by the first transmission channel;

And according to the channel resource allocation index of at least one second transmission channel currently transmitting the transmission task, allocating the first resource allocation amount to the at least one second transmission channel to obtain a target transmission channel with updated resource allocation amount.

In some embodiments, the acquisition module is further configured to:

acquiring full data corresponding to a previous historical transmission moment and initial transmission data corresponding to a current moment;

performing data snapshot on the initial transmission data to obtain a snapshot copy corresponding to the initial transmission data;

dividing the snapshot copy into a plurality of file fragments to be checked according to the domain name type, and performing incremental check on the file fragments to be checked according to the full data to obtain a check result;

And determining domain name resources to be transmitted from the initial transmission data according to the verification result.

In some embodiments, the generating module is further configured to:

Acquiring a random parameter generated randomly;

Generating corresponding system parameters and a master key based on the random parameters through a key generation center, wherein the system parameters are shared parameters of a current sending node among a plurality of transmission nodes, and the master key is stored in the key generation center in an encrypted mode;

Acquiring preset identification information, and generating a corresponding target private key according to the identification information, the system parameters and the master key;

And generating a corresponding identification password signature for each file fragment to be transmitted according to the file fragment to be transmitted, the system parameters and the target private key.

In some embodiments, the packaging module is further configured to:

acquiring the data volume value of each file fragment to be transmitted;

comparing the data volume value with a preset load threshold value to obtain a comparison result;

when the comparison result represents that the data volume value is larger than the load threshold value, dividing the corresponding file to be transmitted into a plurality of file groups to be transmitted according to the alphabetical order of the domain names;

And grouping the files to be transmitted, and packaging the file groups and the identification code signatures into transmission tasks corresponding to the file fragments to be transmitted.

In some embodiments, the determining module is further configured to:

performing domain name grade calibration on each transmission task according to a pre-calibration rule to obtain a plurality of transmission tasks associated with different domain name grades;

And determining a target transmission channel corresponding to each transmission task from a plurality of transmission channels according to the plurality of transmission tasks associated with different domain name grades.

Accordingly, a third aspect of the embodiments of the present application proposes a domain name resource transmission method, applied to a receiving node, where the method includes:

Acquiring a plurality of transmission tasks corresponding to transmission of a sending node through a plurality of target transmission channels;

Sequentially verifying a plurality of identification password signatures in the plurality of transmission tasks according to the identification information shared by the sending nodes, and updating target domain name resources of the corresponding storage areas according to verification results obtained by verification;

The target transmission channel corresponding to each transmission task is respectively determined and obtained from a plurality of transmission channels through the transmitting node according to the domain name grade corresponding to each transmission task, the transmission task is obtained by packaging each file fragment to be transmitted and a corresponding identification code signature through the transmitting node, the identification code signature corresponding to each file fragment to be transmitted is obtained by the transmitting node to obtain domain name resources to be transmitted, and the domain name resources to be transmitted are divided into a plurality of file fragments to be transmitted according to domain name types and then generated;

wherein different transport channels support different transport protocols, and the encryption grade of the transport protocol supported by each transport channel is positively correlated with the corresponding domain name grade.

Accordingly, a fourth aspect of the embodiments of the present application proposes a computer device, where the computer device includes a memory and a processor, where the memory stores a computer program, and where the processor implements the embodiments of the first aspect of the present application or the domain name resource transmission method according to any one of the embodiments of the third aspect of the present application when the processor executes the computer program.

Accordingly, a fifth aspect of the embodiments of the present application proposes a computer readable storage medium, where a computer program is stored, where the computer program implements the embodiments of the first aspect of the present application or the domain name resource transmission method according to any one of the embodiments of the third aspect of the present application when the computer program is executed by a processor.

The method comprises the steps of obtaining domain name resources to be transmitted, dividing the domain name resources to be transmitted into a plurality of file fragments to be transmitted according to domain name types, generating corresponding identification password signatures for the file fragments to be transmitted, packaging the file fragments to be transmitted and the corresponding identification password signatures into transmission tasks, respectively determining target transmission channels corresponding to the transmission tasks from a plurality of transmission channels according to the domain name grades corresponding to the transmission tasks, wherein different transmission channels support different transmission protocols, the encryption grade of the transmission protocol supported by each transmission channel is positively correlated with the corresponding domain name grade, respectively transmitting the corresponding plurality of transmission tasks to corresponding receiving nodes through the plurality of target transmission channels, sequentially verifying the plurality of identification password signatures in the plurality of transmission tasks according to identification information shared by a transmitting node, and updating the target domain name resources of corresponding storage areas according to verification results obtained through verification. In addition, by building a plurality of transmission channels, the difficulty that an attacker hives all the transmission channels and breaks out the full resource records is increased, so that the safety of the system transmission process is greatly improved, and meanwhile, each transmission channel supports transmission protocols with different encryption levels, so that the transmission tasks with high domain name levels can be fully encrypted and protected, and the safety of the system transmission process is further improved. In summary, the application can improve the efficiency and the safety of domain name resource transmission.

Drawings

Fig. 1 is a schematic diagram of a domain name resource transmission system according to an embodiment of the present application;

fig. 2 is a flowchart of a domain name resource transmission method provided in an embodiment of the present application;

fig. 3 is a split exemplary diagram of domain name resources to be transmitted according to an embodiment of the present application;

FIG. 4 is a flowchart of encrypting a file fragment to be transmitted according to an embodiment of the present application;

FIG. 5 is an exemplary diagram of grouping file fragments to be transmitted according to an embodiment of the present application;

FIG. 6 is an exemplary diagram of reallocating released resources provided by an embodiment of the present application;

Fig. 7 is a flowchart of a domain name resource transmission method applied to a receiving node according to an embodiment of the present application;

fig. 8 is a general flow chart of a domain name resource transmission method provided by an embodiment of the present application;

Fig. 9 is a schematic functional block diagram of a domain name resource transmission device according to an embodiment of the present application;

Fig. 10 is a schematic diagram of a hardware structure of a computer device according to an embodiment of the present application.

Detailed Description

The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.

It should be noted that although functional block division is performed in a device diagram and a logic sequence is shown in a flowchart, in some cases, the steps shown or described may be performed in a different order than the block division in the device, or in the flowchart. The terms first, second and the like in the description and in the claims and in the above-described figures, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.

Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of the application only and is not intended to be limiting of the application.

Based on the above, the embodiments of the present application provide a domain name resource transmission method, apparatus, computer device, and readable storage medium, which can improve efficiency and security of domain name resource transmission.

The method, the device, the computer equipment and the readable storage medium for domain name resource transmission provided by the embodiment of the application are specifically described by the following embodiment, and the domain name resource transmission system in the embodiment of the application is described first.

Referring to fig. 1, in some embodiments, a domain name resource transmission system is provided in the present application, which includes a sending node 11, a scheduler 12, and a receiving node 13.

Illustratively, the sending node may be any server or computer device that needs to publish or update domain name resource data, such as a master server of an enterprise headquarters, etc. The sending node may prepare a data file of the domain name resource to be transmitted, and perform necessary preprocessing, such as adding a domain name class label, sorting according to top-level domain information, splitting the file, generating an identification password signature, and the like, and upload the processed file block and the identification password signature thereof to the scheduler for subsequent transmission.

In some embodiments, the scheduler may be a centralized management component that may be installed on a computer device, which may be a server, a data center, or a management node of a cloud platform. The scheduler may start a plurality of transmission channels between the transmitting node and the receiving node, and is responsible for collecting and managing the transmission task of at least one transmitting node, and performing internal grouping of the transmission task according to the received transmission task, and then, distributing the transmission task to the corresponding transmission channel according to the domain name class of the transmission task for transmission. In some embodiments, the scheduler may also be installed inside the transmitting node, specifically determined according to the actual situation.

In addition, the scheduler can also be responsible for detecting the running condition of each transmission channel, dynamically adjusting the allocation of resources and ensuring the high utilization rate of the system.

Further, the receiving node may be a party corresponding to the transmitting node, and roles of the transmitting node and the receiving node may be interchanged. The receiving node may be any server or computer device capable of receiving domain name resource data updates, for example, the receiving node may be a data center having one or more servers. After receiving the file, the receiver verifies the correctness and the integrity of the transmission task through the identification information corresponding to the transmission task, namely, checks the signature to confirm that the file is not tampered, and updates the target domain name resource in the storage area corresponding to the file.

Next, a domain name resource transmission procedure will be described with reference to fig. 1. The sending node may divide the domain name resource 1 to be transmitted with a domain name level of 1 into a file fragment 1-1 to be transmitted (abbreviated as a file in the figure), a file fragment 1-2 to be transmitted, and a file fragment 1-3 to be transmitted, divide the domain name resource 2 to be transmitted with a domain name level of 2 into a file fragment 2-1 to be transmitted, a file fragment 2-2 to be transmitted, divide the domain name resource 3 to be transmitted with a domain name level of 3 into a file fragment 3-1 to be transmitted, and divide the file fragment 3-2 to be transmitted, and upload the file to the scheduler together with the corresponding identification code signature after encapsulating each file to be transmitted into a transmission task (abbreviated as a file in the figure). The scheduler can carry out internal grouping on a larger amount of files to be transmitted, and the files are transmitted to corresponding receiving nodes through a plurality of pre-opened transmission channels with different domain name grades, and after the receiving nodes verify the transmission tasks, the target domain name resources of the corresponding storage areas are updated.

The domain name resource transmission method in the embodiment of the application can be illustrated by the following embodiment.

In the embodiments of the present application, when related processing is required according to user information, user behavior data, user history data, user location information, and other data related to user identity or characteristics, permission or consent of the user is obtained first. Moreover, the collection, use, processing, etc. of such data would comply with relevant laws and regulations. In addition, when the embodiment of the application needs to acquire the sensitive personal information of the user, the independent permission or independent consent of the user is acquired through popup or jump to a confirmation page and the like, and after the independent permission or independent consent of the user is definitely acquired, the necessary relevant data of the user for enabling the embodiment of the application to normally operate is acquired.

In the embodiment of the present application, description will be made from the dimension of the domain name resource transmission device, which may be integrated in a computer apparatus in particular. Referring to fig. 2, fig. 2 is a flowchart illustrating steps of a domain name resource transmission method provided by an embodiment of the present application, where the domain name resource transmission method is applied to a sending node, and in the embodiment of the present application, taking a case that a domain name resource transmission device is specifically integrated on a terminal or a server, when a processor on the terminal or the server executes a program instruction corresponding to the domain name resource transmission method, the specific flow is as follows:

Step 101, obtaining domain name resources to be transmitted.

In some embodiments, to prepare and identify data that needs to be transmitted and updated in the network, domain name resources to be transmitted may be acquired to ensure that the domain name system is able to operate safely, stably, and efficiently.

The domain name resource to be transmitted may be a domain name related data set that is synchronized or updated between a transmitting node (such as a domain name server or a data center) and a receiving node. The domain name resource to be transmitted contains information of the domain name to internet protocol address mapping, so that a user can access websites and network services through the domain name which is easy to memorize.

Illustratively, both the transmitting node and the receiving node may be network nodes.

Further, the domain name resources to be transmitted include, but are not limited to, root zone data, important domain name data, internet protocol address resource records (providing a mapping relationship between domain names and IPv4 addresses or IPv6 addresses), domain name registration information, and other auxiliary resource records.

In some embodiments, a consistent state point may be obtained by snapshot of domain name resource data at the current time. And comparing the snapshot with the full data of the previous historical transmission time, determining changed data, and taking the changed data as domain name resources to be transmitted.

In some embodiments, the whole file corresponding to the changed data may also be transmitted as a domain name resource to be transmitted. Furthermore, the domain name resource to be transmitted may also be a new file or a file designated by a technician, and the embodiment of the present application does not limit a specific manner of acquiring the domain name resource to be transmitted.

Through the mode, interoperability among different systems and devices is guaranteed, synchronization and updating of data among different nodes are facilitated, and meanwhile domain name resources to be transmitted are divided and transmitted conveniently.

In some embodiments, in order to reduce unnecessary data transmission and improve transmission efficiency, snapshot may be performed on the initially transmitted data and incremental verification may be performed to identify the data that has changed since the last transmission, so that only the changed portion is transmitted to reduce bandwidth usage and thereby optimize resource allocation. For example, step 101 may include:

(101.1) acquiring full data corresponding to the previous historical transmission moment and initial transmission data corresponding to the current moment;

(101.2) performing data snapshot on the initial transmission data to obtain a snapshot copy corresponding to the initial transmission data;

(101.3) dividing the snapshot copy into a plurality of file fragments to be checked according to the domain name type, and performing incremental check on the plurality of file fragments to be checked according to the full data to obtain a check result;

And (101.4) determining domain name resources to be transmitted from the initial transmission data according to the verification result.

The full data may be a complete set of all domain name resources at the time of the historical transmission (i.e., when the previous successful transmission was completed), including all known domain names and their associated records, and verified and validated.

The initial transmission data may refer to new version domain name resource data that needs to be transmitted at the current moment, and the initial transmission data may include a domain name that is newly added, modified or deleted and a resource record corresponding to the domain name.

The snapshot copy may be an instant capture of the state of the initially transmitted data at the current moment, and is used for capturing all information in the current state.

The file to be checked may be a snapshot copy divided into a plurality of small parts according to a certain rule (for example, according to a domain name type or other classification standards), and each part is called a "file slice".

The verification result may be a result obtained by comparing the difference between the full data and each of the file fragments to be verified. The verification result can be used for indicating the changed data in the file fragments to be verified, and can provide basis for determining the content which is finally required to be transmitted.

For example, if the sending node a completes the last successful domain name resource data synchronization at 1 st 2024, and by 2 nd 2024, the sending node a has a new domain name resource update and needs to send the new domain name resource update to another data center, then the transmission time of the migration history is the 1 st 2024, and the corresponding domain name resource data is the full data. And 2024, 1-2 days are the current time, and domain name resource data corresponding to the current time is initial transmission data.

Further, in order to ensure that the verification result is not affected by the change of the initial transmission data in the comparison process, the initial transmission data can be copied from the main database or the data storage system to obtain a snapshot copy corresponding to the initial transmission data, so that accurate incremental analysis is performed based on the snapshot copy. For example, the sending node a may snapshot the initial transmission data to obtain a snapshot copy, where the snapshot copy includes 50000 domain names and their related records.

Furthermore, in order to improve the efficiency of comparison and transmission, the snapshot copy can be divided into a plurality of file fragments to be checked for parallel processing. For example, the snapshot copy may be divided into non-coincident segments according to domain name types (i.e. top-level domains with different importance) or other logic classification manners, for example, ", com", net ", org", etc. corresponding to different domain name types, and then the snapshot copy may be segmented according to domain name types of ". Com", net ", org", etc. to obtain multiple file segments to be checked.

Further, the domain name information of each file segment to be checked and the information of the same domain name type in the full data can be compared piece by piece to obtain a checking result, for example, the checking result can determine that 1000 domain names in the file segments are changed in the segment of ". Com", and 500 domain names in the segment of ". Net" are newly added or modified, and other segments are unchanged.

Further, the domain name resource which changes can be determined according to the verification result, and the domain name resource which changes is determined to be the domain name resource to be transmitted. For example, along with the above example, the sending node a may determine that 1000 updated domain names in the ". Com" slices and 500 newly added or modified domain names in the ". Net" slices need to be transmitted as domain name resources to be transmitted, without having to retransmit those slices that have not changed.

By performing incremental verification on the data, domain name resources which change since the last transmission can be identified, unnecessary data transmission is reduced, network load is reduced, and transmission speed and system response capability are improved.

And 102, dividing the domain name resource to be transmitted into a plurality of file fragments to be transmitted according to the domain name type, and generating a corresponding identification password signature for each file fragment to be transmitted.

In some embodiments, in order to ensure the security, accuracy and efficiency of data transmission, domain name resources to be transmitted may be divided into a plurality of file fragments to be transmitted according to domain name types (such as top-level domains), and corresponding identification password signatures generated for each file fragment to be transmitted may be generated, so as to improve the security of transmission while shortening the overall transmission time by implementing parallel processing.

The Domain name type may be a part of a Domain name structure, for example, top-Level Domain (TLD) type, that is, the rightmost part of each Domain name in the Domain name resource to be transmitted, which provides important classification information of the Domain name to which the Domain name belongs.

The file to be transmitted may be a segment of dividing the whole domain name resource to be transmitted into a plurality of small parts according to a specific rule (such as domain name type, domain name class, etc.). The file fragments to be transferred may contain a set of related domain names and their resource records (e.g., a/AAAA, NS, etc.), and each file fragment to be transferred may be processed and transferred independently.

The identification code signature can be a digital signature generated by an Identity-based cryptography (Identity-Based Cryptography, IBC) identification code technology, and each file fragment to be transmitted corresponds to a unique identification code signature so as to ensure the integrity and the authenticity of the source. Or the identification cryptographic signature may be a digital signature generated based on a public key infrastructure.

Referring to fig. 3, for example, a sending node may divide domain name resources to be transmitted according to domain name type (or other logical classification criteria) of the domain name. For example, all domain names ending with ". Ac", ". Bid", ". Cn" are divided into the same file fragment to be transmitted, all domain names ending with ". Edu", ". Gov" are divided into the same file fragment to be transmitted, all domain names ending with ". Net" are divided into the same file fragment to be transmitted, and so on. By dividing the domain name resource to be transmitted into a plurality of file fragments to be transmitted, the file fragments to be transmitted with different domain name grades can be allowed to be transmitted through different transmission channels, and the transmission efficiency and the transmission safety are improved.

Further, when the domain name resources to be transmitted are divided according to the domain name types, it is detected that the number of domain names in the file fragments to be transmitted is excessive and exceeds a number threshold, for example, more than 200 domain names, then the current file fragments to be transmitted can be further divided until the number of domain names contained in each last file fragment to be transmitted does not exceed the number threshold.

In some embodiments, identity-based cryptography (Identity-Based Cryptography, IBC) identification cryptography may be used to generate an identification cryptographic signature corresponding to each file fragment to be transmitted, so as to simplify the key management and distribution process and promote usability of the system.

In some embodiments, an identification cryptographic signature corresponding to each file fragment to be transmitted may also be generated based on the public key infrastructure. For example, the sending node may apply for a pair of asymmetric keys, namely a public key and a private key, from a certificate authority and obtain a corresponding digital certificate that binds the identity information of the sending node with the public key. For each file fragment to be transmitted, the sending node can sign the file fragment to be transmitted by using its own private key, and the signing process can include calculating a message digest of the file fragment to be transmitted by using a hash function, and encrypting the message digest by using the private key to form an identification password signature of each file fragment to be transmitted.

By dividing the domain name resource to be transmitted into a plurality of file fragments to be transmitted according to the domain name type and generating a corresponding identification password signature for each file fragment to be transmitted, efficient, safe and accurate data transmission is realized.

In some embodiments, in order to improve the security and efficiency of data transmission and simplify the key management flow, the identification password signature corresponding to each file fragment to be transmitted may be generated by using IBC identification password technology, so that public keys may not need to be distributed in advance, and the complexity of key management may be reduced while ensuring the uniqueness of the identification password signature. In step 102, "generating a corresponding identification cryptographic signature for each file fragment to be transmitted", includes:

(102.1) obtaining a randomly generated random parameter;

(102.2) generating corresponding system parameters and a master key based on random parameters through a key generation center, wherein the system parameters are shared parameters of a current sending node among a plurality of transmission nodes, and the master key is encrypted and stored in the key generation center;

(102.3) acquiring preset identification information, and generating a corresponding target private key according to the identification information, the system parameters and the master key;

And (102.4) generating a corresponding identification password signature for each file fragment to be transmitted according to each file fragment to be transmitted, the system parameters and the target private key.

Wherein the random parameter may be a unique and unpredictable value or string generated for each transmitting node. The random parameters are used for ensuring that each time the secret key is generated, the security and the attack resistance of the system are ensured.

The key generating center (Key Generation Center, KGC) may be a trusted third party entity, and is responsible for generating and managing encryption parameters of the system, the target private key, and the like.

The system parameter may be a mathematical parameter of the transmitting node that is disclosed to all other communication nodes, and all the nodes participating in the communication share the transmitting node system parameter, for example, the transmitting node and the receiving node share the system parameter.

The master key may be a core key that is generated by the key generation center and that is tightly kept secret. The master key is the basis for generating the target private key of the transmitting node.

The identification information may be a unique identifier of the sending node, such as an email address, a user name, a domain name of the sending node, etc. In IBC systems, the identification information may be used directly as a public key.

The target private key may be a private key of each transmitting node generated according to the identification information, the system parameter, and the master key. Each transmitting node has a unique identification information, so each transmitting node generates a corresponding target private key.

Referring to fig. 4, for example, the transmitting node may generate a unique random parameter as a security parameter, which may be used to ensure that each signing process is independent and unpredictable. Further, node a (i.e. the transmitting node) may send the random parameter k to a Key Generation Center (KGC). KGC uses the random parameter k to generate the system parameters and master key of the corresponding node a. The system parameters are public and can be shared by all communication nodes, and the master key is independently kept by KGC, so that the external leakage is avoided.

Further, node a has a unique identification information (e.g., the internet protocol address of node a). Node a may generate a target private key for signing the file fragments to be transferred by means of the identification information, the system parameters received from the KGC and the master key.

Further, for each file fragment to be transmitted, the sending node generates an identification cryptographic signature for the file fragment. Specifically, node a may generate an identification cryptographic signature through the file fragment to be transmitted, the system parameters, and the target private key. For example, if the file fragment to be transferred contains a DNS record for the domain name example. Com, node a will use these records of the file fragment to be transmitted, in combination with the system parameters and the target private key, to generate an identification cryptographic signature S.

Further, after the receiving node receives the corresponding file fragments, the identification password signature can be verified through the identification information and the system parameters of the sending node, and if the identification password signature passes, the verification means that the received file fragments are not tampered and come from the sending node.

By generating unique identification password signature for each file fragment to be transmitted, the integrity and the verification of the source of the data can be ensured, the application adopts the signature and verification flow based on the IBC identification password technology, the traditional certificate issuing mechanism and public key infrastructure are not needed, the establishment process of the secure communication is simplified, and meanwhile, high security is maintained.

And step 103, packaging each file fragment to be transmitted and the corresponding identification password signature into a transmission task.

In some embodiments, in order to ensure the integrity, security and manageability of data transmission, each file fragment to be transmitted and its corresponding identification password signature may be encapsulated into a transmission task for transmission, so as to allow a receiver to independently verify the source and integrity of each file fragment to be transmitted while transmitting in a network.

The transmission task may be to package each file fragment to be transmitted and the corresponding identification code signature thereof into an independent task unit in the domain name resource data exchange process.

For example, a standardized task format may be designed first for encapsulating the file fragments to be transmitted and the identification code signatures, and each file fragment to be transmitted and the corresponding identification code signature thereof are packaged together into a task unit in a task format (e.g., JSON format) by the scheduler, so as to form a complete transmission task.

By encapsulating each file fragment to be transmitted and the corresponding identification password signature into a transmission task, the receiving node can independently verify the source and the integrity of each fragment, and the encapsulation into an independent transmission task allows the system to more effectively manage the transmission process, for example, facilitates the realization of error recovery and retransmission mechanisms, and ensures the safe and efficient transmission of key data.

In some embodiments, in order to avoid overlarge single transmission task and realize load balancing, after the file to be transmitted is fragmented and uploaded to the scheduler, the file to be transmitted with larger data volume value is fragmented and divided into a plurality of file packets to be transmitted by the scheduler and then packaged to obtain the transmission task, so that the transmission efficiency is improved, and the file packets to be transmitted are divided into a plurality of file packets to be transmitted, and when a problem occurs in transmitting a certain file packet to be transmitted, the packets can be retransmitted independently without restarting the transmission of the whole transmission task, so that the overall transmission speed is improved. For example, step 103 may include:

(103.1) acquiring a data volume value of each file fragment to be transmitted;

(103.2) comparing the data volume value with a preset load threshold value to obtain a comparison result;

(103.3) dividing the corresponding file to be transmitted into a plurality of file groups to be transmitted according to the alphabetical order of the domain names when the comparison result represents that the data volume value is larger than the load threshold;

And (103.4) grouping a plurality of files to be transmitted, and packaging the file groups and the identification code signatures into transmission tasks corresponding to each file fragment to be transmitted.

The data volume value may be an actual size of each file fragment to be transmitted, and may be measured in bytes (bytes). The data volume value is used for reflecting the space occupied by the file fragments to be transmitted when the file fragments are stored or transmitted, and can be obtained by calculating or directly reading information provided by a file system.

The load threshold may be a preset standard value, which is used to determine whether a single file to be transmitted is excessively large, so as to determine whether further splitting is needed to optimize transmission efficiency and resource allocation. The load threshold may be flexibly determined based on factors such as the actual performance of the system, network bandwidth, and expected transmission time.

Wherein the comparison result may be a conclusion drawn from a comparison between the data volume value and the load threshold. If the data volume value is larger than the load threshold, the file to be transmitted is excessively segmented, which may affect the transmission efficiency or cause resource overload, otherwise, the file to be transmitted is considered to be moderately segmented and can be directly processed without additional operation.

The plurality of file groups to be transmitted may be subdivided into a plurality of smaller file sets according to the top-level domain alphabetical ordering in the domain name when the data volume value of the single file fragment to be transmitted exceeds a preset load threshold.

For example, if a file to be transferred is a file_chunk_1, its data volume value is 500MB, and the preset load threshold is 300MB. And comparing to obtain a comparison result, wherein the data volume value of the file fragment to be transmitted is larger than the load threshold value, so that the file fragment to be transmitted is required to be further divided according to the letter ordering of the top-level domain name in the domain name.

Further, if file_chunk_1 contains data from ". Com", ". Net", and ". Org" top-level fields, it can be divided into three new file packets to be transmitted, file packet 1, containing all domain name resources under ". Com", file packet 2, containing all domain name resources under ". Net", and file packet 3, containing all domain name resources under ". Org". And then, the three file groups to be transmitted and the identification password signature can be packaged together into a transmission task, and the transmission task is uploaded to a scheduler for next transmission arrangement, so that the transmission efficiency is improved, and the safety and consistency of data can be ensured.

Referring to fig. 5, in some embodiments, the file fragments to be transmitted may also be grouped for the domain name letters. For example, the file to be transmitted includes a domain name letter of the top domain beginning with a, b, c, d, when the data volume value of the file to be transmitted is greater than the load threshold, since the number of domain name resources of the top domain beginning with c is far greater than that of other domain names, the sending node can adaptively adjust the splitting policy, and divide the domain name resources beginning with c into one or more new file packets to be transmitted.

In some embodiments, the file to be transmitted may be grouped and then packaged together with the identification code signature to obtain a transmission task, and the transmission task is uploaded to the scheduler, or the file to be transmitted may be uploaded to the scheduler and then packaged together with the identification code signature to obtain the transmission task. In some embodiments, both the sending node and the scheduler have the functionality to group and encapsulate the file fragments to be transmitted.

In some embodiments, after the multiple file packets to be transmitted are obtained by dividing, the multiple file packets to be transmitted may be marked, and each file packet to be transmitted is respectively packaged with the identification code signature to obtain multiple corresponding transmission tasks, so that the multiple transmission tasks are respectively transmitted.

By the method, the system can adapt to different network conditions and data loads, and when problems occur in the transmission process, the problematic packets can be rapidly positioned and independently retransmitted instead of the whole file to be transmitted in a fragmented manner, so that the efficiency and the reliability of the data in the transmission process can be improved.

And 104, respectively determining a target transmission channel corresponding to each transmission task from a plurality of transmission channels according to the domain name grade corresponding to each transmission task, wherein different transmission channels support different transmission protocols, and the encryption grade of the transmission protocol supported by each transmission channel is positively correlated with the corresponding domain name grade.

In some embodiments, in order to achieve refined management and optimization of domain name resource data transmission, a target transmission channel may be determined from multiple transmission channels according to a domain name class corresponding to each transmission task, so as to ensure that domain name classes with different importance degrees correspond to transmission channels with different encryption classes while reducing congestion and delay in a transmission process, and ensure that key domain name resources can be protected with higher security.

Wherein the domain name rank may be an importance assessment for each domain name resource data to be transmitted. For example, the domain name hierarchy may include three levels, specifically, level 1 (corresponding to a general transmission task) in which normal transmission and encrypted transmission are possible, and level 2 (corresponding to an important transmission task) in which encrypted transmission is necessary. Level 3 (corresponding to a particularly important transmission task), requiring encryption and expedited transmission, occupying the highest system resources. The domain name grade determines the priority and the safety requirement of the transmission task in the transmission process, and ensures that important domain name resources can be ensured to be processed more safely and efficiently.

The target transmission channel may be a channel selected from a plurality of available transmission channels to be most suitable for each transmission task, and different target transmission channels have different characteristics, such as transmission speed, security, and the like.

The transmission protocol may be a set of rules and standards for transmitting data over a network, among other things. The transmission channel of the application supports three main transmission protocols, each transmission protocol corresponds to a different transmission channel and provides different degrees of security.

The encryption level may be an encryption level, which refers to a security protection level provided by a transmission channel, and is specifically expressed as encryption strength and technology used in a transmission process. The encryption rank is positively correlated with the domain name rank, i.e., the more important domain name resources correspond to a higher level of encryption rank.

For example, multiple transmission channels may each support multiple primary transmission protocols, each corresponding to a different transmission channel, and provide different degrees of security. For example, the transmission channel may specifically include:

The transmission channel supporting Remote Sync (RSYNC) protocol is suitable for the transmission task with the domain name grade of 1, can transmit the transmission task without encryption, and has the characteristics of convenient construction, high transmission speed and low resource occupancy rate. When a transmission channel supporting the RSYNC protocol is set up, RSYNC software may be installed between a transmitting node and a receiving node, the RSYNC may be configured to specify a source directory (a file on the transmitting node) and a target directory (a file on the receiving node), and the RSYNC may be configured to perform Secure remote synchronization through a Secure Shell (SSH), so that synchronous transmission of files is rapidly achieved.

A transmission layer security protocol (Transport Layer Security, TLS) encryption channel built based on Nginx (a high-performance HTTP and reverse proxy server) is suitable for the transmission tasks of domain name grades 1 and 2 (domain name grades are lower), provides basic encryption transmission, ensures the security of file transmission, and exchanges key files in the transmission process. Further, when setting up an nmginx-based TLS encryption channel, by installing and configuring an nmginx server or nmginx software in the sending node and the receiving node, and enabling the TLS module, TLS certificates (which may be self-signed or issued by a certificate authority) need to be acquired and installed, and then nmginx is configured to use these certificates. Thus, hypertext transfer protocol (HyperText Transfer Protocol, HTTP) requests through the nginix server will all be over the encrypted secure hypertext transfer protocol (HyperText Transfer Protocol Secure, HTTPs) channel.

The TLS encryption channel built based on stunnel (a software tool for providing secure data transmission in a network) is suitable for tasks with domain name grade 3 (highest domain name grade), provides the highest-grade encryption protection, and can be used for transmitting tasks with domain name grade 2 when idle. Specifically, in setting up a stunnel-based TLS encryption channel, stunnel software may be installed on the sending and receiving nodes to configure stunnel to specify which types of network traffic need to be encrypted and how to communicate with a secure sockets layer protocol (Secure Sockets Layer, SSL)/TLS server.

In some embodiments, the foregoing is merely an example of a construction method of a transmission channel supporting the RSYNC protocol, a TLS encryption channel constructed based on nginix, and a TLS encryption channel constructed based on stunnel, and in practical application, different construction schemes may be selected to construct a transmission channel supporting the RSYNC protocol, a TLS encryption channel constructed based on nginix, and a TLS encryption channel constructed based on stunnel, which may be selected arbitrarily without departing from the concept of the present application.

In some embodiments, an application programming interface (Application Programming Interface, API) may be invoked by the scheduler to open multiple transport channels each time a transport task begins, the scheduler assigning a transport task to each transport channel.

For example, the domain name class corresponding to each transmission task may be determined according to the task type corresponding to each transmission task, and the target transmission channel corresponding to the domain name class of each transmission task may be determined from the plurality of transmission channels. For example, if the task type of the transmission task C is a domain name record related to a critical infrastructure, the transmission task C may be assigned to a domain name class 3, and if the domain name class of the transmission task corresponding to the transmission of the transmission channel 3 is also 3, the transmission task may be assigned to the transmission channel 3 for transmission.

By setting the encryption grade of each transmission channel to be matched with the domain name grade of the transmission task, higher-grade protection can be provided for key domain name resources, and the security of data transmission is ensured.

In some embodiments, in order to achieve refined management of domain name resource data transmission, a domain name grade may be calibrated for each transmission task, and corresponding target transmission channels may be determined for transmission tasks with different domain name grades, so as to perform hierarchical transmission on the transmission tasks, and improve transmission efficiency and security. For example, step 104 may include:

(104.1) calibrating the domain name grade of each transmission task according to a pre-calibration rule to obtain a plurality of transmission tasks associated with different domain name grades;

(104.2) determining a target transmission channel corresponding to each transmission task from the plurality of transmission channels according to the plurality of transmission tasks associated with different domain name grades.

The pre-calibration rule may be a pre-set standard and process for evaluating and determining an importance level of domain name resources included in each file fragment to be transmitted (i.e. transmission task), and by applying the pre-calibration rule, each transmission task may be associated with a specific domain name level, so as to ensure that subsequent processing can take appropriate measures according to the importance of the domain name resources.

By way of example, domain name rankings may be divided into a number of levels, such as level 3, level 4, and so on. Taking the class of domain names as a class 3, the class 1 can correspond to common domain name resources such as domain name data related to non-key business, the class 2 can correspond to important domain name resources such as resources with a certain data value, and the class 3 can correspond to domain name resources with special importance, and the core data is related.

In some embodiments, for the domain name resource in each transmission task, evaluation is performed according to a preset standard to determine the corresponding domain name class. For example, the domain name class a1 and the domain name class a2 may be set to the 1-level, the domain name class b1, b2, and b3 may be set to the 2-level, and the domain name class c1 may be set to the 2-level. Further, the domain name class of the transmission task may be identified by a technician, or may be identified by writing an automated script or using a tool, which is not particularly limited in the embodiment of the present application.

In some embodiments, the rank information of the transmission tasks may be marked after determining the domain name rank of each transmission task to quickly identify and classify the transmission tasks during subsequent processing.

Further, the most suitable target transmission channel can be selected for each transmission task according to the pre-calibrated domain name grade. The domain name grades applicable to different transmission channels can be defined by presetting a mapping table or a configuration file.

Further, according to a plurality of transmission tasks associated with different domain name grades, a transmission channel applicable to the domain name grade corresponding to each transmission task can be selected as a target transmission channel of the transmission task. For example, a level 1 transmission task may choose to use a transmission channel that does not use encryption or uses basic encryption, a level 2 transmission task may use a transmission channel that provides basic encryption, a level 3 transmission task must use a transmission channel that provides advanced encryption, and so on. Further, the scheduler may transmit the corresponding transmission task through the selected target transmission channel.

Illustratively, the domain name of task_1 is rated 1, the domain name of task_2 is rated 2, and the domain name of task_3 is rated 3. For task_1, a basic encryption TLS channel set up by RSYNC protocol or nmginx may be selected, for task_2, a basic encryption TLS channel set up by nmginx should be selected, and for task_3, an advanced encryption TLS channel set up based on stunnel should be used.

Through the mode, the most suitable transmission mode can be selected according to the importance of the domain name resources, the safety and the high efficiency of the transmission process can be ensured, and the method is particularly suitable for application scenes which need to frequently synchronize a large number of domain name resources and have higher requirements on the safety and the efficiency.

Step 105, transmitting the corresponding multiple transmission tasks to the corresponding receiving nodes through the multiple target transmission channels respectively, so that the receiving nodes sequentially verify the multiple identification password signatures in the multiple transmission tasks according to the identification information shared by the sending nodes, and updating the target domain name resources of the corresponding storage areas according to the verification results obtained by verification.

In some embodiments, in order to improve efficiency and security of domain name resource data transmission, multiple target transmission channels may be utilized to process different transmission tasks in parallel, so as to achieve load balancing and fault isolation while improving transmission efficiency.

The receiving node may be a server or a device responsible for receiving a transmission task from the sending node during data transmission.

Wherein the storage area may be a physical or logical location on the receiving node that is specifically set for storing and managing domain name resources. Which may be any form of data storage solution, such as local disk, distributed file system, database, etc.

The target domain name resource may be a specific domain name and its associated resource record (e.g., a/AAAA, NS, etc.) that needs to be updated or synchronized. The target domain name resource determines the manner in which an internet user accesses a particular service or website.

For example, when the domain name resource to be transmitted is divided to obtain a plurality of file fragments to be transmitted, the file fragments may be marked sequentially, for example, 1-1, 1-2, 1-3, and 1-1, 1-2, 1-3 may be combined sequentially, so that the complete domain name resource to be transmitted may be obtained quickly and accurately.

Further, the receiving node may start multiple daemons, each daemon being responsible for only one transmission channel, and the receiving node implementing control of the receiving process through the daemon. Specifically, after each daemon receives the corresponding transmission task, the identification password signature in each transmission task can be verified through the system parameters shared by the sending nodes and the identification information (i.e. public key) of the sending nodes, and the transmission tasks passing verification are combined according to the pre-calibrated labels, for example, 1-1, 1-2 and 1-3 are combined in sequence, so that a complete domain name resource is obtained.

For example, if verification of the identification password signature fails, the receiving node discards the transmission task, sends an error signal to the transmitting node through the transmission channel, requests retransmission of the transmission task, and after the transmitting node receives the transmission error signal, checks the retransmission number of the transmission task, and if the retransmission number of the transmission task does not exceed a preset retransmission number, for example, does not exceed 3 times, the retransmission of the transmission task can be continued through the transmission channel.

Once all the transfer tasks have been successfully received and verified, the receiving node will update its domain name resource records in the corresponding storage area and possibly store these updated records in the file repository to complete one transfer task.

In some embodiments, it may not be necessary to wait until all of the transmission tasks have been successfully received and verified, and only the received transmission tasks need to be available to synthesize a complete domain name resource. For example, when the transmission tasks 1-1, 1-2, 1-3 corresponding to the domain name resource 1 to be transmitted and the transmission tasks 2-1, 2-2, 2-3 corresponding to the domain name resource 2 to be transmitted are transmitted, if all the transmission tasks 2-1, 2-2, 2-3 corresponding to the domain name resource 2 to be transmitted are verified to pass by the receiving node and are combined to obtain the domain name resource 2, the corresponding storage area can be updated according to the domain name resource 2, and the transmission tasks not waiting for the domain name resource 1 to be transmitted are all verified to pass the update together.

In some embodiments, in order to finely manage the resource allocation of the transmission channels, the efficiency and performance of domain name resource data exchange are optimized, and according to the ratio of the resource allocation index of each transmission channel to the total resource allocation index, the computing resources of each transmission channel can be reasonably allocated, so that the key transmission tasks are ensured to be completed with enough resources preferentially, meanwhile, the loads of the transmission channels are balanced, the resource waste is avoided, and the overall transmission performance and response speed are improved. For example, before step 105, it may further include:

(A.1) aiming at each transmission task in each target transmission channel, acquiring a sub-resource allocation index of each transmission task;

(A.2) determining a channel resource allocation index of each target transmission channel according to the sum of a plurality of sub-resource allocation indexes corresponding to a plurality of transmission tasks transmitted by each target transmission channel;

(A.3) determining a total resource allocation index according to the sum of a plurality of channel resource allocation indexes corresponding to a plurality of target transmission channels respectively;

(a.4) for each target transmission channel, determining an allocated resource for each target transmission channel based on the ratio of the corresponding channel resource allocation index to the total resource allocation index;

(a.5) allocating computing resources for each target transmission channel based on the allocated resources.

The sub-resource allocation index may be a resource requirement index for measuring each transmission task in the resource allocation in the target transmission channel.

The channel resource allocation index may be the sum of sub-resource allocation indexes of all transmission tasks in each target transmission channel, that is, the total resource requirement index of the target transmission channel in the resource allocation.

The total resource allocation index may be a sum of channel resource allocation indexes of all target transmission channels.

The allocation resource may be a product obtained by multiplying a ratio of a channel resource allocation index of each target transmission channel to a total resource allocation index by a calculation resource available to the system, that is, an allocation resource to be allocated by each target transmission channel.

In some embodiments, resources are allocated to each target transmission channelThe formula for allocation is as follows:

( transmission channel x) (1)

Wherein, The index is allocated to the sub-resource of the jth transmission task in the target transmission channel x; allocating an index for channel resources of a target transmission channel x; The sum of channel resource allocation indexes of all target transmission channels is calculated, wherein N represents N target transmission channels; As a weight of the task(s), As a value of the volume of data,The number of retransmissions.

Specifically, the task weight is used for reflecting the importance and the priority of the transmission task, the higher the task weight is, the higher the priority of the corresponding transmission task in resource allocation is, the larger the data volume value is reflecting the data volume required to be transmitted by the transmission task, the more the resources required by the transmission task are, and the more the retransmission times are, the more important the transmission task is indicated. Through the following processesThe calculated gain factor is used for comprehensively considering the influence of the task weight and the retransmission times, and when the task weight and the retransmission times are larger, the gain factor is also larger, which means that the priority of the transmission task in the resource allocation is higher.

For example, if there are two target transmission channels in total, there are three transmission tasks T1, T2, T3 in the target transmission channel 1, and the transmission tasks S1, S2, S3 in the target transmission channel 2. Taking the channel resource allocation index of the target transmission channel 1 as an example, if the task weight of the transmission task T1 is 0.9, the data volume value is 1,048,576 bytes, the retransmission frequency is 5, the task weight of the transmission task T2 is 0.5, the data volume value is 524,288 bytes, the retransmission frequency is 2, the task weight of the transmission task T1 is 0.7, the data volume value is 2,097,152 bytes, and the retransmission frequency is 3. Substituting the related data in T1, T2 and T3 into the formula (1) can calculate to obtain the sub-resource allocation index of T1 as 1,347,456, the sub-resource allocation index of T2 as 288,352 and the sub-resource allocation index of T3 as 1,807,760.

Further, the channel resource allocation index of the target transmission channel 1 may be calculated to be 2,097,152+1,347,456+1,807, 760= 3,443,568 by the sub-resource allocation indexes corresponding to T1, T2, and T3, respectively.

For example, if the channel resource allocation index of the target transmission channel 2 is 5,312,510, the total resource allocation index is 3,443,568+5,312,510= 8,756,078.

Further, for the target transmission channel 1, the ratio of the corresponding channel resource allocation index to the total resource allocation index is 3,443,568/8,756,078, and the allocation resource to be allocated for the target transmission channel 1 can be obtained by multiplying the ratio by the available computing resource of the system.

It should be noted that the foregoing is merely a calculation example provided for understanding the allocation resources of each target transmission channel, and in actual situations, the data may be changed, and the calculation may be performed with reference to the foregoing process, which is not described herein in detail.

By the mode, the system can efficiently and dynamically allocate the computing resources according to the specific requirements of each transmission task, so that the maximization of resource utilization and the optimization of transmission efficiency are ensured, and efficient resource management and task scheduling are realized.

In some embodiments, in order for the system to be able to fully understand the characteristics and requirements of each transmission task, accurate basic data may be provided for subsequent resource allocation. (A.1) may comprise:

(A.1.1) acquiring task weight preset for each transmission task, data volume value and preset retransmission times aiming at each transmission task in each target transmission channel;

(a.1.2) determining the data gain of each transmission task according to the retransmission times and task weights;

(A.1.3) determining a sub-resource allocation index of each corresponding transmission task according to the product of the task weight, the data volume value and the data gain.

The task weight may be an importance level or priority of each transmission task.

The data volume value may be a data volume size of each transmission task. Which reflects the amount of data that needs to be transferred for a transfer task, may be expressed in units of bytes (B), kilobytes (KB), megabytes (MB), etc. The larger the data volume value, the more resources are required to transmit the task.

The number of retransmissions may be a preset number of retransmissions, that is, the number of retransmissions that the system will attempt in the course of a transmission if the transmission fails. The retransmission times are used for reflecting the reliability requirements of the transmission tasks, and the more the retransmission times are, the higher the reliability requirements of the tasks are.

The data gain may be a value calculated according to the retransmission times and the task weight, and is used for reflecting the comprehensive influence of the importance and the reliability requirements of the transmission task in the transmission process.

In some embodiments, the sub-resource allocation index =;

Wherein, As a weight of the task(s),As a value of the volume of data,The number of retransmissions; data gain.

Specifically, the data volume value of each transmission task may be determined according to the file size of the transmission task, and then, a task weight is allocated to each transmission task to determine the relative importance of the corresponding transmission task, where the task weight may be set by a technician, or may be determined by other manners, such as a machine learning model, and the task weight of each transmission task is set by using the same standard. Further, the retransmission times of each transmission task may be determined, and the retransmission times may be set based on historical data or task characteristics of the transmission task, where the retransmission times of each transmission task are set by using the same standard.

Further, the formula can be adoptedAnd calculating the data gain, and multiplying the data volume value, the task weight and the data gain to obtain the sub-resource allocation index corresponding to each transmission task.

By the method, tasks with high priority, large data volume or high reliability can be supported by more resources, and smooth completion of the tasks is ensured. Meanwhile, the low-priority tasks can be properly focused, and the high-efficiency operation of the whole system is ensured.

In some embodiments, in order to realize dynamic adjustment and optimization of resource allocation, it is ensured that network resources can be flexibly allocated according to actual transmission requirements and task completion conditions, and after one transmission channel completes all allocated transmission tasks, the resources can be released and re-allocated to other channels which are transmitting or waiting for transmission, so as to avoid idle and waste of the resources. For example, the domain name resource transmission method may further include:

After any one first transmission channel finishes transmitting all the allocated transmission tasks, determining a first resource allocation amount released by the first transmission channel;

and (B.2) according to the channel resource allocation index of at least one second transmission channel currently transmitting the transmission task, allocating the first resource allocation amount to the at least one second transmission channel to obtain a target transmission channel with updated resource allocation amount.

The first transmission channel may be a target transmission channel that has completed all of its allocated transmission tasks. The first transmission channel no longer requires additional computing resources to handle the current task list and thus may free up previously allocated resources.

The first resource allocation amount may be an amount of computing resources released by the first transmission channel after the first transmission channel completes all transmission tasks. The first amount of resource allocation includes, but is not limited to, central processor (CentralProcessingUnit, CPU) time, memory space, network bandwidth, and the like.

Wherein the second transmission channel may be one or more transmission channels that are still currently processing transmission tasks. The second transmission channel has not completed all of its assigned transmission tasks and still requires computing resources to continue processing the remaining transmission tasks.

In some embodiments, the second transmission channel may receive the first resource allocation amount released from the first transmission channel, so as to accelerate the task processing process and improve the efficiency of task transmission.

Referring to fig. 6, for example, if there are 4 transmission channels between the sending node and the receiving node, the transmission channel 1 has a transmission task 1 and a transmission task 7, the allocation resource obtained by the transmission channel 1 is 10% of the available resources of the system, the transmission channel 2 has a transmission task 2, a transmission task 5 and a transmission task 8, the allocation resource obtained by the transmission channel 2 is 30% of the available resources of the system, the transmission channel 3 has a transmission task 3, a transmission task 6 and a transmission task 9, the allocation resource obtained by the transmission channel 3 is 20% of the available resources of the system, the transmission channel 4 has a transmission task 4, and the allocation resource obtained by the transmission channel 4 is 40% of the available resources of the system.

Further, if the transmission channel 4 is completed, the transmission channel 4 is used as a first transmission channel, and the transmission channels 1, 2, and 3 are used as second transmission channels, the updated total resource allocation index can be recalculated according to the channel resource allocation indexes of the remaining transmission channels 1, 2, and 3. And according to the ratio of the transmission channel 1, the transmission channel 2 and the transmission channel 3 to the total resource allocation index, multiplying the ratio by the first resource allocation amount released by the transmission channel 4 to obtain the system resources which are newly allocated for the transmission channel 1, the transmission channel 2 and the transmission channel 3, for example, the newly obtained allocation resources of the transmission channel 1 are 20% of the available resources of the system, the newly obtained allocation resources of the transmission channel 2 are 50% of the available resources of the system, and the newly obtained allocation resources of the transmission channel 3 are 30% of the available resources of the system. Finally, the resource allocation amounts of the transmission channel 1, the transmission channel 2 and the transmission channel 3 can be updated again according to the increased allocated system resources.

Through the mode, the system can more effectively respond to the change of the transmission task, such as task completion, addition of a new task or adjustment of transmission priority, so that the overall transmission efficiency and the system performance are improved, necessary resources are ensured to be obtained by the key task, the transmission quality is ensured, and meanwhile, the resources can be reasonably allocated for the non-key task, so that the fair allocation and the optimal use of the resources are realized.

Referring to fig. 7, fig. 7 is a flowchart illustrating steps of a domain name resource transmission method provided by an embodiment of the present application, where the domain name resource transmission method is applied to a receiving node, and in the embodiment of the present application, taking a case that a domain name resource transmission device is specifically integrated on a computer device, when a processor on the computer device executes a program instruction corresponding to the domain name resource transmission method, the specific flow is as follows:

step 201, acquiring a plurality of transmission tasks corresponding to transmission of a sending node through a plurality of target transmission channels;

Step 202, sequentially verifying a plurality of identification password signatures in a plurality of transmission tasks according to identification information shared by the sending nodes, and updating target domain name resources of corresponding storage areas according to verification results obtained by verification;

The target transmission channel corresponding to each transmission task is respectively determined from a plurality of transmission channels through a sending node according to the domain name grade corresponding to each transmission task; the transmission task is obtained by encapsulating each file fragment to be transmitted and the corresponding identification code signature through a transmitting node, wherein the identification code signature corresponding to each file fragment to be transmitted is obtained by the transmitting node, and the domain name resource to be transmitted is divided into a plurality of file fragments to be transmitted according to the domain name type and then generated;

The method comprises the steps of acquiring a plurality of transmission tasks transmitted by a transmitting node through a plurality of target transmission channels, sequentially verifying a plurality of identification code signatures in the plurality of transmission tasks according to identification information shared by the transmitting node, and updating target domain name resources of a corresponding storage area according to verification results obtained by verification, wherein the target transmission channels corresponding to each transmission task are respectively determined and obtained from the plurality of transmission channels through the transmitting node according to domain name grades corresponding to each transmission task, the transmission tasks are obtained through packaging each file fragment to be transmitted and the corresponding identification code signatures through the transmitting node, the identification code signatures corresponding to each file fragment to be transmitted are obtained through the transmitting node, the domain name resources to be transmitted are divided into a plurality of file fragments to be transmitted according to domain name types, and then the domain name resources to be transmitted are generated, wherein different transmission channels support different transmission protocols, and the encryption grades of the transmission protocols supported by each transmission channel are positively correlated with the corresponding domain name grades. In addition, by building a plurality of transmission channels, the difficulty that an attacker hives all the transmission channels and breaks out the full resource records is increased, so that the safety of the system transmission process is greatly improved, and meanwhile, each transmission channel supports transmission protocols with different encryption levels, so that the transmission tasks with high domain name levels can be fully encrypted and protected, and the safety of the system transmission process is further improved. In summary, the application can improve the efficiency and the safety of domain name resource transmission.

The specific implementation of the data migration method applied to the receiving node is basically the same as the specific embodiment of domain name resource transmission applied to the sending node, and is not described herein.

Referring to fig. 8, in some embodiments, the general technical scheme of the present application will be described below with reference to fig. 8. The sending node firstly issues domain name resources to be transmitted, sorts the domain name resources and divides the file fragments to be transmitted, and ensures that each file fragment to be transmitted is orderly arranged according to the domain name type. Furthermore, electronic signature can be carried out on each file fragment to be transmitted to obtain a corresponding identification password signature so as to ensure the integrity of data and the verifiability of sources. Further, the data can be analyzed through the dispatcher, the transmission channels matched with the domain name grades are requested and started, and the proper transmission channel is assigned to each file fragment to be transmitted according to the domain name grade of each file fragment to be transmitted. Different transmission channels may support different transmission protocols and encryption levels to accommodate different levels of domain name resources. Further, the encapsulated transmission task and the identification password signature can be transmitted to the receiving node through the opened transmission channel. The receiving node detects the transmission channel information through different daemons and receives the transmission tasks transmitted from different transmission channels. After receiving the corresponding transmission tasks, the receiving node can verify each received transmission task, and check whether the identification password signature is matched to ensure that the data is not tampered. After verification is passed, each transmission task is aggregated into a complete domain name resource file according to the correct sequence, and the aggregated domain name resource file is reserved in a history record by a receiving node to complete one complete transmission task.

Referring to fig. 9, the embodiment of the present application further provides a domain name resource transmission device, applied to a sending node, capable of implementing the domain name resource transmission method, where the domain name resource transmission device includes:

An obtaining module 91, configured to obtain a domain name resource to be transmitted;

the generating module 92 is configured to divide a domain name resource to be transmitted into a plurality of file fragments to be transmitted according to a domain name type, and generate a corresponding identification password signature for each file fragment to be transmitted;

The packaging module 93 is configured to package each file fragment to be transmitted and a corresponding identification password signature into a transmission task;

A determining module 94, configured to determine, from a plurality of transmission channels, a target transmission channel corresponding to each transmission task according to a domain name class corresponding to each transmission task, where different transmission channels support different transmission protocols, and an encryption class of the transmission protocol supported by each transmission channel is positively related to the corresponding domain name class;

The transmission module 95 is configured to transmit a plurality of corresponding transmission tasks to corresponding receiving nodes through a plurality of target transmission channels, so that the receiving nodes sequentially verify a plurality of identification password signatures in the plurality of transmission tasks according to the identification information shared by the sending nodes, and update target domain name resources in the corresponding storage areas according to verification results obtained by verification.

The specific implementation manner of the domain name resource transmission device is basically the same as the specific embodiment of the domain name resource transmission method, and is not repeated here. On the premise of meeting the requirements of the embodiment of the application, the domain name resource transmission device can be provided with other functional modules so as to realize the domain name resource transmission method in the embodiment.

The embodiment of the application also provides computer equipment, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the domain name resource transmission method when executing the computer program. The computer equipment can be any intelligent terminal including a tablet personal computer, a vehicle-mounted computer and the like.

Referring to fig. 10, fig. 10 illustrates a hardware structure of a computer device according to another embodiment, where the computer device includes:

The processor 1001 may be implemented by using a general-purpose CPU (central processing unit), a microprocessor, an application-specific integrated circuit (ApplicationSpecificIntegratedCircuit, ASIC), or one or more integrated circuits, etc. to execute related programs to implement the technical solution provided by the embodiments of the present application;

Memory 1002 may be implemented in the form of read-only memory (ReadOnlyMemory, ROM), static storage, dynamic storage, or random access memory (RandomAccessMemory, RAM). The memory 1002 may store an operating system and other application programs, and when the technical solutions provided in the embodiments of the present disclosure are implemented by software or firmware, relevant program codes are stored in the memory 1002, and the processor 1001 invokes a domain name resource transmission method for executing the embodiments of the present disclosure;

an input/output interface 1003 for implementing information input and output;

The communication interface 1004 is configured to implement communication interaction between the present device and other devices, and may implement communication in a wired manner (e.g. USB, network cable, etc.), or may implement communication in a wireless manner (e.g. mobile network, WIFI, bluetooth, etc.);

a bus 1005 for transferring information between the various components of the device (e.g., the processor 1001, memory 1002, input/output interface 1003, and communication interface 1004);

Wherein the processor 1001, the memory 1002, the input/output interface 1003, and the communication interface 1004 realize communication connection between each other inside the device through the bus 1005.

The embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores a computer program, and the computer program realizes the domain name resource transmission method when being executed by a processor.

The memory, as a non-transitory computer readable storage medium, may be used to store non-transitory software programs as well as non-transitory computer executable programs. In addition, the memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory remotely located relative to the processor, the remote memory being connectable to the processor through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The embodiments described in the embodiments of the present application are for more clearly describing the technical solutions of the embodiments of the present application, and do not constitute a limitation on the technical solutions provided by the embodiments of the present application, and those skilled in the art can know that, with the evolution of technology and the appearance of new application scenarios, the technical solutions provided by the embodiments of the present application are equally applicable to similar technical problems.

It will be appreciated by persons skilled in the art that the embodiments of the application are not limited by the illustrations, and that more or fewer steps than those shown may be included, or certain steps may be combined, or different steps may be included.

The above described apparatus embodiments are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, i.e. may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

Those of ordinary skill in the art will appreciate that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof.

The terms "first," "second," "third," "fourth," and the like in the description of the application and in the above figures, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

It should be understood that in the present application, "at least one (item)" and "a plurality" means one or more, and "a plurality" means two or more. "and/or" is used to describe an association relationship of an associated object, and indicates that three relationships may exist, for example, "a and/or B" may indicate that only a exists, only B exists, and three cases of a and B exist simultaneously, where a and B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one of a, b or c may represent a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.

In the several embodiments provided by the present application, it should be understood that the disclosed systems and methods may be implemented in other ways. For example, the system embodiments described above are merely illustrative, e.g., the division of the above elements is merely a logical functional division, and there may be additional divisions in actual implementation, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described above as separate components may or may not be physically separate, and components shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, including multiple instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method of the various embodiments of the present application. The storage medium includes various media capable of storing programs, such as a U disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory RAM), a magnetic disk, or an optical disk.

The preferred embodiments of the present application have been described above with reference to the accompanying drawings, and are not thereby limiting the scope of the claims of the embodiments of the present application. Any modifications, equivalent substitutions and improvements made by those skilled in the art without departing from the scope and spirit of the embodiments of the present application shall fall within the scope of the claims of the embodiments of the present application.

Claims

1. A domain name resource transmission method, applied to a transmitting node, the method comprising:

Acquiring domain name resources to be transmitted;

2. The domain name resource transmission method according to claim 1, wherein the transmitting the corresponding plurality of transmission tasks to the corresponding receiving node through the plurality of target transmission channels respectively, so that the receiving node sequentially verifies the plurality of identification password signatures in the plurality of transmission tasks according to the identification information shared by the sending node, and before updating the target domain name resources in the corresponding storage area according to the verification result obtained by the verification, the method further comprises:

3. The domain name resource transmission method according to claim 2, wherein the obtaining, for each transmission task in each target transmission channel, a sub-resource allocation index of each transmission task includes:

4. The domain name resource transmission method according to claim 2, wherein the method further comprises:

5. The domain name resource transmission method according to claim 1, wherein the obtaining the domain name resource to be transmitted includes:

6. The domain name resource transmission method according to claim 1, wherein the generating a corresponding identification cryptographic signature for each file segment to be transmitted includes:

Acquiring a random parameter generated randomly;

7. The domain name resource transmission method according to claim 1, wherein said encapsulating each file fragment to be transmitted and the corresponding identification password signature into a transmission task includes:

acquiring the data volume value of each file fragment to be transmitted;

8. The domain name resource transmission method according to claim 1, wherein the determining, according to the domain name class corresponding to each transmission task, the target transmission channel corresponding to each transmission task from the plurality of transmission channels includes:

9. A domain name resource transmission method, applied to a receiving node, the method comprising:

10. A domain name resource transmission apparatus, for use in a transmitting node, the apparatus comprising:

11. A computer device comprising a memory storing a computer program and a processor implementing the domain name resource transmission method of any of claims 1 to 8 or claim 9 when the computer program is executed by the processor.

12. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the domain name resource transmission method of any of claims 1 to 8, or claim 9.