CN111213348A - Method, device and system for domain name resolution in data center system - Google Patents

Method, device and system for domain name resolution in data center system Download PDF

Info

Publication number
CN111213348A
CN111213348A CN201780095877.5A CN201780095877A CN111213348A CN 111213348 A CN111213348 A CN 111213348A CN 201780095877 A CN201780095877 A CN 201780095877A CN 111213348 A CN111213348 A CN 111213348A
Authority
CN
China
Prior art keywords
vpc
domain name
address
server
dns
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201780095877.5A
Other languages
Chinese (zh)
Other versions
CN111213348B (en
Inventor
刘晓贺
雷智鹏
苏建康
张亚军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Cloud Computing Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN202110824843.3A priority Critical patent/CN113726918B/en
Publication of CN111213348A publication Critical patent/CN111213348A/en
Application granted granted Critical
Publication of CN111213348B publication Critical patent/CN111213348B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2521Translation architectures other than single NAT servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5061Pools of addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method, a device and a system for domain name resolution in a data center system are provided, the system comprises at least one physical server, a DNS server and a distributed routing device, at least one virtual machine runs on each physical server, the virtual machines in the data center system are respectively located in at least two virtual private cloud VPCs, the same domain name is hosted in the at least two VPCs, the same domain name points to different services in the at least two VPCs, the DNS server establishes a corresponding relation between NAT addresses of user virtual machines and VPC identifiers, the VPCs where different users are located are distinguished through the VPC identifiers, and further IP addresses corresponding to the domain names hosted in the VPCs are determined.

Description

Method, device and system for domain name resolution in data center system Technical Field
The invention relates to the technical field of IT (information technology), in particular to a method, a device and a system for domain name resolution in a data center system.
Background
The Domain Name System (DNS) is a system for mapping domain names and IP addresses to each other on the internet. When a user accesses the internet, the user does not need to directly use the IP address which can be read by a machine for accessing, the user only needs to input the domain name of the host, the DNS system carries out domain name resolution operation to obtain the IP address corresponding to the domain name of the host, and the user can access the IP address.
A Virtual Private Cloud (VPC) is a customized private network created by a user in a data center network, two-layer logic isolation is performed between different VPCs, and the user may manage the network of the virtual private cloud and create and manage cloud product instances in the VPCs, such as network segment division, routing table configuration, gateway configuration, and the like.
Since the user can configure and manage the VPC network autonomously, different user configured domain names may be duplicated in different VPC networks. Illustratively, user a configures the IP address corresponding to domain name www.abc.com in a VPC1 network to be 2.2.2.2, and user B configures the IP address corresponding to domain name www.abc.com in a VPC2 network to be 3.3.3.3. In this case, since there is a case where domain names are duplicated, when a DNS server in a data center performs domain name resolution, it is impossible to return different IP addresses corresponding to the same domain name to different users.
Disclosure of Invention
The embodiment of the invention describes a method, a device and a system for domain name resolution in a data center system, which solve the problem that a DNS server cannot correctly perform domain name resolution under the condition that domain names of different VPCs in the data center system are repeated.
In one aspect, an embodiment of the present invention provides a method for domain name resolution in a data center system, where the data center system includes at least one physical server, a DNS server, and a distributed routing device, each physical server runs at least one virtual machine, the virtual machines in the data center system are respectively located in at least two virtual private cloud VPCs, the at least two VPCs host the same domain name, and the same domain name points to different services in the at least two VPCs, and the method includes:
the DNS server receives a modified DNS query message sent by the distributed routing equipment, wherein the source IP address of the modified DNS query message is an NAT address corresponding to a first virtual machine in a first VPC which sends out the DNS query message, and the modified DNS query message carries a domain name to be accessed by the first virtual machine;
the DNS server determines the identification of the VPC where the first virtual machine is located according to the corresponding relation between the NAT address and the VPC identification;
and the DNS server acquires an IP address corresponding to the domain name hosted in the VPC according to the determined VPC identifier, and returns the acquired IP address to the first physical server.
According to the embodiment of the invention, the corresponding relation between the NAT address and the VPC identification is established in the DNS server, and the VPC of different users is distinguished through the VPC identification, so that the DNS server supports the isolation of the users among different VPCs, and the correct resolution of the same domain name in different VPC networks in a data center is realized.
In a possible implementation manner, the DNS server reads an NAT address in an NAT address pool allocated to a VPC from a storage device, records a correspondence between the NAT address and a VPC identifier, and records a correspondence between a VPC identifier and an NAT address pool belonging to the VPC in the storage device.
The correspondence may be recorded in the form of an array, specifically, the array includes an index and a VPC identifier, and the index is used to uniquely identify one NAT address. The value of the index is the result of the and operation of the NAT address and 100.64.0.0. By the index, the query efficiency can be improved.
When the DNS server does not locally query the IP address corresponding to the domain name, the DNS server further sends a DNS query request to an internet domain name server outside the data center system, obtains a public network IP address corresponding to the domain name, and returns the public network IP address to the first virtual machine in the first physical server.
In a second aspect, an embodiment of the present invention provides a data center system, where the system includes at least one physical server, a DNS server, and a distributed routing device, where at least one virtual machine runs on each physical server, the virtual machines in the data center system are respectively located in at least two virtual private cloud VPCs, where the at least two VPCs host the same domain name, and the same domain name points to different services in the at least two VPCs,
a first physical server in the data center system, configured to send a domain name system DNS query packet sent by a first virtual machine running on the first physical server to the distributed routing device, where a source IP address of the DNS query packet is a local area network address of the first virtual machine in a first VPC, and the DNS query packet carries a domain name to be accessed by the first virtual machine;
the distributed routing equipment is used for receiving the DNS query message, modifying a source IP address of the DNS query message into an NAT address corresponding to the source IP address, and sending the modified DNS query message to the DNS server;
the DNS server is configured to receive the modified DNS query packet, determine, according to a correspondence between an NAT address and a VPC identifier, an identifier of a VPC where the first virtual machine is located, obtain, according to the determined identifier of the VPC, an IP address corresponding to the domain name hosted in the VPC, and return the obtained IP address to the first physical server;
the first physical server is configured to send an access request issued by the first virtual machine according to the IP address, where the access request is used to access a service to which the domain name points in the first VPC.
The system also comprises a storage device, wherein the storage device is used for recording the NAT address pool and the VPC identification which belong to the VPC when the VPC is created.
In a third aspect, corresponding to the method for domain name resolution in the first aspect, an embodiment of the present invention further provides a DNS server, where the DNS server includes a receiving unit, and a sending unit, and the units are used to execute method steps in domain name resolution to implement domain name resolution.
In one possible design, the DNS server is implemented by a general-purpose or special-purpose physical server having a structure including a processor, a memory, a system bus, and an input/output interface, the processor being configured to support the respective functions of the DNS servers in the system. The input and output interfaces are used for communicating with other components in the data center system, and the processor executes the instructions stored in the memory.
In another aspect, an embodiment of the present invention provides a computer storage medium for storing computer software instructions for the DNS server, which includes a program designed to execute the above aspects.
Drawings
FIG. 1 is a schematic structural diagram of a data center system provided by an embodiment of the present invention;
fig. 2 is a schematic flowchart of a method for domain name resolution of a data center system according to an embodiment of the present invention;
fig. 3 is a schematic logical structure diagram of a DNS server according to an embodiment of the present invention;
fig. 4 is a schematic hardware structure diagram of a DNS server according to an embodiment of the present invention.
Detailed Description
The domain name is unique in the Internet network, and an Internet domain name server (public network DNS server) provides domain name resolution service for Internet users. In the data center network, a user can establish VPC and customize domain names in PVC. The VPC is a logic isolation network space customized by a user in a data center system, has the capability similar to that of the traditional network, and can completely master the VPC belonging to the user and execute various operations on the VPC, including customized network segment division, IP address allocation, routing strategy control and the like. Thus, the same domain name can be applied in different VPC networks to represent different services, i.e. there is a possibility that the domain name will be duplicated in the data center system.
Illustratively, user a establishes VPC1 in the data center system, and defines domain name www.abc.com in VPC1 for pointing to website a with IP address 2.2.2.2; user B establishes VPC2 in the data center system and defines domain name www.abc.com in VPC2 for pointing to website B with IP address 3.3.3.3. A first virtual machine in the VPC1 inputs a domain name www.abc.com in a browser, and initiates a DNS query to a DNS server in a data center system, and the DNS server receives the domain name www.abc.com input by the first virtual machine in the VPC1, cannot determine the VPC corresponding to the domain name www.abc.com, and further cannot resolve an IP address corresponding to the domain name, so that the first virtual machine in the VPC1 cannot access the website a.
In order to solve the above problem, embodiments of the present invention provide a method for providing a domain name resolution service to a user virtual machine by a DNS server in a data center system, which can implement correct resolution for the same domain name in different VPC networks. In the embodiment of the invention, the corresponding relation between the Network Address Translation (NAT) address of the user virtual machine and the VPC identifier is established, the VPC where different users are located is distinguished through the VPC identifier, and the IP address corresponding to the domain name hosted in the VPC is further determined, so that the DNS server supports the isolation of the users among different VPCs, and the correct resolution of the same domain name in different VPC networks is realized.
The technical solution in the embodiments of the present invention will be described below with reference to the accompanying drawings.
As shown in fig. 1, a schematic structural diagram of a data center system provided in an embodiment of the present invention is shown, where the data center network includes a DNS server 101, a distributed routing device 102, and a plurality of physical servers 103, a Virtual Machine (VM) runs on the physical server 103, and the data center system includes at least two VPCs, and each VPC includes at least one virtual machine. The virtual machine is connected to the DNS server 101 through the distributed routing device 102, and the DNS server 101 provides domain name resolution services for the virtual machine.
Two-layer isolation is adopted between different VPCs, the local area network addresses of a plurality of VMs in the same VPC are different, and the VMs in different VPCs can be configured to be the same local area network address. Exemplarily, in the VPC1, the lan address of the VM1 is 192.168.10.10, and the lan address of the VM2 is 192.168.10.11; in VPC2, the lan address of VM3 is 192.168.10.10, and the lan address of VM4 is 192.168.10.11.
The VMs in the VPC are connected to the distributed routing device 102, each VM is connected to a port of the distributed routing device, and the IP address of the port is the NAT address of the VM connected to the port. Illustratively, the IP address of the port of the distributed routing device 102 to which VM1 is connected is 100.64.10.10, the IP address of the port of the distributed routing device 102 to which VM2 is connected is 100.64.10.11, the IP address of the port of the distributed routing device 102 to which VM3 is connected is 100.64.10.10, and the IP address of the port of the distributed routing device 102 to which VM4 is connected is 100.64.10.11.
The data center system further includes a storage device 104, and when a user creates a VPC in the data center system, the storage device 104 records a correspondence between a NAT address pool allocated to the VPC and the VPC identifier. The DNS server 101 can read and record the correspondence between the NAT address pool and the VPC identifier from the storage device 104.
The data center system is connected with a public network domain name server 105 through an internet network, when the DNS server 101 in the data center system cannot inquire an IP address corresponding to a domain name, the DNS server forwards a DNS inquiry message to the public network domain name server, and the public network domain name server provides domain name resolution service.
And initiating a DNS query message by a VM (virtual machine) in the VPC, wherein the DNS query message carries a domain name to be accessed by the VM, and the source IP address of the DNS query message is the local area network address of the VM. The distributed routing equipment 102 receives the DNS query message, modifies the source IP address of the DNS query message into the IP address of the port connected with the VM
The DNS server can only process DNS query messages, the DNS query messages cannot carry the VPC identifier of the user, and the DNS server cannot distinguish from which VPC the DNS query message is sent. In a cloud computing network, when a message sent by a virtual machine in a VPC is subjected to NAT translation, a translated IP address belongs to a fixed IP address pool (for example, the translated IP address ranges from 100.64.0.0 to 100.127.255.255), and each IP address uniquely belongs to a certain VPC. As shown in fig. 1, the local area network address of VM1 in VPC1 is 192.168.10.10, the local area network address of VM2 in VPC1 is 192.168.10.11, after NAT conversion, the IP address corresponding to VM1 is 10.64.10.10, and the IP address corresponding to VM2 is 10.64.10.11. In the embodiment of the present invention, the DNS server can search the identity of the VPC to which the source virtual machine that sends the query packet belongs through the correspondence between the source IP address and the VPC, so that the DNS server can identify the VPC in which the virtual machine is located.
The DNS server may pre-establish a correspondence between the source IP address and the VPC identifier, which is exemplarily shown in table 1:
Index source IP address VPC ID
0 10.64.0.0 078bd1cd-870d-4b3f-81d9-23652634a1cb
1 10.64.0.1 078bd1cd-870d-4b3f-81d9-23652634a1cb
2 10.64.0.2 0904a117-c9f9-4193-82bc-2e92064c6127
3 10.64.0.3 091d1c82-2a6b-49e6-8083-0644cc2c94b2
….. …..
TABLE 1
The index is specifically a numerical value obtained by performing AND operation on the NAT address and 10.64.0.0.
Further, when the user creates the VPC, the DNS server is notified to update the above correspondence. Specifically, when a user creates a VPC, the cloud computing management system allocates a corresponding NAT address pool for the created VPC, and records a correspondence between a VPC identifier and the NAT address pool in a database. The DNS server may actively read the database and update the above-mentioned correspondence recorded in the DNS server.
The DNS server may store the correspondence, specifically, when the DNS service is started, the DNS server allocates a memory for the correspondence, and is configured to store the correspondence between the source IP address and the VPC identifier, and specifically, the DNS server may store the correspondence in an array manner. In one possible implementation, the upper limit of the capacity of the array may be set to 400 ten thousand, i.e., 400 ten thousand IPs contained in 100.64.0.0/10 segment may be stored.
In a possible implementation manner, the DNS server may further allocate a namespace to each VPC, and use the VPC identifier as an identifier of the namespace, where the namespace records an IP address corresponding to each domain name in the VPC corresponding to the namespace. When the DNS server receives the query message, the DNS server determines the identification of the VPC where the virtual machine sending the query message is located according to the source IP address of the query message, finds the corresponding name space through the determined VPC identification, and carries out domain name resolution in the found name space, thereby determining the IP address corresponding to the domain name to be resolved.
In an embodiment, the DNS server may provide a domain name resolution server for the data center system in the form of a server cluster, and each virtual machine in the data center system accesses the DNS server cluster through a virtual IP of the DNS server cluster, and after load balancing, selects a DNS server in the cluster to execute the method for domain name resolution described in the embodiment of the present invention.
As shown in fig. 2, based on the system structure shown in fig. 1, an embodiment of the present invention provides a method for domain name resolution in a data center system, where the method includes:
step 201: the user logs in the VM1, the VM1 belongs to the VPC1, the user opens a browser on the VM1, a domain name to be accessed is input, the VM1 initiates a domain name query operation, and a DNS query message is sent to a DNS server, wherein the DNS query message is used for indicating the DNS server to analyze the domain name to be accessed.
Illustratively, the domain name to be accessed is www.abc.com, and the lan address of the VM1 is 192.168.10.11.
Step 202: the distributed routing equipment receives the DNS query message through a port connected with the VM1, performs NAT (network address translation) conversion on the DNS query message, modifies a source IP (Internet protocol) address of the DNS query message into a corresponding NAT address, wherein the NAT address is the IP address of the port connected with the VM1, and the destination address of the DNS query message is the virtual IP address of the DNS server. Illustratively, VM1 corresponds to a NAT address of 100.64.10.11.
Step 203: and the distributed routing equipment sends the DNS query message to the DNS server.
Step 204: the DNS server receives the DNS query message, and determines the identifier of the VPC where the VM1 is located according to the corresponding relation between the NAT address and the VPC identifier;
the DNS server records a corresponding relationship between an NAT address and a VPC identifier, that is, the DNS server may determine the VPC of the VM that sends the DNS query message according to the NAT address carried in the source address of the DNS query message.
In one embodiment, when a user creates a VPC, the system allocates a pool of NAT addresses to the VPC, and each VM in the VPC is allocated a NAT address in the pool of NAT addresses. And after the VPC is established, the DNS server acquires an NAT address pool corresponding to each VPC and records the corresponding relation between the NAT address and the VPC identification.
Step 205: and the DNS server acquires the IP address corresponding to the domain name to be accessed carried in the DNS query message according to the determined identifier of the VPC where the VM1 is located.
In one embodiment, the DNS server establishes a domain name resolution table for each VPC, where the domain name resolution table includes a domain name and an IP address corresponding to the domain name. And the DNS server searches a domain name resolution table of the VPC according to the identification of the VPC where the VM1 is determined, and acquires an IP address corresponding to the domain name to be accessed.
Furthermore, the DNS server may also allocate a namespace to each VPC, and record, in the namespace, a correspondence between a domain name hosted in the VPC and an IP address providing a service to which the domain name points;
the step 205 specifically includes: and the DNS server inquires an IP address corresponding to the domain name carried in the DNS inquiry message in the determined name space corresponding to the VPC identifier.
Step 206: the DNS server returns the IP address corresponding to the domain name to be accessed in VPC1 to VM1, for example, the IP address corresponding to the domain name to be accessed in VPC1 is 2.2.2.2.
The VM1 obtains an IP address corresponding to the domain name to be accessed, and sends an access request, where a destination address of the access request is the IP address corresponding to the domain name to be accessed, and the access request is used to access a service pointed by the domain name in the first VPC.
It should be noted that, when the domain name to be accessed is not the domain name hosted by the DNS server in the data center network but the public network domain name in the internet network, the DNS server cannot query the IP address corresponding to the domain name to be accessed in the VPC1, and at this time, step 207 is executed.
Step 207: the DNS server sends a domain name inquiry request to an Internet domain name server.
Step 208: the DNS server receives the IP address corresponding to the domain name to be accessed returned by the Internet domain name server, and returns the received IP address to the VM 1.
Step 209: the VM1 receives the IP address and initiates a service request to a server corresponding to the IP address.
Similar to the foregoing process of domain name resolution, when the VM2 in the VPC2 initiates a DNS query to the DNS server, the DNS server determines, according to a source address carried in a DSN query message, an identifier of a VPC to which the VM2 that sends the DNS query message belongs, and acquires an IP address corresponding to a domain name in the VPC.
In the embodiment of the invention, the corresponding relation between the NAT address of the user virtual machine and the VPC identification is established, the VPC where different users are located is distinguished through the VPC identification, and the IP address corresponding to the domain name hosted in the VPC is further determined, so that the DNS server supports the isolation of the users among different VPCs, and the correct resolution of the same domain name in different VPC networks is realized.
Furthermore, the DNS server may allocate different namespaces to different VPCs, and after determining the VPC of the virtual machine that sends the DNS query packet, query the IP address corresponding to the domain name in the namespace corresponding to the VPC, thereby achieving user isolation.
As shown in fig. 3, which is a schematic structural diagram of a DNS server provided in an embodiment of the present invention, the DNS server includes a receiving unit 301, a processing unit 302, and a sending unit 303, where the functional module 301 and 303 perform various functions of the DNS server in the embodiment corresponding to fig. 2, so as to provide domain name resolution service for the VM in the VPC, specifically,
a receiving unit 301, configured to receive a modified DNS query packet sent by a distributed routing device, where a source IP address of the modified DNS query packet is an NAT address corresponding to a first virtual machine in a first VPC that sends the DNS query packet, and the modified DNS query packet carries a domain name to be accessed by the first virtual machine;
a processing unit 302, configured to determine, according to a correspondence between an NAT address and a VPC identifier, an identifier of a VPC where the first virtual machine is located, and obtain, according to the determined identifier of the VPC, an IP address corresponding to the domain name hosted in the VPC;
a sending unit 303, configured to return the acquired IP address to the first virtual machine.
The processing unit 302 is specifically configured to read an NAT address pool of each VPC and an identifier of a VPC corresponding to the NAT address pool from the storage device, and record a corresponding relationship between the NAT address and the VPC identifier.
The processing unit 302 is specifically configured to establish an array, where the array includes an index and a VPC identifier, and the index is used to uniquely identify one NAT address.
The processing unit 302 is specifically configured to allocate a namespace to each VPC, and record, in the namespace, a correspondence between a domain name hosted in the VPC and an IP address providing a service to which the domain name points;
the processing unit 302 is specifically configured to, after the receiving unit receives the modified DNS query packet, query, in the determined namespace corresponding to the VPC identifier, an IP address corresponding to a domain name carried in the DNS query packet.
The sending unit 303 is further configured to send a DNS query request to an internet domain name server outside the data center system when the processing unit does not query the IP address corresponding to the domain name;
the receiving unit 301 is further configured to obtain a public network IP address corresponding to the domain name returned by the internet domain name server;
the sending unit 303 is further configured to return the public network IP address to the first virtual machine.
The DNS server may specifically be a dedicated or general physical server, and fig. 4 is a schematic block diagram of a DNS server 400 according to an embodiment of the present invention. The DNS server 400 includes: a processor and a transceiver, the processor and the transceiver being connected, optionally the server 400 further comprises a memory, the memory being connected to the processor, further optionally the server 400 comprises a bus system. The processor, the memory and the transceiver may be connected by a bus system, the memory may be used for storing instructions, and the processor is used for executing the instructions stored by the memory to control the transceiver to receive information or signals, so that the server 400 executes the functions of the DNS server in the data center system, the executed actions or processing procedures.
The processor in the embodiments of the present invention may be an integrated circuit chip having signal processing capability. In implementation, the steps of the above method embodiments may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or other Programmable logic device. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
The memory or storage devices in embodiments of the invention may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of example, but not limitation, many forms of RAM are available, such as Static random access memory (Static RAM, SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic random access memory (Synchronous DRAM, SDRAM), Double Data Rate Synchronous Dynamic random access memory (DDR SDRAM), Enhanced Synchronous SDRAM (ESDRAM), Synchronous link SDRAM (SLDRAM), and Direct Rambus RAM (DR RAM). It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The above description is only a specific implementation of the embodiments of the present invention, but the scope of the embodiments of the present invention is not limited thereto, and any person skilled in the art can easily conceive of changes or substitutions within the technical scope of the embodiments of the present invention, and all such changes or substitutions should be covered by the scope of the embodiments of the present invention. Therefore, the protection scope of the embodiments of the present invention shall be subject to the protection scope of the claims.

Claims (18)

  1. A data center system is characterized in that the system comprises at least one physical server, DNS servers and distributed routing equipment, wherein at least one virtual machine runs on each physical server, the virtual machines in the data center system are respectively located in at least two Virtual Private Cloud (VPCs), the same domain name is hosted in the at least two VPCs, and the same domain name is directed to different services in the at least two VPCs,
    a first physical server in the data center system, configured to send a domain name system DNS query packet sent by a first virtual machine running on the first physical server to the distributed routing device, where a source IP address of the DNS query packet is a local area network address of the first virtual machine in a first VPC, and the DNS query packet carries a domain name to be accessed by the first virtual machine;
    the distributed routing equipment is used for receiving the DNS query message, modifying a source IP address of the DNS query message into an NAT address corresponding to the source IP address, and sending the modified DNS query message to the DNS server;
    the DNS server is configured to receive the modified DNS query packet, determine, according to a correspondence between an NAT address and a VPC identifier, an identifier of a VPC where the first virtual machine is located, obtain, according to the determined identifier of the VPC, an IP address corresponding to the domain name hosted in the VPC, and return the obtained IP address to the first physical server;
    the first physical server is configured to send an access request issued by the first virtual machine according to the IP address, where the access request is used to access a service to which the domain name points in the first VPC.
  2. The system of claim 1, further comprising a storage device,
    and the storage equipment is used for recording the NAT address pool and the VPC identification which belong to the VPC when the VPC is created.
  3. The system of claim 2,
    and the DNS server is also used for reading the NAT address pool of each VPC and the identification of the VPC corresponding to the NAT address pool from the storage equipment and recording the corresponding relation between the NAT address and the identification of the VPC.
  4. The system of claim 3,
    the DNS server is also used for establishing an array, the array comprises an index and a VPC identifier, and the index is used for uniquely identifying one NAT address.
  5. The system of any of claims 1-4,
    the DNS server is also used for allocating a name space for each VPC, and recording the corresponding relation between the domain name hosted in the VPC and the IP address providing the service pointed by the domain name in the name space;
    the DNS server is specifically configured to query, in the determined namespace corresponding to the VPC identifier, an IP address corresponding to a domain name carried in the DNS query message.
  6. The system of any one of claims 1-5,
    the DNS server is further configured to send a DNS query request to an Internet domain name server outside a data center system when the IP address corresponding to the domain name is not queried locally, acquire a public network IP address corresponding to the domain name, and return the public network IP address to the first virtual machine in the first physical server.
  7. A method for domain name resolution in a data center system is characterized in that the system comprises at least one physical server, DNS servers and distributed routing equipment, at least one virtual machine runs on each physical server, the virtual machines in the data center system are respectively located in at least two Virtual Private Cloud (VPCs), the same domain name is hosted in the at least two VPCs, and the same domain name points to different services in the at least two VPCs, and the method comprises the following steps:
    the DNS server receives a modified DNS query message sent by the distributed routing equipment, wherein the source IP address of the modified DNS query message is an NAT address corresponding to a first virtual machine in a first VPC which sends out the DNS query message, and the modified DNS query message carries a domain name to be accessed by the first virtual machine;
    the DNS server determines the identification of the VPC where the first virtual machine is located according to the corresponding relation between the NAT address and the VPC identification;
    and the DNS server acquires an IP address corresponding to the domain name hosted in the VPC according to the determined VPC identifier, and returns the acquired IP address to the first physical server.
  8. The method of claim 7, wherein the method further comprises:
    the DNS server reads an NAT address pool of each VPC and a VPC identifier corresponding to the NAT address pool from the storage equipment, records the corresponding relation between the NAT address and the VPC identifier, and records the VPC identifier and the corresponding relation of the VPC identifier and the NAT address pool belonging to the VPC in the storage equipment.
  9. The method of claim 8, wherein the method further comprises:
    the DNS server establishes an array, wherein the array comprises an index and a VPC identifier, and the index is used for uniquely identifying one NAT address.
  10. The method of any one of claims 7 to 9,
    the method further comprises the following steps: the DNS server allocates a namespace for each VPC, and records the corresponding relation between a domain name hosted in the VPC and an IP address providing a service pointed by the domain name in the namespace;
    the DNS server obtaining an IP address corresponding to the domain name hosted in the VPC includes: and the DNS server inquires an IP address corresponding to the domain name carried in the DNS inquiry message in the determined name space corresponding to the VPC identifier.
  11. The method of any of claims 7-10, further comprising:
    and when the DNS server does not locally inquire the IP address corresponding to the domain name, sending a DNS inquiry request to an Internet domain name server outside a data center system, acquiring a public network IP address corresponding to the domain name, and returning the public network IP address to the first virtual machine in the first physical server.
  12. A DNS server, comprising:
    a receiving unit, configured to receive a modified DNS query packet sent by a distributed routing device, where a source IP address of the modified DNS query packet is an NAT address corresponding to a first virtual machine in a first VPC that sends the DNS query packet, and the modified DNS query packet carries a domain name to be accessed by the first virtual machine;
    the processing unit is used for determining the identification of the VPC where the first virtual machine is located according to the corresponding relation between the NAT address and the VPC identification, and acquiring the IP address corresponding to the domain name hosted in the VPC according to the determined identification of the VPC;
    and the sending unit is used for returning the acquired IP address to the first virtual machine.
  13. The server according to claim 12,
    the processing unit is specifically configured to read an NAT address pool of each VPC and an identifier of the VPC corresponding to the NAT address pool from the storage device, and record a correspondence between the NAT address and the VPC identifier.
  14. The server according to claim 13,
    the processing unit is specifically configured to establish an array, where the array includes an index and a VPC identifier, and the index is used to uniquely identify one NAT address.
  15. The server according to any one of claims 12-14,
    the processing unit is specifically configured to allocate a namespace to each VPC, and record, in the namespace, a correspondence between a domain name hosted in the VPC and an IP address providing a service to which the domain name points;
    the processing unit is specifically configured to, after the receiving unit receives the modified DNS query packet, query, in the determined namespace corresponding to the VPC identifier, an IP address corresponding to a domain name carried in the DNS query packet.
  16. The server according to any one of claims 12-15,
    the sending unit is further configured to send a DNS query request to an internet domain name server outside the data center system when the processing unit does not query the IP address corresponding to the domain name;
    the receiving unit is further configured to acquire a public network IP address corresponding to the domain name returned by the internet domain name server;
    the sending unit is further configured to return the public network IP address to the first virtual machine.
  17. An NDS server comprising a processor and a memory, the memory having instructions stored therein, the processor executing the instructions in the memory to cause the DNS server to perform the method of any of claims 7-11.
  18. A computer storage medium, characterized in that the storage medium has stored therein a computer program which, when being executed by a processor, carries out the steps of the method of any one of claims 7-11.
CN201780095877.5A 2017-10-11 2017-10-11 Method, device and system for domain name resolution in data center system Active CN111213348B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110824843.3A CN113726918B (en) 2017-10-11 2017-10-11 Domain name resolution method based on cloud computing network and related system and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/105686 WO2019071464A1 (en) 2017-10-11 2017-10-11 Method, apparatus and system for domain name resolution in data center system

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202110824843.3A Division CN113726918B (en) 2017-10-11 2017-10-11 Domain name resolution method based on cloud computing network and related system and device

Publications (2)

Publication Number Publication Date
CN111213348A true CN111213348A (en) 2020-05-29
CN111213348B CN111213348B (en) 2021-07-16

Family

ID=66100305

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202110824843.3A Active CN113726918B (en) 2017-10-11 2017-10-11 Domain name resolution method based on cloud computing network and related system and device
CN201780095877.5A Active CN111213348B (en) 2017-10-11 2017-10-11 Method, device and system for domain name resolution in data center system

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202110824843.3A Active CN113726918B (en) 2017-10-11 2017-10-11 Domain name resolution method based on cloud computing network and related system and device

Country Status (2)

Country Link
CN (2) CN113726918B (en)
WO (1) WO2019071464A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113923253A (en) * 2021-10-12 2022-01-11 西安万像电子科技有限公司 Virtual machine image transmission method, electronic equipment and storage medium
CN114025010A (en) * 2021-10-20 2022-02-08 北京奥星贝斯科技有限公司 Method for establishing connection and network equipment
CN114125025A (en) * 2021-11-23 2022-03-01 北京奥星贝斯科技有限公司 Data transmission method and device under multi-target network
CN116155890A (en) * 2023-04-20 2023-05-23 杭州优云科技有限公司 Method and device for realizing distributed file system

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111917649B (en) * 2019-05-10 2022-06-28 华为云计算技术有限公司 Virtual private cloud communication and configuration method and related device
CN112804366B (en) * 2019-11-13 2023-05-12 北京百度网讯科技有限公司 Method and device for resolving domain name
CN112333135B (en) * 2020-07-16 2022-09-06 北京京东尚科信息技术有限公司 Gateway determination method, device, server, distributor, system and storage medium
CN112165532B (en) * 2020-10-14 2024-04-09 腾讯科技(深圳)有限公司 Node access method, device, equipment and computer readable storage medium
CN113067803B (en) * 2021-03-12 2023-05-05 北京金山云网络技术有限公司 Resource isolation system, request processing method and request processing device
CN113194076B (en) * 2021-04-16 2023-04-21 中盈优创资讯科技有限公司 Safety controller and implementation method thereof
CN114448667B (en) * 2021-12-23 2023-08-08 天翼云科技有限公司 Data transmission method, device and equipment
CN114785733B (en) * 2022-06-20 2022-08-26 中电云数智科技有限公司 Method for realizing session tracing in cross-VPC network flow forwarding
CN116938877B (en) * 2023-09-15 2024-01-05 阿里云计算有限公司 Domain name resolution data configuration method, domain name resolution method and related device

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102204213A (en) * 2008-10-30 2011-09-28 惠普开发有限公司 Data center and data center design
CN102684969A (en) * 2011-03-18 2012-09-19 日电(中国)有限公司 VPN (virtual private network) node, VPN node identification analysis agency and VPN node identification analysis, VPN server
US20130232278A1 (en) * 2012-03-02 2013-09-05 Futurewei Technologies, Inc. IPv4 Data Center Support for IPv4 and IPv6 Visitors
CN103634314A (en) * 2013-11-28 2014-03-12 杭州华三通信技术有限公司 Service access control method and device based on VSR (virtual service router)
CN103973827A (en) * 2013-02-05 2014-08-06 ***通信集团公司 Domain name resolution method and device
CN104852846A (en) * 2014-02-14 2015-08-19 华为技术有限公司 Data forwarding control method and system
CN106331206A (en) * 2015-06-30 2017-01-11 杭州华三通信技术有限公司 Domain name management method and device
CN106797410A (en) * 2016-12-23 2017-05-31 深圳前海达闼云端智能科技有限公司 Domain name analytic method and device
US9705965B2 (en) * 2013-08-14 2017-07-11 Vmware, Inc. Systems and methods for PaaS level app motion

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ES2750248T3 (en) * 2012-06-20 2020-03-25 Fusionlayer Oy Method and apparatus for commissioning and decommissioning IP in orchestrated computing environments
KR20150076041A (en) * 2013-12-26 2015-07-06 한국전자통신연구원 System for supporting multi-tenant based on private ip address in virtual private cloud networks and operating method thereof

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102204213A (en) * 2008-10-30 2011-09-28 惠普开发有限公司 Data center and data center design
CN102684969A (en) * 2011-03-18 2012-09-19 日电(中国)有限公司 VPN (virtual private network) node, VPN node identification analysis agency and VPN node identification analysis, VPN server
US20130232278A1 (en) * 2012-03-02 2013-09-05 Futurewei Technologies, Inc. IPv4 Data Center Support for IPv4 and IPv6 Visitors
CN103973827A (en) * 2013-02-05 2014-08-06 ***通信集团公司 Domain name resolution method and device
US9705965B2 (en) * 2013-08-14 2017-07-11 Vmware, Inc. Systems and methods for PaaS level app motion
CN103634314A (en) * 2013-11-28 2014-03-12 杭州华三通信技术有限公司 Service access control method and device based on VSR (virtual service router)
CN104852846A (en) * 2014-02-14 2015-08-19 华为技术有限公司 Data forwarding control method and system
CN106331206A (en) * 2015-06-30 2017-01-11 杭州华三通信技术有限公司 Domain name management method and device
CN106797410A (en) * 2016-12-23 2017-05-31 深圳前海达闼云端智能科技有限公司 Domain name analytic method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
THIERRY BESSIS: ""Improving the DNS mechanism in a data center intranet"", 《BELL LABS TECHNICAL JOURNAL 》 *
王克敬: ""关于云技术在域名解析***中的应用研究"", 《电脑知识与技术》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113923253A (en) * 2021-10-12 2022-01-11 西安万像电子科技有限公司 Virtual machine image transmission method, electronic equipment and storage medium
CN114025010A (en) * 2021-10-20 2022-02-08 北京奥星贝斯科技有限公司 Method for establishing connection and network equipment
CN114025010B (en) * 2021-10-20 2024-04-16 北京奥星贝斯科技有限公司 Method for establishing connection and network equipment
CN114125025A (en) * 2021-11-23 2022-03-01 北京奥星贝斯科技有限公司 Data transmission method and device under multi-target network
CN114125025B (en) * 2021-11-23 2024-02-13 北京奥星贝斯科技有限公司 Data transmission method and device under multi-target network
CN116155890A (en) * 2023-04-20 2023-05-23 杭州优云科技有限公司 Method and device for realizing distributed file system
CN116155890B (en) * 2023-04-20 2023-08-15 杭州优云科技有限公司 Method and device for realizing distributed file system

Also Published As

Publication number Publication date
CN113726918B (en) 2024-01-05
CN111213348B (en) 2021-07-16
CN113726918A (en) 2021-11-30
WO2019071464A1 (en) 2019-04-18

Similar Documents

Publication Publication Date Title
CN111213348B (en) Method, device and system for domain name resolution in data center system
CN110727499B (en) Method, device, computer equipment and storage medium for acquiring resource data
US20200220840A1 (en) Method, server and system for resolving domain name
JP6074514B2 (en) Feature information acquisition method, apparatus, network apparatus, program, and recording medium
CN108322325B (en) Virtual machine management method and device
US20200371955A1 (en) Memory control for electronic data processing system
CN112311568B (en) Virtual network creating method and device and computer storage medium
CN110769075B (en) Container communication method, system, controller and computer readable storage medium
US20200351239A1 (en) Cross protocol association for internet addresses for metadata association systems and methods
CN111585887A (en) Communication method and device based on multiple networks, electronic equipment and storage medium
JP2019185744A (en) Techniques for dynamic resource allocation among cryptographic domains
CN115913597A (en) Method and device for determining lost host
CN106685708B (en) Method, device and system for determining service relationship
TWI699655B (en) Mmio addressing using a translation table
US8972604B1 (en) Network address retention and assignment
CN115277138B (en) Forced access control method and device
CN110837499B (en) Data access processing method, device, electronic equipment and storage medium
US11321240B2 (en) MMIO addressing using a translation lookaside buffer
CN114172853B (en) Configuration method and device of traffic forwarding and bare computer server
US11102141B2 (en) Outbound request management
CN115712581A (en) Data access method, storage system and storage node
US20160062888A1 (en) Least disruptive cache assignment
CN117453380B (en) Cluster container group scheduling method, system and computer equipment
CN114296870A (en) Flow strategy processing method and device
CN113810510A (en) Domain name access method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220216

Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province

Patentee after: Huawei Cloud Computing Technology Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.