CN108965496A - A kind of method and device verifying DNS request legitimacy - Google Patents

A kind of method and device verifying DNS request legitimacy Download PDF

Info

Publication number
CN108965496A
CN108965496A CN201810806464.XA CN201810806464A CN108965496A CN 108965496 A CN108965496 A CN 108965496A CN 201810806464 A CN201810806464 A CN 201810806464A CN 108965496 A CN108965496 A CN 108965496A
Authority
CN
China
Prior art keywords
dns
client
dns request
source address
sent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810806464.XA
Other languages
Chinese (zh)
Inventor
张�杰
朱维亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wangsu Science and Technology Co Ltd
Original Assignee
Wangsu Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wangsu Science and Technology Co Ltd filed Critical Wangsu Science and Technology Co Ltd
Priority to CN201810806464.XA priority Critical patent/CN108965496A/en
Publication of CN108965496A publication Critical patent/CN108965496A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a kind of method and devices for verifying DNS request legitimacy, this method comprises: receiving the first DNS request that client is sent based on UDP;Determine the source address of first DNS request whether in legal list;When the source address is not in the legal list, the first DNS response message is sent to the client, the TC marker bit in the first DNS response message is 1;When receiving the second DNS request that the client is sent based on TCP in the first preset time, the 2nd DNS response message is sent to the client, and the source address of the client is stored in the legal list.The legitimacy of each DNS request can not only be effectively verified using the present invention, ensure that legal DNS request is replied, query-attack is intercepted, and available legal list, when receiving the DNS request that the source address in legal list is sent again, it is legitimate request that the DNS request, which can be directly determined, it is not necessary to so that client is based on TCP again and send DNS request.

Description

A kind of method and device verifying DNS request legitimacy
Technical field
The present invention relates to technical field of network security, in particular to a kind of method and device for verifying DNS request legitimacy.
Background technique
DNS (Domain Name System, domain name system) is can mutually be mapped domain name and IP address one A distributed data base.In a particular application, client sends DNS request to dns server, and dns server receives DNS and asks After asking, the corresponding IP address of the domain name of DNS request is determined, and the IP address is sent to client, client can be to this IP address requests network service.
UDP (User Datagram Protocol, User Datagram Protocol) or TCP can be used in client (Transmission Control Protocol, transmission control protocol) is communicated with dns server.Client is usually adopted It is just transmitted using TCP only in UDP message off-capacity with UDP transmission DNS request, and the application based on UDP Agreement is easily subject to DDOS (Distributed Denial ofService, distributed denial of service) attack.Based on UDP's For DDOS attack usually by sending a large amount of DNS request to dns server, dns resolution service belongs to the application of computation-intensive, When handling the DNS request of magnanimity, it is easy to cause dns server resource exhaustion and leads to not service, or because of network congestion And it paralyses.
It is that detection is sent to the DNS request of specific IP or special domain for the protection way of the DDOS attack based on UDP at present Rate, determine under attack if rate is more than threshold value, abandon all DNS requests.This will lead to is flooded by query-attack Legal DNS request not is also unable to get processing, influences the service request of normal users.
Summary of the invention
In order to solve problems in the prior art, the embodiment of the invention provides a kind of methods for verifying DNS request legitimacy And device.The technical solution is as follows:
In a first aspect, providing a kind of method for verifying DNS request legitimacy, the method is applied in dns server, The described method includes:
The first DNS request that client is sent is received based on UDP;
Determine the source address of first DNS request whether in legal list;
When the source address is not in the legal list, the first DNS response message is sent to the client, it is described TC marker bit in first DNS response message is 1;
When receiving the second DNS request that the client is sent based on TCP in the first preset time, to the visitor Family end sends the 2nd DNS response message, and the source address of the client is stored in the legal list.
Optionally, when receiving the second DNS request that the client is sent based on TCP in the first preset time, The 2nd DNS response message is sent to the client, and the source address of the client is stored in the legal list, is wrapped It includes:
When the second DNS request for receiving the client within a preset time and being sent based on TCP, and described second When the source address and domain name of DNS request include in first DNS request, the source address of the client is stored in the conjunction In method list.
Optionally, the method also includes:
When the source address includes in the legal list, the 3rd DNS is sent to the client using UDP and is responded Message includes the domain name mapping to first DNS request as a result, and the 3rd DNS in the 3rd DNS response message TC marker bit in response message is 0.
Optionally, the method also includes:
The third DNS request that client is sent is received based on UDP;
When the quantity for the source address that the legal list is included is kept fixed in the second preset time, and described When the source address of three DNS requests is not in the legal list, the third DNS request is abandoned.
It is optionally, described to send the 2nd DNS response message to the client, comprising:
The 2nd DNS response message is sent to the client using TCP, the TC in the 2nd DNS response message Marker bit is 0.
Optionally, the method also includes:
When being not received by the second DNS request that the client is sent based on TCP in the first preset time, by this The source address of client is stored in illegal list.
Second aspect, provides a kind of device for verifying DNS request legitimacy, and described device includes:
Receiving unit, for receiving the first DNS request that client is sent based on UDP;
Determination unit, for determining the source address of first DNS request whether in legal list;
Transmission unit, for sending the first DNS to the client when the source address is not in the legal list Response message, the TC marker bit in the first DNS response message are 1;
The transmission unit is also used to be based on when the receiving unit receives the client in the first preset time When the second DNS request that TCP is sent, the 2nd DNS response message is sent to the client;
Storage unit, for the source address of the client to be stored in the legal list.
Optionally, the storage unit is specifically used for:
When the receiving unit receives the second DNS request that the client is sent based on TCP within a preset time, and And the source address and domain name of second DNS request protect the source address of the client when including in first DNS request There are in the legal list.
Optionally, the transmission unit is also used to:
When the source address includes in the legal list, the 3rd DNS is sent to the client using UDP and is responded Message includes the domain name mapping to first DNS request as a result, and the 3rd DNS in the 3rd DNS response message TC marker bit in response message is 0.
Optionally, the receiving unit is also used to receive the third DNS request that client is sent based on UDP;
The determination unit is also used to work as the quantity for the source address that the legal list is included in the second preset time It is kept fixed, and when the source address of the third DNS request is not in the legal list, abandons the third DNS request.
Optionally, the transmission unit is specifically used for:
The 2nd DNS response message is sent to the client using TCP, the TC in the 2nd DNS response message Marker bit is 0.
Optionally, the storage unit is also used to:
When the receiving unit is not received by second that the client is sent based on TCP in the first preset time When DNS request, the source address of the client is stored in illegal list.
The third aspect, provides a kind of dns server, and the dns server includes processor and memory, the storage Be stored at least one instruction, at least one section of program, code set or instruction set in device, at least one instruction, it is described at least One section of program, the code set or instruction set are loaded as the processor and are executed to realize verification DNS described in first aspect The method for requesting legitimacy.
Using the method and device of verification DNS request legitimacy provided in an embodiment of the present invention, can not only effectively verify The legitimacy of each DNS request, it is ensured that legal DNS request is replied, and query-attack is intercepted, and available legal List can directly determine the DNS request when receiving the DNS request that the source address in legal list is sent again to close Method request, it is not necessary to make client be based on TCP again and send DNS request, to keep the verification process of DNS request legitimacy simpler It is single, shorten the time that client obtains domain name resolution service.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other Attached drawing.
Fig. 1 is a kind of network frame schematic diagram provided in an embodiment of the present invention;
Fig. 2 is a kind of method flow diagram for verifying DNS request legitimacy provided in an embodiment of the present invention;
Fig. 3 is a kind of structural block diagram of device for verifying DNS request legitimacy provided in an embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of dns server provided in an embodiment of the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention Formula is described in further detail.
The embodiment of the invention provides a kind of method for verifying DNS request legitimacy, this method be can be applied to shown in Fig. 1 Network frame in.The network frame includes client and dns server.The client includes legitimate client and attack End.Legitimate client sends legal DNS request to dns server, and attack end can be based on UDP as legitimate client A large amount of DNS request, i.e. query-attack are forged, and then sends a large amount of query-attack to dns server.
After dns server in the embodiment of the present invention receives the first DNS request of client transmission based on UDP, determine Whether the source address of first DNS request is in legal list, when the source address is not in the legal list, to institute It states client and sends the first DNS response message, the TC marker bit in the first DNS response message is 1, when first is default In when receiving the second DNS request that the client is sent based on TCP, determine the source address for legal source address, and The source address of the client is stored in the legal list.It is legal using verification DNS request provided in an embodiment of the present invention The method of property, can not only effectively verify the legitimacy of each DNS request, it is ensured that legal DNS request is replied, query-attack It is intercepted, and available legal list, when receiving the DNS request that the source address in legal list is sent again, It is legitimate request that the DNS request, which can be directly determined, it is not necessary to so that client is based on TCP again and send DNS request, to make DNS It requests the verification process of legitimacy simpler, shortens the time that client obtains domain name resolution service.
It referring to fig. 2, is a kind of flow chart for the method for verifying DNS request legitimacy provided in an embodiment of the present invention, the party Method is applied particularly in dns server, namely is executed by dns server, and this method can specifically include following steps.
Step 201, the first DNS request that client is sent is received based on UDP.
Client can send DNS request to dns server using UDP first, when dns server is received based on UDP When the DNS request, following checkout procedures is executed.
Step 202, determine the source address of first DNS request whether in legal list.
The legal list is for saving the legal source address that all dns servers determined.
Step 203, when the source address is not in the legal list, the first DNS response is sent to the client Message, the TC marker bit in the first DNS response message are 1.
When the source address is not in the legal list, illustrate that dns server can not confirm that the source address is legal Source address needs to be implemented further checkout procedure, i.e., sends first to the client using UDP according to the source address DNS response message, the TC marker bit in the first DNS response message is 1, and the first DNS response message can not Comprising the domain name mapping to first DNS request as a result, the domain name mapping result refers to the domain name in first DNS request Corresponding IP address.When TC marker bit in DNS response message is 1, indicate that message length is limited more than message length.
When client receives the DNS response message that TC marker bit is 1, reuses TCP and send DNS request, i.e., the Two DNS requests.Domain name in second DNS request is identical as the domain name in the first DNS request.
When the source address includes in the legal list, the 3rd DNS is sent to the client using UDP and is responded Message includes the domain name mapping to first DNS request as a result, and the 3rd DNS in the 3rd DNS response message TC marker bit in response message is 0.It in specific implementation, can not also be to TC marker bit in the 3rd DNS response message On numerical value specifically limited, as long as client receives the DNS response message comprising domain name mapping result, that is, can determine nothing DNS request need to be sent again.
Step 204, when receiving the second DNS request that the client is sent based on TCP in the first preset time, The 2nd DNS response message is sent to the client, and the source address of the client is stored in the legal list.
Dns server judges whether to have received the client is sent based on TCP second in the first preset time The process of DNS request are as follows: when receiving the DNS request that client is sent based on TCP, determine the DNS request source address and Whether domain name is included in the first DNS request, when including in the first DNS request, that is to say, that received based on TCP Source address in DNS request and the source address in the domain name and the first DNS request to be parsed and the domain name to be parsed are distinguished It is identical, the time interval between former and later two DNS requests is determined whether in the first prefixed time interval, when first is default Between be spaced in when, can determine that the client is had received in the first preset time is asked based on the 2nd DNS that TCP is sent It asks.That is, when receiving the second DNS request that the client is sent based on TCP, and institute in the first preset time When the source address and domain name for stating the second DNS request include in first DNS request, it can determine in the first preset time The second DNS request that the client is sent based on TCP is had received, and determines the source address of the client for legal source Location.
When for the source address and domain name of determination second DNS request whether including in first DNS request, when connecing The first DNS request of UDP carrying is received, and when the source address of first DNS request is not in legal list, this can be saved The source address of first DNS request and the domain name to be parsed.
Dns server can be used TCP and send the 2nd DNS response message to the client, and the 2nd DNS is rung Answering includes domain name mapping result to second DNS request in message.When client is received comprising domain name mapping result When DNS response message, it can determine without sending DNS request again.In specific implementation, the 2nd DNS can be responded TC mark position 0 in message, when client is received comprising domain name mapping result DNS response message, and DNS response report When TC marker bit in text is 0, it can also determine without sending DNS request again.
And for attacking end, attack end is only responsible for sending a large amount of query-attack.Dns server receives attack end hair The DNS request sent, and the source address that can determine whether out the DNS request is marked not in legal list to send TC to attack end Remember that position is 1 DNS response message.When attack termination receives the DNS response message that the TC marker bit of dns server transmission is 1, Any processing will not be carried out to the DNS response message, would not also TCP be used to send DNS request, institute to dns server again The matched DNS request of DNS request sent with attack end by TCP carrying will not be received with dns server, so that it is determined that it The request that preceding attack end is sent is query-attack, realizes the interception to query-attack.
In embodiments of the present invention, when being not received by what the client was sent based on TCP in the first preset time When the second DNS request, dns server can be confirmed that first DNS request is query-attack, and by the source of the client Location is stored in illegal list.When receiving the DNS request that the source address in the illegal list is sent, can directly abandon The DNS request.
Since the client to the request service of the same dns server is substantially stationary, so executing above-mentioned method of calibration After a period of time, a fixed legal list can be obtained.So can directly utilize should after obtaining fixed legal list Legal list detects query-attack, detailed process are as follows: receives the third DNS request that client is sent based on UDP;When the conjunction The quantity for the source address that religious name list is included is kept fixed in the second preset time, and the source of the third DNS request When location is not in the legal list, the third DNS request is abandoned.
Using the method for verification DNS request legitimacy provided in an embodiment of the present invention, each DNS can not only be effectively verified The legitimacy of request, it is ensured that legal DNS request is replied, and query-attack is intercepted, and available legal list, when When receiving the DNS request that the source address in legal list is sent again, can directly determine the DNS request is legitimate request, Client need not be made to be based on TCP again and send DNS request, to keep the verification process of DNS request legitimacy simpler, shortened The time of client acquisition domain name resolution service.
Based on the same technical idea, the embodiment of the invention also provides a kind of devices for verifying DNS request legitimacy, such as Shown in Fig. 3, which includes receiving unit 301, determination unit 302, transmission unit 303 and storage unit 304.
Wherein, receiving unit 301, for receiving the first DNS request that client is sent based on UDP.
Determination unit 302, for determining the source address of first DNS request whether in legal list.
Transmission unit 303, for sending first to the client when the source address is not in the legal list DNS response message, the TC marker bit in the first DNS response message are 1.
The transmission unit 303 is also used to receive the client in the first preset time when the receiving unit 301 End group sends the 2nd DNS response message when the second DNS request that TCP is sent, to the client.
Storage unit 304, for the source address of the client to be stored in the legal list.
Preferably, the storage unit 304 is specifically used for:
It is asked when the receiving unit 301 receives the client within a preset time based on the 2nd DNS that TCP is sent It asks, and when the source address of second DNS request and domain name include in first DNS request, by the source of the client Address is stored in the legal list.
Preferably, the transmission unit 303 is also used to:
When the source address includes in the legal list, the 3rd DNS is sent to the client using UDP and is responded Message includes the domain name mapping to first DNS request as a result, and the 3rd DNS in the 3rd DNS response message TC marker bit in response message is 0.
Preferably, the receiving unit 301 is also used to receive the third DNS request that client is sent based on UDP;It is described Determination unit 302, the quantity for being also used to work as the source address that the legal list is included are kept fixed in the second preset time, And when the source address of the third DNS request is not in the legal list, the third DNS request is abandoned.
Preferably, the transmission unit 303 is specifically used for: sending the 2nd DNS to the client using TCP and responds Message, the TC marker bit in the 2nd DNS response message are 0.
Preferably, the storage unit 304 is also used to:
When the receiving unit 301 is not received by that the client is sent based on TCP in the first preset time When two DNS requests, the source address of the client is stored in illegal list.
Using the device of verification DNS request legitimacy provided in an embodiment of the present invention, each DNS can not only be effectively verified The legitimacy of request, it is ensured that legal DNS request is replied, and query-attack is intercepted, and available legal list, when When receiving the DNS request that the source address in legal list is sent again, can directly determine the DNS request is legitimate request, Client need not be made to be based on TCP again and send DNS request, to keep the verification process of DNS request legitimacy simpler, shortened The time of client acquisition domain name resolution service.
It should be understood that the device of verification DNS request legitimacy provided by the above embodiment is legal in verification DNS request When property, only the example of the division of the above functional modules, in practical application, it can according to need and by above-mentioned function Distribution is completed by different functional units, i.e., the internal structure of device is divided into different functional units, to complete above retouch The all or part of function of stating.In addition, the device of verification DNS request legitimacy provided by the above embodiment is asked with verification DNS The embodiment of the method for legitimacy is asked to belong to same design, specific implementation process is detailed in embodiment of the method, and which is not described herein again.
Fig. 4 is the structural schematic diagram of dns server provided in an embodiment of the present invention.The dns server 400 can because configuration or Performance is different and generates bigger difference, may include one or more central processing units 422 (for example, one or one A above processor) and memory 432, the storage medium 430 of one or more storage application programs 442 or data 444 (such as one or more mass memory units).Wherein, memory 432 and storage medium 430 can be it is of short duration storage or Persistent storage.The program for being stored in storage medium 430 may include one or more modules (diagram does not mark), Mei Gemo Block may include to the series of instructions operation in dns server.Further, central processing unit 422 can be set to Storage medium 430 communicates, and the series of instructions operation in storage medium 430 is executed on dns server 400.
Dns server 400 can also include one or more power supplys 426, one or more are wired or wireless Network interface 450, one or more input/output interfaces 458, one or more keyboards 456, and/or, one or More than one operating system 441, such as Windows ServerTM, Mac OSXTM, UnixTM, LinuxTM, FreeBSDTM etc. Deng.
Dns server 400 may include have memory and one perhaps more than one program one of them or More than one program is stored in memory, and be configured to be executed by one or more than one processor it is one or More than one program includes the instruction for carrying out above-mentioned verification DNS request legitimacy.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.

Claims (13)

1. a kind of method for verifying DNS request legitimacy, which is characterized in that the method is applied in dns server, the side Method includes:
The first DNS request that client is sent is received based on UDP;
Determine the source address of first DNS request whether in legal list;
When the source address is not in the legal list, to the client send the first DNS response message, described first TC marker bit in DNS response message is 1;
When receiving the second DNS request that the client is sent based on TCP in the first preset time, to the client The 2nd DNS response message is sent, and the source address of the client is stored in the legal list.
2. the method according to claim 1, wherein when receiving client's end group in the first preset time When the second DNS request that TCP is sent, the 2nd DNS response message is sent to the client, and by the source address of the client It is stored in the legal list, comprising:
When the second DNS request for receiving the client within a preset time and being sent based on TCP, and the 2nd DNS is asked When the source address and domain name asked include in first DNS request, the source address of the client is stored in the legal name Dan Zhong.
3. the method according to claim 1, wherein further include:
When the source address includes in the legal list, the 3rd DNS response report is sent to the client using UDP Text includes the domain name mapping to first DNS request in the 3rd DNS response message as a result, and the 3rd DNS ring Answering the TC marker bit in message is 0.
4. the method according to claim 1, wherein further include:
The third DNS request that client is sent is received based on UDP;
When the quantity for the source address that the legal list is included is kept fixed in the second preset time, and the third When the source address of DNS request is not in the legal list, the third DNS request is abandoned.
5. the method according to claim 1, wherein it is described to the client send the 2nd DNS response message, Include:
The 2nd DNS response message is sent to the client using TCP, the TC label in the 2nd DNS response message Position is 0.
6. the method according to claim 1, wherein further include:
When being not received by the second DNS request that the client is sent based on TCP in the first preset time, by the client The source address at end is stored in illegal list.
7. a kind of device for verifying DNS request legitimacy, which is characterized in that described device includes:
Receiving unit, for receiving the first DNS request that client is sent based on UDP;
Determination unit, for determining the source address of first DNS request whether in legal list;
Transmission unit, for sending the first DNS response to the client when the source address is not in the legal list Message, the TC marker bit in the first DNS response message are 1;
The transmission unit is also used to be based on TCP when the receiving unit receives the client in the first preset time When the second DNS request sent, the 2nd DNS response message is sent to the client;
Storage unit, for the source address of the client to be stored in the legal list.
8. the apparatus according to claim 1, which is characterized in that the storage unit is specifically used for:
When the receiving unit receives the second DNS request that the client is sent based on TCP, and institute within a preset time When the source address and domain name for stating the second DNS request include in first DNS request, the source address of the client is stored in In the legal list.
9. the apparatus according to claim 1, which is characterized in that the transmission unit is also used to:
When the source address includes in the legal list, the 3rd DNS response report is sent to the client using UDP Text includes the domain name mapping to first DNS request in the 3rd DNS response message as a result, and the 3rd DNS ring Answering the TC marker bit in message is 0.
10. the apparatus according to claim 1, which is characterized in that
The receiving unit is also used to receive the third DNS request that client is sent based on UDP;
The determination unit, the quantity for being also used to work as the source address that the legal list is included are kept in the second preset time It is fixed, and when the source address of the third DNS request is not in the legal list, abandon the third DNS request.
11. the apparatus according to claim 1, which is characterized in that the transmission unit is specifically used for:
The 2nd DNS response message is sent to the client using TCP, the TC label in the 2nd DNS response message Position is 0.
12. the apparatus according to claim 1, which is characterized in that the storage unit is also used to:
It is asked when the receiving unit is not received by the client in the first preset time based on the 2nd DNS that TCP is sent When asking, the source address of the client is stored in illegal list.
13. a kind of dns server, which is characterized in that the dns server includes processor and memory, in the memory It is stored at least one instruction, at least one section of program, code set or instruction set, described at least one instructs, is at least one section described Program, the code set or instruction set are loaded by the processor and are executed to realize the school as described in claim 1 to 6 is any The method for testing DNS request legitimacy.
CN201810806464.XA 2018-07-20 2018-07-20 A kind of method and device verifying DNS request legitimacy Pending CN108965496A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810806464.XA CN108965496A (en) 2018-07-20 2018-07-20 A kind of method and device verifying DNS request legitimacy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810806464.XA CN108965496A (en) 2018-07-20 2018-07-20 A kind of method and device verifying DNS request legitimacy

Publications (1)

Publication Number Publication Date
CN108965496A true CN108965496A (en) 2018-12-07

Family

ID=64495496

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810806464.XA Pending CN108965496A (en) 2018-07-20 2018-07-20 A kind of method and device verifying DNS request legitimacy

Country Status (1)

Country Link
CN (1) CN108965496A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101257450A (en) * 2008-03-28 2008-09-03 华为技术有限公司 Network safety protection method, gateway equipment, client terminal as well as network system
CN101282209A (en) * 2008-05-13 2008-10-08 杭州华三通信技术有限公司 Method and apparatus for preventing DNS request message from flooding attack
US7882268B1 (en) * 2007-02-01 2011-02-01 Google Inc. UDP transport for web services
CN102025794A (en) * 2010-01-22 2011-04-20 ***通信集团北京有限公司 Domain name resolution method, DNS (Domain Name Server) server and system
CN103391272A (en) * 2012-05-08 2013-11-13 深圳市腾讯计算机***有限公司 Method and system for detecting false attack sources
CN104378450A (en) * 2013-08-12 2015-02-25 深圳市腾讯计算机***有限公司 Protection method and device for network attacks
US9756071B1 (en) * 2014-09-16 2017-09-05 A10 Networks, Inc. DNS denial of service attack protection
CN108206814A (en) * 2016-12-20 2018-06-26 腾讯科技(深圳)有限公司 A kind of method, apparatus and system for defending DNS attacks

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7882268B1 (en) * 2007-02-01 2011-02-01 Google Inc. UDP transport for web services
CN101257450A (en) * 2008-03-28 2008-09-03 华为技术有限公司 Network safety protection method, gateway equipment, client terminal as well as network system
CN101282209A (en) * 2008-05-13 2008-10-08 杭州华三通信技术有限公司 Method and apparatus for preventing DNS request message from flooding attack
CN102025794A (en) * 2010-01-22 2011-04-20 ***通信集团北京有限公司 Domain name resolution method, DNS (Domain Name Server) server and system
CN103391272A (en) * 2012-05-08 2013-11-13 深圳市腾讯计算机***有限公司 Method and system for detecting false attack sources
CN104378450A (en) * 2013-08-12 2015-02-25 深圳市腾讯计算机***有限公司 Protection method and device for network attacks
US9756071B1 (en) * 2014-09-16 2017-09-05 A10 Networks, Inc. DNS denial of service attack protection
CN108206814A (en) * 2016-12-20 2018-06-26 腾讯科技(深圳)有限公司 A kind of method, apparatus and system for defending DNS attacks

Similar Documents

Publication Publication Date Title
US9729413B2 (en) Apparatus and method for identifying domain name system tunneling, exfiltration and infiltration
CN110800331B (en) Network verification method, related equipment and system
EP3338396B1 (en) Device and method for establishing connection in load-balancing system
CN102739684B (en) Portal authentication method based on virtual IP address, and server thereof
US10218733B1 (en) System and method for detecting a malicious activity in a computing environment
CN105981345B (en) The Lawful intercept of WI-FI/ packet-based core networks access
CN112312466A (en) Method, device and system for sending event report
CN104980920A (en) Method and device for establishing communication connection of intelligent terminal
CN105634660B (en) Data packet detection method and system
CN112311722B (en) Access control method, device, equipment and computer readable storage medium
CN106790073B (en) Blocking method and device for malicious attack of Web server and firewall
CN112087412B (en) Service access processing method and device based on unique token
CN113810427A (en) Penetration testing method, terminal equipment and storage medium
CN109495602B (en) Method and device for processing network access abnormity
CN108965496A (en) A kind of method and device verifying DNS request legitimacy
EP3617922A1 (en) Apparatus and methods for deriving fingerprints of communications devices
CN105191226B (en) For adjusting the method and arrangement of the service quality of dedicated channel based on service awareness
WO2022089130A1 (en) Method and apparatus for controlling abnormal terminal
EP2955945A1 (en) Method and system for implementing authentication and accounting in interaction between wireless local area network and fixed network
US20230239283A1 (en) Destination-based policy selection and authentication
US10079857B2 (en) Method of slowing down a communication in a network
CN105554757A (en) Wireless access authentication method based on cloud
CN112887255A (en) Network communication method and device
CN104410633A (en) Method and device for security scanning of anti-concurrent server
WO2024114539A1 (en) Address allocation method and apparatus, and user plane function entity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181207

RJ01 Rejection of invention patent application after publication