Summary of the invention
In view of the above technical problem, the present invention provides a kind of domain name analytic methods and system, credit domain name system servicesDevice can find and record in time the parsing data that authenticity leaves a question open.
According to an aspect of the present invention, a kind of domain name analytic method is provided, comprising:
In response to the domain name mapping request that client computer is initiated, domain name analysis request is drawn to credit domain name systemDns server, wherein include target domain name server address in domain name analysis request, target name server is clientThe name server that machine requests access to;
Credit dns server judges whether the target domain name server address belongs to the white name of scheduled name serverIt is single;
If the target domain name server address is not belonging to scheduled name server white list, credit dns serverDomain name analysis request is sent to the target name server;
The domain name mapping record and credit dns server that credit dns server returns to the target name server are certainlyThe benchmark domain name mapping record of body maintenance compares verification;
Credit dns server forms final parsing result according to check results and returns to client computer.
In one embodiment of the invention, the domain that the credit dns server returns to the target name serverName solution new record and the benchmark domain name mapping record of credit dns server self maintained compare verification and include:
Credit dns server sends domain name analysis request to authorization server by recursion server;
Credit dns server receives the benchmark domain name mapping record that authorization server returns;
Domain name mapping record and the benchmark domain name mapping that credit dns server returns to the target name serverRecord compares verification.
In one embodiment of the invention, the credit dns server forms final parsing result according to check resultsAnd it returns to client computer and includes:
If the domain name mapping record that the target name server returns is consistent with benchmark domain name mapping record, schoolIt tests and passes through, benchmark domain name mapping record is returned into client computer.
In one embodiment of the invention, the credit dns server forms final parsing result according to check resultsAnd it returns to client computer and includes:
If the domain name mapping record that the target name server returns recorded with the benchmark domain name mapping it is inconsistent,Verification does not pass through;
In the case where verifying unacceptable situation, the target name server is corrected according to benchmark domain name mapping record and is returnedThe domain name mapping record returned, then revised domain name mapping is recorded and returns to client computer;
And/or
The domain name mapping record returned in the case where verifying unacceptable situation to target name server and the benchmark domain nameSolution new record is recorded, and more parts of records are collected as a database.
In one embodiment of the invention, the method also includes:
If the target domain name server address belongs to scheduled name server white list, directly by domain name solutionAnalysis request is transmitted to the target name server, obtains domain name mapping knot so that target name server carries out domain name mappingFruit, and domain name parsing result is returned into client computer.
According to another aspect of the present invention, a kind of credit domain name system server is provided, comprising:
Request receiving module, the domain name mapping request come for receiving route device traction, wherein route device is by clientThe domain name mapping request that machine is initiated is drawn to credit domain name system server, includes that target domain name takes in domain name analysis requestBusiness device address, target name server are the name server of client requests access;
Address judgment module, for judging it is white whether the target domain name server address belongs to scheduled name serverList;
First request forwarding module, it is pre- for determining that the target domain name server address is not belonging in address judgment moduleIn the case where fixed name server white list, domain name analysis request is sent to the target name server;
Correction verification module is compared, domain name mapping record and credit DNS service for returning to the target name serverThe benchmark domain name mapping record of device self maintained compares verification;
Parsing result determining module, for forming final parsing result according to check results and returning to client computer.
In one embodiment of the invention, the credit domain name system server further include:
Second request forwarding module, it is pre- for determining that the target domain name server address is not belonging in address judgment moduleIn the case where fixed name server white list, domain name analysis request is sent to authorization server by recursion server;
Reference recording receiving module, for receiving the benchmark domain name mapping record of authorization server return;
The domain name mapping record and the benchmark domain name that comparison correction verification module is used to return to the target name serverSolution new record compares verification.
In one embodiment of the invention, parsing result determining module is used to determine the target in comparison correction verification moduleIn the case that the domain name mapping record and benchmark domain name mapping record that name server returns are consistent, verification passes through, by instituteIt states benchmark domain name mapping record and returns to client computer.
In one embodiment of the invention, parsing result determining module is used to return in the target name serverDomain name mapping record records in inconsistent, the unacceptable situation of verification with the benchmark domain name mapping, according to the benchmark domain nameSolution new record corrects the domain name mapping record that the target name server returns, then revised domain name mapping is recorded and is returnedClient computer;And/or the domain name mapping that target name server returns is recorded and is remembered with the benchmark domain name mappingRecord, and more parts of records are collected as a database.
In one embodiment of the invention, the credit domain name system server further include:
Third requests forwarding module, pre- for determining that the target domain name server address is not belonging in address judgment moduleIn the case where fixed name server white list, domain name analysis request is directly transmitted to the target name server,Domain name mapping is obtained as a result, and domain name parsing result is returned to client so that target name server carries out domain name mappingMachine.
According to another aspect of the present invention, a kind of domain name analysis system, including target name server, route device are providedAnd the credit domain name system server as described in above-mentioned any embodiment.
In one embodiment of the invention, domain name resolution system further include:
Recursion server, it is pre- for determining that the target domain name server address is not belonging in credit domain name system serverIn the case where fixed name server white list, domain name analysis request is sent to authorization server;
Authorization server is returned for parsing to domain name analysis request, and to credit domain name system serverBenchmark domain name mapping record.
The present invention by increasing a credit DNS node (server) in common domain name mapping data link, andThe possible problematic parsing result in part is verified, the efficiency and real result of domain name mapping can be taken into account.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, completeSite preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.BelowDescription only actually at least one exemplary embodiment be it is illustrative, never as to the present invention and its application or makeAny restrictions.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premiseUnder every other embodiment obtained, shall fall within the protection scope of the present invention.
Unless specifically stated otherwise, positioned opposite, the digital table of the component and step that otherwise illustrate in these embodimentsIt is not limited the scope of the invention up to formula and numerical value.
Simultaneously, it should be appreciated that for ease of description, the size of various pieces shown in attached drawing is not according to realityProportionate relationship draw.
Technology, method and apparatus known to person of ordinary skill in the relevant may be not discussed in detail, but suitableIn the case of, the technology, method and apparatus should be considered as authorizing part of specification.
It is shown here and discuss all examples in, any occurrence should be construed as merely illustratively, withoutIt is as limitation.Therefore, the other examples of exemplary embodiment can have different values.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang YiIt is defined in a attached drawing, then in subsequent attached drawing does not need that it is further discussed.
Fig. 1 is the schematic diagram of domain name analysis system first embodiment of the present invention.As shown in Figure 1, domain name resolution systemIncluding credit domain name system (DNS) server 100, route device 200 and target name server 300, in which:
Client computer 400, for initiating domain name analysis request, wherein include that target domain name takes in domain name analysis requestBusiness device address, target name server 300 are the name server of client requests access.
Route device 200, for being drawn request to credit dns server 100 using policybased routing.
Credit dns server 100, for judging whether the target domain name server address belongs to scheduled domain name serviceDevice white list;If the target domain name server address is not belonging to scheduled name server white list, credit dns serverDomain name analysis request is sent to the target name server 300;The domain name solution that the target name server is returnedThe benchmark domain name mapping record of new record and credit dns server self maintained compares verification;And according to check results shapeAt final parsing result and return to client computer.
In one embodiment of the invention, credit dns server 100 can be implemented as credit DNS node.The creditThe function of DNS node or credit dns server 100 can be realized jointly by multiple groups server.
Based on the domain name analysis system based on credit server that the above embodiment of the present invention provides, in common domain name solutionA credit DNS node is increased in analysis data link, and the possible problematic parsing result in part is verified, Neng GoujianCare for the efficiency and real result of domain name mapping.
The above embodiment of the present invention can jump reality by data link in existing domain name mapping and network access machine systemIt is existing, hardware investment is not needed, improvement cost is low, and the authenticity of parsing result greatly improves, and operation benefit comparison is significant.
Fig. 2 is the schematic diagram of domain name analytic method first embodiment of the present invention.Preferably, the present embodiment can be by domain of the present inventionName resolution system executes.As shown in Fig. 2, the method may include:
Step 201, the domain name mapping that route device 200 is initiated in response to client computer 400 is requested, and domain name parsing is askedIt asks and is drawn to credit dns server 100, wherein include target domain name server address, aiming field in domain name analysis requestName server 300 is the name server that client computer 400 requests access to.
Step 202, credit dns server 100 judges whether the target domain name server address belongs to scheduled domain nameServer white list.
Step 203, if the target domain name server address is not belonging to scheduled name server white list, creditDns server 100 sends domain name analysis request to the target name server 300.
Step 204, the domain name mapping that the target name server 300 returns is recorded and is awarded by credit dns server 100The benchmark domain name mapping record of letter 100 self maintained of dns server compares verification.
Step 205, credit dns server 100 forms final parsing result according to check results and returns to client computer400。
Based on the domain name analytic method based on credit server that the above embodiment of the present invention provides, in common domain name solutionA credit DNS node is increased in analysis data link, and the possible problematic parsing result in part is verified, Neng GoujianCare for the efficiency and real result of domain name mapping.
The above embodiment of the present invention can jump reality by data link in existing domain name mapping and network access machine systemIt is existing, hardware investment is not needed, improvement cost is low, and the authenticity of parsing result greatly improves, and operation benefit comparison is significant.
Fig. 3 is the schematic diagram of domain name analytic method second embodiment of the present invention.Preferably, the present embodiment can be by domain of the present inventionName resolution system executes.As shown in figure 3, the method may include:
Step 301, client computer 400 initiates domain name analysis request.
Step 302: route device 200 will be in request traction to credit dns server 100 using policybased routing.Wherein, existThe white list of a domain name server address is maintained on credit dns server 100.
Step 303, credit dns server 100 judges whether the target domain name server address belongs to scheduled domain nameServer white list.If the target domain name server address belongs to scheduled name server white list, then follow the steps304;Otherwise, if the target domain name server address is not belonging to scheduled name server white list, 306 are thened follow the steps.
Step 304, credit dns server 100 directly turns request of the target domain name server address in white listHair is not processed.
Step 305, which carries out domain name mapping, and parsing is tiedFruit returns to client computer 400;Other steps of the present embodiment are no longer executed later.
Step 306, credit dns server 100 is initiated to the target name server 300 (non-credit dns server)Domain name analysis request.
Step 307, credit dns server 100 returns to the target name server 300 (non-credit dns server)Domain name mapping record and 100 self maintained of credit dns server benchmark domain name mapping record compare verification.
Step 308, credit dns server 100 is based on default mechanism, forms final parsing result according to check results and returnsBack to client computer 400.
The above embodiment of the present invention disposes credit DNS node in a network, accepts Client-initiated domain name mapping request, baseMake part in white list to shunt and result response.
The above embodiment of the present invention is not processed in the analysis request that domain name server address is white list, draws back netNetwork;Domain name mapping request for non-white list initiates analysis request to non-credit DNS as agency from credit DNS node, andThe parsing result of the result and self maintained that will acquire compares verification, and domain name is kidnapped or distorted to discovery malice, and can basisPreset strategy determines final parsing result.
Thus the above embodiment of the present invention increases a credit DNS node in common domain name mapping data link,And the possible problematic parsing result in part is verified, the efficiency and real result of domain name mapping can be taken into account;This hairBright above-described embodiment can jump realization by data link in existing domain name mapping and network access machine system, not need hardware throwingEnter, improvement cost is low, and the authenticity of parsing result greatly improves, and operation benefit comparison is significant.
Fig. 4 is the schematic diagram of domain name analysis system second embodiment of the present invention.Compared with embodiment illustrated in fig. 1, in Fig. 4 instituteShow in embodiment, domain name resolution system can also include recursion server 500 and authorization server 600, in which:
Recursion server 500, for determining the target domain name server address not in credit domain name system server 100In the case where belonging to scheduled name server white list, domain name analysis request is sent to authorization server 600.
Authorization server 600, for being parsed to domain name analysis request, and to credit domain name system server100 return to benchmark domain name mapping record.
Fig. 4 embodiment gives the schematic diagram of domain name analytic method 3rd embodiment of the present invention.As shown in figure 4, describedDomain name analytic method of the present invention may include:
Step 1, client computer 400 initiates domain name analysis request.
Step 2: route device 200 will be in request traction to credit dns server 100 using policybased routing.Wherein, it is awardingThe white list of a domain name server address is maintained on letter dns server 100.
Step 3, credit dns server 100 judges whether the target domain name server address belongs to scheduled domain name clothesBusiness device white list.If the target domain name server address is not belonging to scheduled name server white list, 4A is thened follow the stepsWith step 4C;Otherwise, it if the target domain name server address belongs to scheduled name server white list, thens follow the steps4B。
Step 4B, credit dns server 100 directly forward request of the target domain name server address in white listIt is not processed.
Step 5B, which carries out domain name mapping, and parsing is tiedFruit returns to client computer 400;Other steps of the present embodiment are no longer executed later.
Step 4A, credit dns server 100 initiate institute to the target name server 300 (non-credit dns server)State domain name mapping request.
Step 5A, the target name server 300 (non-credit dns server) translate domain names into record (that is, parsingIP address) return to credit dns server 100;Step 7 is executed later.
Such as: in the specific embodiment of Fig. 4, the IP address that target name server 300 parses is 3.3.3.3.
Domain name analysis request is transmitted to recursion server 500 by step 4C, credit dns server 100.
Step 5C, recursion server 500 initiate domain name analysis request to authorization server 600.
Step 6C, authorization server 600 parse domain name analysis request, and to credit domain name system server100 return to benchmark domain name mapping record;Step 7 is executed later.
Such as: in Fig. 4 specific embodiment, the benchmark IP address that authorization server 600 parses is 1.1.1.1.
Step 7, credit dns server 100 returns to the target name server 300 (non-credit dns server)Domain name mapping records (such as 3.3.3.3), records (such as 1.1.1.1) with the benchmark domain name mapping that authorization server 600 returnsCompare verification.
Step 8, credit dns server 100 is based on default mechanism, forms final parsing result according to check results and returnsTo client computer 400.
The above embodiment of the present invention proposes a kind of domain name analytic method based on credit server, and parsing knot can be improvedThe authenticity of fruit, and can find and record in time the parsing data that authenticity leaves a question open.
In one embodiment of the invention, the default mechanism may include: to return in the target name server 300In the case that the domain name mapping record and benchmark domain name mapping record returned is consistent, verification passes through, by the benchmark domain name solutionNew record returns to client computer 400.
In another embodiment of the invention, the default mechanism may include: to return in the target name server 300The domain name mapping record (such as 3.3.3.3) returned and benchmark domain name mapping record (such as 1.1.1.1) are inconsistent, verify notIn the case where, the domain name mapping that the target name server 300 returns is corrected according to benchmark domain name mapping recordIt records (such as 3.3.3.3), then revised domain name mapping record (such as 1.1.1.1) is returned into client computer 400;And/orVerify in unacceptable situation, verify it is obstructed it is out-of-date only keep a record (that is, to target name server 300 return domain name mappingRecord is recorded with the benchmark domain name mapping), more parts of records are collected as a database, for supervising or dataAnalysis uses.
The above embodiment of the present invention verify it is obstructed it is out-of-date can correct IP address, return again to client computer;Alternatively, verification is notBy when only keep a record, more parts of records are collected as a database, so that supervision or other occasions are done data analysis and used.ByThis, the above embodiment of the present invention can be verified by result and collect data, formed reference database, be conducive to the prison of domain name mappingManagement is superintended and directed, or provides data supporting for other statistical analysis.
Knot below by specific embodiment to the credit dns server 100 mentioned in Fig. 1 or Fig. 4 embodiment of the present inventionStructure and function are further described.
Fig. 5 is the schematic diagram of credit domain name system server first embodiment of the present invention.As shown in figure 5, Fig. 1 of the present invention orThe credit dns server 100 of Fig. 4 embodiment may include request receiving module 110, the request turn of address judgment module 120, firstSend out module 130 and comparison correction verification module 140 and parsing result determining module 150, in which:
Request receiving module 110, the domain name mapping request come for receiving route device traction, wherein route device willThe domain name mapping request that client computer 400 is initiated is drawn to credit domain name system server, includes mesh in domain name analysis requestDomain name server address is marked, target name server 300 is the name server that client computer 400 requests access to.
Address judgment module 120, for judging whether the target domain name server address belongs to scheduled domain name serviceDevice white list.
First request forwarding module 130, for determining the target domain name server address not in address judgment module 120In the case where belonging to scheduled name server white list, domain name parsing is sent to the target name server 300 and is askedIt asks.
Compare correction verification module 140, domain name mapping record and credit for returning to the target name server 300The benchmark domain name mapping record of 100 self maintained of dns server compares verification.
Parsing result determining module 150, for forming final parsing result according to check results and returning to client computer400。
Based on the credit domain name system server that the above embodiment of the present invention provides, in common domain name mapping data linkIn increase a credit DNS node, and to part may problematic parsing result verify, domain name mapping can be taken into accountEfficiency and real result.
The above embodiment of the present invention can jump reality by data link in existing domain name mapping and network access machine systemIt is existing, hardware investment is not needed, improvement cost is low, and the authenticity of parsing result greatly improves, and operation benefit comparison is significant.
The authenticity of parsing result can be improved in the above embodiment of the present invention, and can find and record in time authenticity and leave a question openParsing data.
In one embodiment of the invention, parsing result determining module 150 specifically can be used in comparison correction verification module140 determine domain name mapping record consistent, verification with benchmark domain name mapping record that the target name server 300 returnsIn the case where, benchmark domain name mapping record is returned into client computer 400.
In one embodiment of the invention, parsing result determining module 150 specifically can be used in the target domain nameDomain name mapping record and the benchmark domain name mapping that server 300 returns record in inconsistent, the unacceptable situation of verification, rootThe domain name mapping record that the target name server 300 returns is corrected according to benchmark domain name mapping record, then will be after amendmentDomain name mapping record return client computer 400.
In another embodiment of the invention, parsing result determining module 150 specifically can be used in the target domain nameDomain name mapping record and the benchmark domain name mapping that server 300 returns record in inconsistent, the unacceptable situation of verification, rightThe domain name mapping record that target name server 300 returns is recorded with the benchmark domain name mapping, and more parts are rememberedRecord collects as a database.
The above embodiment of the present invention can be verified by result and collect data, formed reference database, be conducive to domain name solutionThe supervision and management of analysis, or data supporting is provided for other statistical analysis.
Fig. 6 is the schematic diagram of credit domain name system server second embodiment of the present invention.Compared with embodiment illustrated in fig. 5,In the embodiment shown in fig. 6, the credit domain name system server can also include the second request forwarding module 160 and benchmark noteRecord receiving module 170, in which:
Second request forwarding module 160, for determining the target domain name server address not in address judgment module 120In the case where belonging to scheduled name server white list, the domain is sent to authorization server 600 by recursion server 500Name analysis request.
Reference recording receiving module 170, for receiving the benchmark domain name mapping record of the return of authorization server 600.
The domain name mapping record and the base that comparison correction verification module 140 is used to return to the target name server 300Quasi- domain name mapping record compares verification.
In one embodiment of the invention, as shown in fig. 6, the credit domain name system server can also include thirdRequest forwarding module 180, in which:
Third requests forwarding module 180, for determining the target domain name server address category in address judgment module 120In the case where scheduled name server white list, domain name analysis request is directly transmitted to the target domain name serviceDevice obtains domain name mapping as a result, and returning to domain name parsing result so that target name server carries out domain name mappingClient computer 400.
The above embodiment of the present invention disposes credit DNS node in a network, accepts Client-initiated domain name mapping request, baseMake part in white list to shunt and result response.
The above embodiment of the present invention is not processed in the analysis request that domain name server address is white list, draws back netNetwork;Domain name mapping request for non-white list initiates analysis request to non-credit DNS as agency from credit DNS node, andThe parsing result of the result and self maintained that will acquire compares verification, and domain name is kidnapped or distorted to discovery malice, and can basisPreset strategy determines final parsing result.
Thus the above embodiment of the present invention increases a credit DNS node in common domain name mapping data link,And the possible problematic parsing result in part is verified, the efficiency and real result of domain name mapping can be taken into account;This hairBright above-described embodiment can jump realization by data link in existing domain name mapping and network access machine system, not need hardware throwingEnter, improvement cost is low, and the authenticity of parsing result greatly improves, and operation benefit comparison is significant.
Credit domain name system server described above can be implemented as executing function described hereinGeneral processor, programmable logic controller (PLC) (PLC), digital signal processor (DSP), specific integrated circuit (ASIC), sceneProgrammable gate array (FPGA) either other programmable logic device, discrete gate or transistor logic, discrete hardware groupPart or it is any appropriately combined.
So far, the present invention is described in detail.In order to avoid covering design of the invention, it is public that this field institute is not describedThe some details known.Those skilled in the art as described above, completely it can be appreciated how implementing technology disclosed hereinScheme.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardwareIt completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readableIn storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..