CN102025794A - Domain name resolution method, DNS (Domain Name Server) server and system - Google Patents
Domain name resolution method, DNS (Domain Name Server) server and system Download PDFInfo
- Publication number
- CN102025794A CN102025794A CN2010101754224A CN201010175422A CN102025794A CN 102025794 A CN102025794 A CN 102025794A CN 2010101754224 A CN2010101754224 A CN 2010101754224A CN 201010175422 A CN201010175422 A CN 201010175422A CN 102025794 A CN102025794 A CN 102025794A
- Authority
- CN
- China
- Prior art keywords
- response message
- dns response
- domain name
- dns
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a domain name resolution method, a DNS (Domain Name Server) server and a system. The method comprises the following steps of: after the DNS server receives a domain name resolution request initiated by an accessed user, a corresponding DNS response message is obtained; when the obtained DNS response message is a disconnected DNS response message based on a UDP (User Datagram Protocol), a value of a specified zone bit is set in the DNS response message to generate a DNS response message after change; after the value of the specified zone bit is set to indicate that the accessed user receives the DNS response message after change, the domain name resolution request initiated in a TCP (Terminal Control Protocol) mode is cancelled and the DNS response message after change is returned to the accessed user. By adopting the scheme, the domain name resolution search based on the TCP mode is avoided, therefore, the system can not be attacked by the TCP mode, the DDOS (Distributed Denial of Service) attack resisting capability of the system is effectively increased, and the domain name resolution efficiency of the system is improved.
Description
Technical field
The present invention relates to IP (Internet Protocol, Internet protocol) network field, relate in particular to domain name analytic method, DNS (Domain Name Service, domain name service) server and system in a kind of IP network.
Background technology
In IP (Internet Protocol, Internet protocol) network, the major function of DNS (Domain Name Service, domain name service) is that the domain name (Domain Name) that is easy to people's memory is changed with the discernible IP of network address.Conversion between domain name and the IP address is called domain name mapping, and the network host of carrying out domain name mapping can be called dns server.
In the prior art, DNS provides three kinds of domain name mapping modes: local search, caching query and iterative query.If the access user of certain ISP (Internet Service Provider, ISP) imports certain website domain name in browser, then insert the user and initiate the domain name mapping request, wherein carry this website domain name; The dns server of this ISP, be commonly referred to as local dns server and receive this domain name mapping request, at first carry out local search, the IP address of this website domain name correspondence of inquiry in the home domain name database, stored in the home domain name database and belonged to the home domain name that this dns server resolves and the corresponding relation of IP address, if this website domain name is a home domain name, then local dns server directly returns to the IP address that inquires and inserts the user; If this website domain name is not a home domain name, local dns server is then carried out caching query, query parse record in the buffer memory of this dns server (generally preserving the non-home domain name and the corresponding IP address thereof of resolving by the iterative query mode in nearest a period of time in the buffer memory) with the form of separating new record, if in buffer memory, have this website domain name relevant separate new record, then local dns server directly returns to the IP address that inquires and inserts the user; If in buffer memory not this website domain name relevant separate new record, local dns server is carried out iterative query at last, obtains the DNS response message of the IP address of carrying this website domain name correspondence by iterative query.
With query web domain name " www.aaa.com.cn " is example, the domain name mapping process of iterative query is described, suppose that local dns server does not inquire the IP address of www.aaa.com.cn correspondence in home domain name database and buffer memory, then further comprise following iterative query process:
Step 1, local dns server are initiated this domain name mapping request to the rhizosphere dns server of self;
Step 2, if the rhizosphere dns server can't be resolved, then return the IP address of the dns server in management cn territory to local dns server;
Step 3, local dns server are initiated this domain name mapping request to the dns server in management cn territory;
Step 4, if the dns server in management cn territory can't be resolved, then return the IP address of the dns server in management com.cn territory to local dns server;
Step 5, local dns server are initiated this domain name mapping request to the dns server in management com.cn territory;
Step 6, if the dns server in management com.cn territory can't be resolved, then return the IP address of the dns server of aaa website to local dns server;
Step 7, local dns server obtain the DNS response message of the IP address of carrying this website domain name from the dns server of aaa website, and this DNS response message returned to insert the user, insert the user obtains this website domain name from this DNS response message IP address.
At present, DNS name resolution agreement regulation adopts UDP53 port and TCP53 port to carry out the inquiry of domain name mapping and returning of response message, at first, inserting the user adopts the UDP53 port to initiate the inquiry of domain name mapping based on the UDP mode, when more with the corresponding IP address of website domain name of inquiry, when feasible DNS response message based on UDP can't carry the IP address of whole correspondences, then only carry part IP address, characteristic based on udp protocol, the UDP message is 512 bytes to the maximum, then return the DNS response message based on UDP of 512 bytes this moment, and the cutoff flag TC position of " sign " part is set to 1 in the DNS response message, also this DNS response message is called intercepted DNS response message based on UDP, after dns server returns to the access user with this DNS response message, inserting the user is 1 according to TC position in this DNS response message, determines this domain name mapping request failure based on the UDP mode, initiates the domain name mapping request based on the TCP mode again.
Yet, initiate the domain name mapping request based on the TCP mode again, and, all will increase the time of domain name mapping based on of the section and the reorganization of TCP mode to the overlength message, reduce the domain name resolution efficiency of system; And compare the UDP mode, lower based on the success rate of the domain name mapping of TCP mode when network environment is abominable, may cause the user finally can't successfully realize this domain name mapping, and then can't visit the ICP resource.
And, dns server is very easy to be subjected to network attack as the critical server in the whole network, and network attack also can be divided into the UDP mode with bearing protocol and attack with the TCP mode and attack, especially the purpose in the TCP mode is that the DDOS attack of consumption of natural resource is the most general, for example:
It is the most classical Denial of Service attack that SYN-Flood attacks, the defective that it has utilized Transmission Control Protocol to realize, by send the attack message of a large amount of cook source address to network service place port, just may cause the half-open connection formation in the destination server to be taken, thereby stop other validated users to conduct interviews.
It is after TCP connects foundation that ACK Flood attacks, all transfer of data TCP messages all have the ACK flag bit, server will be done two processing: table look-up, respond ACK/RST, the ACK Flood of high quantity can cause server network interface card interruption frequency too high, load overweight and stop the response.
Summary of the invention
The embodiment of the invention provides a kind of domain name analytic method, dns server and system, in order to inquire about by evading based on the domain name mapping of TCP mode, the system that makes avoids the TCP mode and attacks, and the effective anti-DDOS attacking ability of elevator system improves the domain name resolution efficiency of system simultaneously.
The embodiment of the invention provides a kind of domain name analytic method, comprising:
The domain name service dns server obtains corresponding DNS response message after receiving access Client-initiated domain name mapping request;
When the described DNS response message that obtains is intercepted DNS response message based on UDP, the value of specified sign position is set in described DNS response message, generate DNS response message after changing; After the described value that the specified sign position is set was used to indicate described access user to receive described DNS response message after changing, cancellation was initiated the domain name mapping request based on the TCP mode; And described DNS response message after changing returned to described access user.
The embodiment of the invention also provides a kind of dns server, comprising:
Acquiring unit is used for obtaining corresponding DNS response message after receiving access Client-initiated domain name mapping request;
Processing unit is used for when the described DNS response message that obtains is intercepted DNS response message based on UDP the value of specified sign position being set in described DNS response message, generates DNS response message after changing; After the described value that the specified sign position is set was used to indicate described access user to receive described DNS response message after changing, cancellation was initiated the domain name mapping request based on the TCP mode;
Return the unit, be used for described DNS response message is after changing returned to described access user.
The embodiment of the invention also provides a kind of domain name analysis system, comprising: front end domain name service dns server and rear end intelligence dns server, wherein:
Described front end dns server, after being used to receive access Client-initiated domain name mapping request, when carrying out iterative query, the domain name analysis request is transmitted to described rear end intelligence dns server, and the DNS response message after changing that rear end intelligence dns server is returned returns to described access user;
Described rear end intelligence dns server is used for obtaining corresponding DNS response message by iterative query after the domain name analysis request that receives described front end dns server forwarding; And when the described DNS response message that obtains is intercepted DNS response message based on UDP, the value of specified sign position is set in described DNS response message, generate DNS response message after changing; After the described value that the specified sign position is set was used to indicate described access user to receive described DNS response message after changing, cancellation was initiated the domain name mapping request based on the TCP mode; And described DNS response message after changing returned to described front end dns server.
In the method that the embodiment of the invention provides, when the DNS response message that obtains when dns server is intercepted DNS response message based on UDP, the value of specified sign position is set in this DNS response message, generates DNS response message after changing; Wherein, after the value that the specified sign position is set was used to indicate this access user to receive after changing DNS response message, cancellation was initiated the domain name mapping request based on the TCP mode; And the DNS response message of inciting somebody to action after changing returns to described access user.Insert the user after receiving the DNS response message after changing that dns server returns, value according to the specified sign position that is provided with, can not initiate the domain name mapping request based on the TCP mode, also promptly realized evading domain name mapping inquiry based on the TCP mode, and then the system that can make avoids the TCP mode and attacks, and effectively promoted the anti-DDOS attacking ability of system; And reduced the time of domain name mapping compared to existing technology, improved the domain name resolution efficiency of system.
Description of drawings
The flow chart of the domain name analytic method that Fig. 1 provides for the embodiment of the invention;
The flow chart of the domain name analytic method that Fig. 2 provides for the embodiment of the invention one;
The flow chart of the domain name analytic method that Fig. 3 provides for the embodiment of the invention two;
The structural representation of the dns server that Fig. 4 provides for the embodiment of the invention three;
The structural representation of the domain name analysis system that Fig. 5 provides for the embodiment of the invention four.
Embodiment
The embodiment of the invention provides a kind of domain name analytic method, as shown in Figure 1, comprising:
Step S101, dns server obtain corresponding DNS response message after receiving access Client-initiated domain name mapping request.
Step S102, when this DNS response message that obtains is intercepted DNS response message based on UDP, the value of specified sign position is set in this DNS response message, generate DNS response message after changing; After the value that the specified sign position is set was used to indicate the access user to receive this DNS response message after changing, cancellation was initiated the domain name mapping request based on the TCP mode.
Step S103, this DNS response message after changing returned to insert the user.
Below in conjunction with accompanying drawing, by the description to a domain name mapping entire flow, the method that the embodiment of the invention is provided is described in detail.
Embodiment one:
Figure 2 shows that the flow chart of the domain name analytic method that the embodiment of the invention one provides, comprising:
Step S201, dns server receive the domain name mapping request of carrying the website domain name that the user initiates based on the UDP mode that inserts.
Step S202, carry out local search and caching query, be specially the IP address of this website domain name correspondence of inquiry in home domain name database and buffer memory.
Whether step S203, judgement inquire the IP address of this website domain name correspondence in home domain name database and buffer memory, if, enter step S204, otherwise, step S205 entered.
Step S204, generate the DNS response message, wherein carry the IP address of this website domain name correspondence that inquires, and the DNS response message that generates returned to insert the user.
Step S205, obtain the DNS response message based on UDP of the IP address of carrying this website domain name correspondence by iterative query.
The iterative query process is consistent with iterative query process of the prior art, is not described in detail at this.
Step S206, judge that whether this DNS response message is the intercepted DNS response message based on UDP, if, enter step S208, otherwise, step S207 entered.
This step essence is judges that whether the IP address of carrying in this DNS response message only is the part IP address in whole IP address of this website domain name correspondence of inquiring, specifically can judge according to the TC position of " sign " part in the DNS response message, if the TC position is 1, represent that this UDP replys length and surpasses 512 bytes, preceding 512 bytes that this UDP replys have only been carried in this DNS response message that returns, can determine promptly that also this DNS response message is the intercepted DNS response message based on UDP, if the TC position is 0, can determine that then this DNS response message is not based on the intercepted DNS response message of UDP.
Step S207, directly this DNS response message is returned to insert the user.
Step S208, the value of specified sign position is set in this DNS response message, generates DNS response message after changing; Wherein, after the value that the specified sign position is set was used to indicate the access user to receive this DNS response message after changing, cancellation was initiated the domain name mapping request based on the TCP mode.
In this step, the value of specified sign position is set in this DNS response message, the value of the TC position in the existing DNS response message form specifically can be set, TC position for 1 is set to 0, after the access user receives this DNS response message after changing like this, according to the TC position is 0, then can not initiate the domain name mapping request again based on the TCP mode again;
The value of specified sign position also can be set in the spare field in this DNS response message, after being used to indicate the access user to receive this DNS response message after changing, according to the value of this specified sign position that is provided with, can not initiate the domain name mapping request again based on the TCP mode.
Preferable, owing to only comprised preceding 512 bytes that this UDP replys in this DNS response message, so carry incomplete IP address (partial content that has promptly only comprised an IP address) in this DNS response message, so, before the DNS response message that generates after changing, the incomplete IP address of carrying in this DNS response message can also be deleted in this step; Perhaps
Also can only keep and set a quantity IP address in the IP address of carrying in this DNS response message, and delete other IP address of carrying.Wherein, the quantity of setting can be rule of thumb determines flexibly with actual needs, and based on the form size of existing IP address, this settings quantity can be set to can guarantee that byte is in 512 at this moment smaller or equal to 27 all passable.
Step S209, the DNS response message of inciting somebody to action after changing return to the access user.
For the domain name mapping flow process that the foregoing description one provides, can adopt a dns server to finish, for example on the basis of the dns server of prior art, improve, to finish above-mentioned domain name mapping flow process;
For ease of in existing system, improving, realize the method that the embodiment of the invention provides, also can adopt two dns servers to finish, one of them dns server adopts the dns server of prior art, be convenient to distinguish, it is called the front end dns server, be used to receive the domain name mapping request that Client-initiated carries the website domain name that inserts, carry out local search and caching query, when needs carry out iterative query, this domain name mapping request is transmitted to another dns server, be convenient to distinguish, another dns server is called rear end intelligence dns server, and rear end intelligence dns server is used to finish the flow process of the domain name analytic method above-mentioned shown in Figure 1 that the embodiment of the invention provides.
In embodiment two, based on the domain name analysis system of being made up of front end dns server and rear end intelligence dns server, the domain name analytic method that the embodiment of the invention is provided is described in detail below.
Embodiment two:
Figure 3 shows that the flow chart of the domain name analytic method that the embodiment of the invention two provides, comprising:
Step S301, access user initiate to carry the domain name mapping request of website domain name based on the UDP mode.
Front end dns server in step S302, the domain name analysis system carries out local search and caching query after receiving this domain name mapping request, is specially the IP address of this website domain name correspondence of inquiry in home domain name database and buffer memory.
If step S303 does not inquire the IP address of this website domain name correspondence by local search and caching query, then this domain name mapping request is transmitted to rear end intelligence dns server, carry out iterative query by rear end intelligence dns server.
Step S304, rear end intelligence dns server process rhizosphere dns server or other dns servers etc. are iteration repeatedly, the domain name mapping request is sent to the dns server of this website.
The intelligent to the back-end DNS module of the dns server of step S305, this website is returned the DNS response message based on UDP, wherein carries the IP address of this website domain name correspondence.
Step S306, intelligence dns server in rear end judges that whether this DNS response message is the intercepted DNS response message based on UDP, essence is judges that whether the IP address of carrying in this DNS response message only is the part IP address in whole IP address of this website domain name correspondence of inquiring, specifically can judge according to the TC position of " sign " part in the DNS response message, if the TC position is 1, represent that this UDP replys length and surpasses 512 bytes, preceding 512 bytes that this UDP replys have only been carried in this DNS response message that returns, can determine promptly that also this DNS response message is the intercepted DNS response message based on UDP, if the TC position is 0, can determine that then this DNS response message is not based on the intercepted DNS response message of UDP.
If judged result then is provided with the value of specified sign position for being in this DNS response message, generates DNS response message after changing, and DNS response message is after changing returned to the front end dns server; Wherein, after the value that the specified sign position is set was used to indicate the access user to receive this DNS response message after changing, cancellation was initiated the domain name mapping request based on the TCP mode.
In this step, the value of specified sign position is set in this DNS response message, the value of the TC position in the existing DNS response message form specifically can be set, TC position for 1 is set to 0, after the access user receives this DNS response message after changing like this, according to the TC position is 0, then can not initiate the domain name mapping request again based on the TCP mode again;
The value of specified sign position also can be set in the spare field in this DNS response message, after being used to indicate the access user to receive this DNS response message after changing, according to the value of this specified sign position that is provided with, can not initiate the domain name mapping request again based on the TCP mode.
Preferable, owing to only comprised preceding 512 bytes that this UDP replys in this DNS response message, so carry incomplete IP address (partial content that has promptly only comprised an IP address) in this DNS response message, so, before the DNS response message that generates after changing, the incomplete IP address of carrying in this DNS response message can also be deleted in this step; Perhaps
Also can only keep and set a quantity IP address in the IP address of carrying in this DNS response message, and delete other IP address of carrying.Wherein, the quantity of setting can be rule of thumb determines flexibly with actual needs, and based on the form size of existing IP address, this settings quantity can be set to can guarantee that byte is in 512 at this moment smaller or equal to 27 all passable.
If judged result is that this DNS response message that then directly will receive does not return to the front end dns server.
After step S307, front end dns server receive this DNS response message or DNS response message after changing that returns, this DNS response message or DNS response message are after changing returned to the access user.
Step S308, insert DNS response message that the user returns according to the front end dns server or DNS response message after changing, an IP address is selected in the IP address that therefrom obtains this website domain name correspondence of carrying, and visits the Website server of this IP address correspondence.
The domain name analytic method that the embodiment of the invention one and embodiment two provide has not only realized evading the domain name mapping inquiry based on the TCP mode, and then the system that can make avoids the TCP mode and attack, and has effectively promoted the anti-DDOS attacking ability of system; And, improved domain name resolution efficiency owing to can not initiate again to inquire about based on the domain name mapping of TCP mode, reduce the domain name mapping time, and then improved the perception of user capture ICP resource; And, when carrying out the domain name mapping inquiry based on the domain name analysis system among the embodiment two, also possesses the carrying out safety backup function, promptly when the intelligence dns server fault of rear end, the rear end dns server can start the domain name mapping query script of prior art, normally finishes the inquiry of domain name mapping.
Embodiment three:
Based on same inventive concept, according to the domain name analytic method that the above embodiment of the present invention provides, correspondingly, the embodiment of the invention three also provides a kind of dns server, and its structural representation comprises as shown in Figure 4:
Acquiring unit 401 is used for obtaining corresponding DNS response message after receiving access Client-initiated domain name mapping request;
Preferable, above-mentioned processing unit 402 also is used for deleting the incomplete IP address of carrying in this DNS response message before the DNS response message that generates after changing.
Preferable, above-mentioned processing unit 402 also was used for before the DNS response message that generates after changing, kept and set a quantity IP address in the IP address of carrying in this DNS response message, and delete other IP address of carrying.
Preferable, above-mentioned processing unit 402 specifically is used for being provided with at this DNS response message the value of cutoff flag position; The value of specified sign position perhaps is set in the spare field in this DNS response message.
Preferable, above-mentioned acquiring unit 401 specifically is used for obtaining corresponding DNS response message by iterative query.
Embodiment four:
Based on same inventive concept, the domain name analytic method that provides according to the above embodiment of the present invention, correspondingly, the embodiment of the invention four also provides a kind of domain name analysis system, its structural representation comprises as shown in Figure 5: front end dns server 501 and rear end intelligence dns server 502, wherein:
Above-mentioned front end dns server 501, after being used to receive access Client-initiated domain name mapping request, when carrying out iterative query, this domain name mapping request is transmitted to rear end intelligence dns server 502, and the DNS response message after changing that rear end intelligence dns server 502 returns returned to inserts the user;
Above-mentioned rear end intelligence dns server 502 is used for obtaining corresponding DNS response message by iterative query after this domain name mapping request that receives 501 forwardings of front end dns server; And when this DNS response message that obtains is intercepted DNS response message based on UDP, the value of specified sign position is set in this DNS response message, generate DNS response message after changing; The value that the specified sign position is set be used to indicate insert the user and receive after changing DNS response message after, cancellation is initiated the domain name mapping request based on the TCP mode; And the DNS response message of inciting somebody to action after changing returns to front end dns server 501.
Preferable, comprise one or more front end dns servers 501 in the above-mentioned domain name analysis system.
Adopt the hardware structure of a plurality of front end dns servers and a rear end intelligence dns server, then a plurality of front end dns servers are respectively different regions service are provided.
In sum, the scheme that the embodiment of the invention provides comprises: dns server obtains corresponding DNS response message after receiving access Client-initiated domain name mapping request; And when this DNS response message that obtains is intercepted DNS response message based on UDP, the value of specified sign position is set in this DNS response message, generate DNS response message after changing; After the value that the specified sign position is set was used to indicate the access user to receive this DNS response message after changing, cancellation was initiated the domain name mapping request and this DNS response message is after changing returned to the access user based on the TCP mode.The scheme that adopts the embodiment of the invention to provide, by evading the domain name mapping inquiry based on the TCP mode, the system that can make avoids the TCP mode and attacks, and has effectively promoted the anti-DDOS attacking ability of system, has improved the domain name resolution efficiency of system simultaneously.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (12)
1. a domain name analytic method is characterized in that, comprising:
The domain name service dns server obtains corresponding DNS response message after receiving access Client-initiated domain name mapping request;
When the described DNS response message that obtains is intercepted DNS response message based on UDP,
The value of specified sign position is set in described DNS response message, generates DNS response message after changing; After the described value that the specified sign position is set was used to indicate described access user to receive described DNS response message after changing, cancellation was initiated the domain name mapping request based on the TCP mode; And
Described DNS response message is after changing returned to described access user.
2. the method for claim 1 is characterized in that, before generating described DNS response message after changing, also comprises:
Delete the incomplete IP address of carrying in the described DNS response message.
3. the method for claim 1 is characterized in that, before generating described DNS response message after changing, also comprises:
Keep and set a quantity IP address in the IP address of carrying in the described DNS response message, and delete other IP address of carrying.
4. as the arbitrary described method of claim 1-3, it is characterized in that, in described DNS response message, the specified sign position be set, be specially:
The value of cutoff flag position is set in described DNS response message; Perhaps
The value of specified sign position is set in the spare field in described DNS response message.
5. as the arbitrary described method of claim 1-3, it is characterized in that the described DNS response message that obtains correspondence is specially:
Obtain corresponding DNS response message by iterative query.
6. a domain name service dns server is characterized in that, comprising:
Acquiring unit is used for obtaining corresponding DNS response message after receiving access Client-initiated domain name mapping request;
Processing unit is used for when the described DNS response message that obtains is intercepted DNS response message based on UDP the value of specified sign position being set in described DNS response message, generates DNS response message after changing; After the described value that the specified sign position is set was used to indicate described access user to receive described DNS response message after changing, cancellation was initiated the domain name mapping request based on the TCP mode;
Return the unit, be used for described DNS response message is after changing returned to described access user.
7. server as claimed in claim 6 is characterized in that, described processing unit also is used for deleting the incomplete IP address of carrying in the described DNS response message before generating described DNS response message after changing.
8. server as claimed in claim 6, it is characterized in that described processing unit also was used for before generating described DNS response message after changing, keep and set a quantity IP address in the IP address of carrying in the described DNS response message, and delete other IP address of carrying.
9. as the arbitrary described server of claim 6-8, it is characterized in that described processing unit specifically is used for being provided with at described DNS response message the value of cutoff flag position; The value of specified sign position perhaps is set in the spare field in described DNS response message.
10. as the arbitrary described server of claim 6-8, it is characterized in that described acquiring unit specifically is used for obtaining corresponding DNS response message by iterative query.
11. a domain name analysis system is characterized in that, comprising: front end domain name service dns server and rear end intelligence dns server, wherein:
Described front end dns server, after being used to receive access Client-initiated domain name mapping request, when carrying out iterative query, the domain name analysis request is transmitted to described rear end intelligence dns server, and the DNS response message after changing that rear end intelligence dns server is returned returns to described access user;
Described rear end intelligence dns server is used for obtaining corresponding DNS response message by iterative query after the domain name analysis request that receives described front end dns server forwarding; And when the described DNS response message that obtains is intercepted DNS response message based on UDP, the value of specified sign position is set in described DNS response message, generate DNS response message after changing; After the described value that the specified sign position is set was used to indicate described access user to receive described DNS response message after changing, cancellation was initiated the domain name mapping request based on the TCP mode; And described DNS response message after changing returned to described front end dns server.
12. system as claimed in claim 11 is characterized in that, comprises one or more described front end dns servers in the domain name resolution system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201010175422 CN102025794B (en) | 2010-01-22 | 2010-05-14 | Domain name resolution method, DNS (Domain Name Server) server and system |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010034540.3 | 2010-01-22 | ||
CN201010034540 | 2010-01-22 | ||
CN 201010175422 CN102025794B (en) | 2010-01-22 | 2010-05-14 | Domain name resolution method, DNS (Domain Name Server) server and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102025794A true CN102025794A (en) | 2011-04-20 |
CN102025794B CN102025794B (en) | 2013-07-17 |
Family
ID=43866636
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 201010175422 Active CN102025794B (en) | 2010-01-22 | 2010-05-14 | Domain name resolution method, DNS (Domain Name Server) server and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102025794B (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103281409A (en) * | 2013-06-24 | 2013-09-04 | 广州菁英信息技术有限公司 | Domain name resolution method of mobile internet and DNS server based on TCP protocol |
CN104079534A (en) * | 2013-03-27 | 2014-10-01 | ***通信集团北京有限公司 | Method and system of implementing HTTP (Hyper Text Transport Protocol) cache |
CN104144123A (en) * | 2013-05-10 | 2014-11-12 | 中国电信股份有限公司 | Method and system for having access to internet and routing type gateway device |
CN105306494A (en) * | 2015-11-26 | 2016-02-03 | 上海斐讯数据通信技术有限公司 | Server and method for preventing DOS attacks |
CN105978890A (en) * | 2016-06-23 | 2016-09-28 | 贵州白山云科技有限公司 | Method and device for locating domain names attacked by SYN |
CN107438115A (en) * | 2017-09-11 | 2017-12-05 | 深圳市茁壮网络股份有限公司 | A kind of domain name analytic method, apparatus and system |
CN107580029A (en) * | 2012-01-28 | 2018-01-12 | 瑞科网信科技有限公司 | Computer-readable recording medium |
CN108667947A (en) * | 2017-03-31 | 2018-10-16 | 贵州白山云科技有限公司 | A kind of method and device for the length reducing DNS response messages |
WO2018214853A1 (en) * | 2017-05-22 | 2018-11-29 | 贵州白山云科技有限公司 | Method, apparatus, medium and device for reducing length of dns message |
CN108965496A (en) * | 2018-07-20 | 2018-12-07 | 网宿科技股份有限公司 | A kind of method and device verifying DNS request legitimacy |
CN111614783A (en) * | 2020-05-29 | 2020-09-01 | 北京邮电大学 | Domain name resolution emergency response method and system |
CN112153166A (en) * | 2019-06-27 | 2020-12-29 | 北京声智科技有限公司 | DNS rapid analysis method, device, terminal and medium |
CN113992626A (en) * | 2021-10-22 | 2022-01-28 | 浪潮思科网络科技有限公司 | Method, device and storage medium for realizing DNS |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1529460A (en) * | 2003-10-14 | 2004-09-15 | 北京邮电大学 | Whole load equalizing method based on global network positioning |
CN101282209A (en) * | 2008-05-13 | 2008-10-08 | 杭州华三通信技术有限公司 | Method and apparatus for preventing DNS request message from flooding attack |
-
2010
- 2010-05-14 CN CN 201010175422 patent/CN102025794B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1529460A (en) * | 2003-10-14 | 2004-09-15 | 北京邮电大学 | Whole load equalizing method based on global network positioning |
CN101282209A (en) * | 2008-05-13 | 2008-10-08 | 杭州华三通信技术有限公司 | Method and apparatus for preventing DNS request message from flooding attack |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107580029A (en) * | 2012-01-28 | 2018-01-12 | 瑞科网信科技有限公司 | Computer-readable recording medium |
CN104079534A (en) * | 2013-03-27 | 2014-10-01 | ***通信集团北京有限公司 | Method and system of implementing HTTP (Hyper Text Transport Protocol) cache |
CN104079534B (en) * | 2013-03-27 | 2017-11-03 | ***通信集团北京有限公司 | A kind of HTTP cache implementing methods and system |
CN104144123B (en) * | 2013-05-10 | 2017-06-16 | 中国电信股份有限公司 | Access method, system and the route type gateway apparatus of internet |
CN104144123A (en) * | 2013-05-10 | 2014-11-12 | 中国电信股份有限公司 | Method and system for having access to internet and routing type gateway device |
CN103281409B (en) * | 2013-06-24 | 2016-03-16 | 广州市动景计算机科技有限公司 | Based on mobile Internet domain name analytic method and the dns server of Transmission Control Protocol |
CN103281409A (en) * | 2013-06-24 | 2013-09-04 | 广州菁英信息技术有限公司 | Domain name resolution method of mobile internet and DNS server based on TCP protocol |
WO2014206118A1 (en) * | 2013-06-24 | 2014-12-31 | 广州市动景计算机科技有限公司 | Domain name resolution method based on tcp protocol in mobile internet and dns server |
CN105306494A (en) * | 2015-11-26 | 2016-02-03 | 上海斐讯数据通信技术有限公司 | Server and method for preventing DOS attacks |
CN105978890B (en) * | 2016-06-23 | 2019-03-29 | 贵州白山云科技股份有限公司 | Ssyn attack domain name localization method and device |
CN105978890A (en) * | 2016-06-23 | 2016-09-28 | 贵州白山云科技有限公司 | Method and device for locating domain names attacked by SYN |
CN111107175B (en) * | 2017-03-31 | 2023-08-08 | 贵州白山云科技股份有限公司 | Method and device for constructing DNS response message |
CN108667947A (en) * | 2017-03-31 | 2018-10-16 | 贵州白山云科技有限公司 | A kind of method and device for the length reducing DNS response messages |
CN111107175A (en) * | 2017-03-31 | 2020-05-05 | 贵州白山云科技股份有限公司 | Method and device for constructing DNS response message |
WO2018214853A1 (en) * | 2017-05-22 | 2018-11-29 | 贵州白山云科技有限公司 | Method, apparatus, medium and device for reducing length of dns message |
CN107438115A (en) * | 2017-09-11 | 2017-12-05 | 深圳市茁壮网络股份有限公司 | A kind of domain name analytic method, apparatus and system |
CN108965496A (en) * | 2018-07-20 | 2018-12-07 | 网宿科技股份有限公司 | A kind of method and device verifying DNS request legitimacy |
CN112153166A (en) * | 2019-06-27 | 2020-12-29 | 北京声智科技有限公司 | DNS rapid analysis method, device, terminal and medium |
CN111614783A (en) * | 2020-05-29 | 2020-09-01 | 北京邮电大学 | Domain name resolution emergency response method and system |
CN113992626A (en) * | 2021-10-22 | 2022-01-28 | 浪潮思科网络科技有限公司 | Method, device and storage medium for realizing DNS |
Also Published As
Publication number | Publication date |
---|---|
CN102025794B (en) | 2013-07-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102025794B (en) | Domain name resolution method, DNS (Domain Name Server) server and system | |
CN103338279B (en) | Based on optimization sequencing method and the system of domain name mapping | |
CN103051740B (en) | Domain name analytic method, dns server and domain name analysis system | |
CN102025795B (en) | DNS response message processing method, DNS server and system | |
EP2769307B1 (en) | Answer augmentation system for authoritative dns servers | |
JP5624973B2 (en) | Filtering device | |
US7778203B2 (en) | On-demand MAC address lookup | |
US7930413B2 (en) | System and method for controlling access to a network resource | |
CN102469167B (en) | Domain name query implementing method and system | |
CN102316160B (en) | Website system and communication method thereof | |
CN102137174B (en) | Method for caching of domain name system, authorized domain name server and cache domain name server | |
CN102685074B (en) | Anti-phishing network communication system and method | |
CN103064932A (en) | System and method for processing static page | |
US8914510B2 (en) | Methods, systems, and computer program products for enhancing internet security for network subscribers | |
CN101094129A (en) | Method for accessing domain name, and client terminal | |
CN103905572A (en) | Domain name resolution request processing method and device | |
CN104980446A (en) | Detection method and system for malicious behavior | |
CN101170585A (en) | A domain name inquiry method | |
CN104717314A (en) | IP management method and system, client-side and server | |
CN102801823A (en) | DNS (domain name server) relay method and device | |
CN103581040A (en) | Server distributing device and server distributing method | |
US7987255B2 (en) | Distributed denial of service congestion recovery using split horizon DNS | |
CN104967632A (en) | Webpage abnormal data processing method, data server and system | |
CN101383818A (en) | Processing method and device for access network | |
CN103957289A (en) | DNSSEC analytic method based on complex network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |