[go: up one dir, main page]

WO2017049789A1 - Method and system for optimizing dns root service access - Google Patents

Method and system for optimizing dns root service access Download PDF

Info

Publication number
WO2017049789A1
WO2017049789A1 PCT/CN2015/098472 CN2015098472W WO2017049789A1 WO 2017049789 A1 WO2017049789 A1 WO 2017049789A1 CN 2015098472 W CN2015098472 W CN 2015098472W WO 2017049789 A1 WO2017049789 A1 WO 2017049789A1
Authority
WO
WIPO (PCT)
Prior art keywords
root
root zone
data buffer
query
record
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2015/098472
Other languages
French (fr)
Chinese (zh)
Inventor
姚健康
孔宁
李晓东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Internet Network Information Center
Original Assignee
China Internet Network Information Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Internet Network Information Center filed Critical China Internet Network Information Center
Publication of WO2017049789A1 publication Critical patent/WO2017049789A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming

Definitions

  • the present invention relates to a method and system for optimizing DNS root service access, and belongs to the field of network technology.
  • the DNS recursive resolver comes with some caching mechanism, but this mechanism, because it is not optimized for the root zone data, cannot meet the growing need to reduce the time to access DNS root data.
  • the existing recursive parser's buffer is a generic cache for all levels of domain names and various zone files.
  • the existing parsing technology does not specifically cache the root zone data, and adopts a common caching mechanism, which is not conducive to reducing the time for accessing the DNS root data.
  • the IETF recently introduced a mechanism for running a root server on a loop address. This approach is equivalent to adding a few additional root servers running on the local loop in addition to the 13 root servers specified worldwide. Although this mechanism can reduce the access time of the root to a certain extent, this mechanism may destroy the existing Internet domain name resolution mechanism after a large number of deployments, and the DNS root domain name service may be disabled, which may interfere with the normal and stable operation of the Internet.
  • an object of the present invention is to provide a method and system for optimizing DNS root service access.
  • the present invention addresses the characteristics of the root zone file and the need to reduce the data access time of the root zone, adds a root data buffer and its associated algorithms and steps, adds algorithms and steps related to the root zone data analyzer, and improves recursion.
  • the algorithm of the parser According to the setting characteristics of the current root zone file, the present invention can increase the access root zone data speed by about 7 times on average compared with the existing general cache-based performance. The invention can solve the problem that the root server access time is too long, and does not potentially damage the existing root domain name resolution mechanism.
  • the general purpose buffer currently used by the recursive parser caches data for all levels of domain names, and cannot be topped from the root server.
  • the domain data is specifically optimized.
  • the general-purpose cache is stored. Since the domain name data is not known to be up-to-date, the cache time for the domain name is generally short. The time of the domain name cache depends on whether the cached domain name data is the latest and most recent data; as long as the domain name data is the latest real data, in theory, it can be cached all the time.
  • SOA original authoritative service
  • the system ensures that the root domain name data is the latest data through the polling of the original authoritative service (SOA) records in the root server and the detection of the root zone file. At the same time, the application of the DNSSEC technology ensures that the obtained domain name data is true. Untamed. By designing new functional algorithms and improved algorithms, the system prolongs the time of data in the cache, reduces access to the root server, and reduces the average access time.
  • SOA original authoritative service
  • a method for optimizing DNS root service access the steps of which are:
  • the recursive server checks the resource record RR corresponding to the type of the top-level domain name in the data buffer of the root zone data buffer, and if the corresponding resource record RR is found, the feedback includes the query result of the resource record RR, otherwise Go to step 4);
  • the recursive server queries the root domain name server for the resource record RR corresponding to the type of the top-level domain name. If the corresponding resource record RR is found, the feedback includes the query result of the resource record RR; if the corresponding resource record RR is not found, , the feedback result of the query failure is fed back;
  • the recursive parser checks whether the query corresponding to the query result is a DNSSEC query, and if so, performs DNSSEC detection on the query result, and if verified by DNSSEC, the recursive parser
  • the corresponding resource record RR obtained by querying the top-level domain of the type is stored in the root zone data buffer.
  • the query result is not cached in the root zone data buffer; if the query corresponding to the query result is not DNSSEC If the query is sent, the recursive parser sends a DNSSEC query to the root domain name server for querying the resource record RR corresponding to the type of the top-level domain name, and performs DNSSEC verification on the feedback result. If the verification is performed, the recursive parser queries the top level of the type. The corresponding resource record RR obtained by the domain is stored in the root zone data buffer, otherwise the query result is not cached in the root zone data buffer.
  • a zone file analyzer is further disposed in the DNS root service system; the root zone file analyzer determines whether the resource record RR in the root zone buffer is updated, and the method is:
  • the root zone file analyzer obtains the SOA record from the root domain name server query, and then sets the version number of the root zone data buffer to the serial number of the SOA record, and sets the value of the refresh timer to expire of the SOA record. value;
  • the root zone file analyzer obtains a root zone file from an Internet digital distribution authority, and performs a digest operation on the root zone file after removing the SOA record and its digital signature record RRSIG, and uses the obtained digest value as the root zone data.
  • the fingerprint of the buffer
  • the root zone file analyzer periodically queries the SOA record of the root domain name server, and compares the version number of the root zone data buffer with the serial number of the SOA. If they are consistent, the query is performed periodically; if not, the root zone is notified.
  • the data buffer stops responding to the recursive parser and reacquires the root zone file, and performs a digest operation on the root zone file after removing the SOA record and its digital signature record RRSIG, and then caches the newly generated digest value and the root zone data.
  • the fingerprint of the device is compared; if it is consistent, the version number of the root zone data buffer is set to the serial number of the currently acquired SOA, and the SOA in the root zone data buffer is updated, and then the root zone data buffer is notified to continue the recursive resolution.
  • the device responds; if not, discards all data in the root zone data buffer and then notifies the root zone data buffer to continue responding to the recursive resolver.
  • the root zone data buffer sets a refresh timer for each resource record RR newly placed in the root zone data buffer.
  • the refresh timer of each resource record RR is counted down, and the time TTL of the resource record RR is retained in the original value; the root zone data buffer discards the refresh timer value expired.
  • Resource record RR the refresh timer of each resource record RR is counted down, and the time TTL of the resource record RR is retained in the original value; the root zone data buffer discards the refresh timer value expired.
  • the recursive server deletes the refresh timer of the resource records RR in the query result, and starts counting down the TTL of the resource record RR in the query result.
  • the root zone file analyzer periodically queries the root domain name server for the SOA record interval to be the refresh value of the SOA record or the value set by the DNS administrator.
  • a system for optimizing DNS root service access comprising: a recursive parser, a root zone data buffer, and a root zone file analyzer; wherein
  • the recursive parser is responsible for parsing and searching DNS data. When it is required to query the resource record RR corresponding to a certain type of top-level domain name from the root domain name server, first check whether the recursive parser's setting cache has a corresponding resource record.
  • the recursive server checks the resource record RR corresponding to the type of the top-level domain name in the data buffer of the root zone data buffer, if the corresponding response is found.
  • the resource record RR the feedback includes the query result of the resource record RR; otherwise, the recursive server queries the root domain name server for the resource record RR corresponding to the type of the top-level domain name, and if the corresponding resource record RR is found, the feedback includes the resource.
  • the recursive parser stores the corresponding resource record RR obtained by querying the top-level domain of the type into the root zone data buffer. If the DNSSEC verification is not passed, the query result is not cached in the root zone data buffer.
  • the recursive parser sends a DNSSEC query to the root domain name server to query the resource record RR corresponding to the same top-level domain name, and performs DNSSEC verification on the feedback result. Then the recursive parser will query the top-level domain of the type RR corresponding to the resource record stored in the root zone data buffer area or not in the data buffer buffers the root of the query result;
  • the root zone data buffer is responsible for storing the resource record RR corresponding to the top-level domain obtained by the recursive parser from the root domain name server querying the top-level domain name TLD and the recursive server performing DNSSEC verification;
  • the root zone file parser is responsible for analyzing whether the root zone file has been updated. If an update is made, the root zone data buffer is notified to clear the cached data.
  • the root zone data buffer is provided with three parameters: a version number, a fingerprint, and a refresh timer; wherein the version number is a serial number of the SOA record obtained from the root domain name server query, and the refresh timer value is a SOA record.
  • the expiration value of the fingerprint is the digest value of the root zone file after removing the SOA record and its digital signature record RRSIG.
  • the refresh timer of each resource record RR is counted down, and the time TTL of the resource record RR is retained in the original value; the root zone data buffer discards the refresh timer value expired.
  • Resource record RR the refresh timer of each resource record RR is counted down, and the time TTL of the resource record RR is retained in the original value; the root zone data buffer discards the refresh timer value expired.
  • the recursive server deletes the refresh timer of the resource records RR in the query result, and starts counting down the TTL of the resource record RR in the query result.
  • the invention increases the root zone data buffer and the root zone file analyzer, and effectively reduces the time of accessing the root server through the coordinated cooperation of the three.
  • the present invention provides a method and system for optimizing DNS root service access.
  • the system consists of three main components: recursive parser, root zone data buffer, and root zone file parser.
  • the recursive parser is responsible for parsing and searching DNS data
  • the root zone data buffer is responsible for storing the corresponding resource record RR obtained by the recursive parser from the root server for querying a type of top-level domain name TLD.
  • the root zone file parser is responsible for analyzing the root zone file and discriminating whether the root zone file has been updated. If it is updated, the root zone data buffer needs to be notified to clear the cached data.
  • the root zone data buffer has three parameters, a version number, a fingerprint, and a refresh timer.
  • the assignment is the same as the SOA serial number of the current version of the root zone file.
  • the assignment is the digest value of the root region file (excluding the original authoritative service SOA and its digital signature record RRSIG) performing the digest operation of the same algorithm (such as MD5).
  • the contents of the root zone data buffer cache must use a timer.
  • Each resource record RR will be assigned a refresh timer, which is given a default value when each RR is placed in the root data cache.
  • the value of this default timer is the expired value of the root zone SOA record. Administrators can also set their own timer values. If the root zone data cannot be updated normally between the domain name root server and other secondary servers, the data valid time of the secondary domain name server is the expire value of the SOA.
  • the invention can adjust the parameter value to increase the buffering time of the data in the root zone data buffer to be as long as expire, or can be increased to be longer according to the administrator's needs.
  • the recursive parser when the recursive parser needs to query the RR corresponding to a certain type of top-level domain name from the root domain name server, it should first check the cache specified in RFC 1035 of the recursive resolver. If the corresponding RR is found, the answer is made according to the requirements of RFC1035, and jump to step 4, otherwise you will jump to step 2.
  • step 3 in the data buffer of the root zone data buffer, check the RR corresponding to a certain type of top-level domain name. If it finds the corresponding RR, it will compose the answer according to the requirements of RFC1035, and jump to step 4, otherwise it will jump to step 3.
  • Step 3 query the root domain name server (that is, query the RR corresponding to a certain type of top-level domain name in step 1), and if the corresponding RR is found, jump to steps 5 and 4; if not Find the corresponding RR, the root domain name server will give some information that the RR corresponding to a certain type of top-level domain name does not exist as an answer, then jump to step 4.
  • the root domain name server that is, query the RR corresponding to a certain type of top-level domain name in step 1
  • step 4 the recursive parser finds the answer and ends it according to and follows the steps specified in RFC 1035.
  • step 5 if it is a DNSSEC query, the recursive resolver should verify that the response is detected by DNSSEC. If it is verified by DNSSEC, the recursive parser should place the corresponding resource record RR obtained by these queried top-level domains into the root zone data buffer, and set the refresh timing for each resource record RR that is newly placed in the root zone data buffer. Device. in case This data is not placed in the root zone data buffer without DNSSEC validation. If it is not a DNSSEC query, go to step 6.
  • the recursive resolver should send another DNSSEC query of the same problem to the root domain name server. If the response is verified by DNSSEC, the recursive resolver should place the corresponding resource record RR obtained by these queried top-level domains into the root zone data cache. And set a refresh timer for each resource record RR that is newly placed in the root zone data buffer. If these RRs cannot be verified by DNSSEC, the recursive resolver should not cache them in the root zone data buffer.
  • the system must be able to verify DNSSEC resource records.
  • the system must have a recent backup of the DNS root key on the recursive resolver for use by the recursive resolver when doing DNSSEC validation.
  • the above requirement is to ensure that the authoritative data in the root data cache must match the corresponding authoritative data in the root server.
  • the data of the root zone data buffer will be discarded by the timeout mechanism set by the value of a refresh timer. It can also be analyzed by the root zone file analyzer, based on the comparison between the serial number in the SOA and the serial number in the root buffer, and the summary of the root zone data (except the SOA record and the corresponding RRSIG record). The value is compared with the fingerprint in the root buffer. If the two are different, it can be determined that the old root data is invalid, and the root data buffer is also instructed to discard the data.
  • the refresh timer is counted down, and the TTL of the resource record RR is retained at the original value without change.
  • Each RR will be assigned a default refresh timer when it is placed in the root zone data buffer.
  • the refresh timer When the RR is output from the root zone data buffer, the refresh timer will be deleted and the TTL in the RR will start to "count down".
  • the root zone data buffer should discard the RR whose refresh timer value expires.
  • Step 1 Obtain an SOA record from the root domain name server query.
  • IANA Internet Assigned Numbers Authority
  • Step 3 The root zone file analyzer periodically queries the SOA record of the root domain name server, and compares the version number of the root zone data buffer with the serial number serial value of the SOA. If the two values are the same, wait for a fixed time (the recommended time is the refresh value of the SOA or every 15 minutes), then jump to step 3; if the values are not the same, jump to step 4.
  • step 4 the root zone data buffer is notified to temporarily stop responding to the recursive parser.
  • the root zone data buffer is then notified to continue responding to the recursive parser. Go to step 3. If the values are different, indicating that the root zone data has changed, the system must discard all data in the root zone data buffer, then notify the root zone data buffer to continue responding to the recursive resolver, and then go to step 1.
  • this technology can reduce the response time for root zone data access by a factor of seven.
  • the present invention is easy to deploy and can be deployed on a large number of existing domain recursive servers.
  • FIG. 1 is a schematic structural view of a conventional parser
  • FIG. 2 is a schematic structural view of a system of the present invention.
  • the root zone file analyzer obtains the SOA information and the summary information of the current root zone file, and assigns a value to the root zone data buffer.
  • the root zone SOA record queried is as follows:
  • the recursive parser When the recursive parser needs to query ".cn”, first query the recursive parser with the cache specified in RFC1035. If it is not found, go to the root zone data buffer to find it. If it is not found, go to the remote root domain name server. After finding the relevant information of ".cn”, if DNSSEC authentication is passed, the information about ".cn” is placed in the root zone data buffer, and a refresh timer is set for each resource record RR, and its value is set. Is 604800. By analogy, the root data buffer slowly has data that is often used by recursive parsers such as ".com” and ".net”.
  • the recursive parser When the recursive parser needs to query the information of ".cn", it can obtain data directly from the root region data buffer according to the algorithm and steps of the parser in the invention.
  • the root zone data buffer deletes the data information of ".cn” to ensure the correctness and timeliness of the information.
  • the root zone file parser passes the SOA query and digest algorithm.
  • DNS Domain Name System
  • SOA Authoritative Service
  • the SOA record is:
  • Source host (Primary nameserver):
  • the host location where the DNS log file is located is located.
  • the format is yyyymmddnn, and nn means that this day is the first modification.
  • the secondary domain name server loads a new copy of the zone data by comparing the serial number.
  • the secondary domain name server cannot access the primary server after the refresh interval, it starts to retry the connection once in a while. This time is usually shorter than the refresh time, but it does not have to be the case.
  • the secondary domain name server If the secondary domain name server is not connected to the primary server during the expiration time, the secondary domain name server will use this and I will be invalid. This means that the secondary domain name server will stop answering the area because the data in these areas is too old to be useful.
  • the setup time is much longer than the refresh and retry time, which is more reasonable in weeks.
  • This value applies to negative responses from authoritative domain name servers in this zone.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

Disclosed are a method and system for optimizing DNS root service access. The system comprises a recursive resolver, a root zone data buffer and a root zone file analyser, wherein the recursive resolver is responsible for resolving and searching for DNS data: firstly checking whether a set buffer of the recursive resolver is provided with a corresponding resource record (RR), if so, feeding back a query result, otherwise checking in a data buffer of the root zone data buffer, and feeding back a query result if it is found, otherwise querying in a root domain name server and performing feedback; performing DNSSEC verification on a query result of a DNSSEC query; and after the verification is passed, storing relevant data to the root zone data buffer; and the root zone file analyser is responsible for analysing whether a root zone file is updated, and if the root zone file is updated, notifying the root zone data buffer to clear the buffered data. The present invention can solve the problem of too long an access time of a root server, and cannot destroy the existing root domain name resolution mechanism potentially at the same time.

Description

一种优化DNS根服务访问的方法与系统Method and system for optimizing DNS root service access 技术领域Technical field

本发明涉及一种优化DNS根服务访问的方法与系统,属于网络技术领域。The present invention relates to a method and system for optimizing DNS root service access, and belongs to the field of network technology.

背景技术Background technique

随着互联网的持续发展以及新顶级域名的逐步推广,需要进一步提升根服务质量,例如加强根服务的快速查询响应,减少访问DNS根数据的时间的需求。DNS递归解析器自带有一些缓存机制,但是这种机制,由于未对根区数据进行优化,无法满足日益增长的对减少访问DNS根数据的时间的需求。With the continuous development of the Internet and the gradual promotion of new top-level domain names, it is necessary to further improve the quality of root services, such as strengthening the fast query response of root services and reducing the time required to access DNS root data. The DNS recursive resolver comes with some caching mechanism, but this mechanism, because it is not optimized for the root zone data, cannot meet the growing need to reduce the time to access DNS root data.

如图1所示,现有的递归解析器的缓存器是一个通用缓存,针对所有的各级域名和各类区文件。目前已经有的解析技术不对根区数据进行专门缓存,采用普通的缓存机制,不利于减少访问DNS根数据的时间。As shown in Figure 1, the existing recursive parser's buffer is a generic cache for all levels of domain names and various zone files. At present, the existing parsing technology does not specifically cache the root zone data, and adopts a common caching mechanism, which is not conducive to reducing the time for accessing the DNS root data.

为了应对根区访问的爆炸式发展,自2002年开始,DNS根服务系统广泛采用任播技术进行根服务器数量扩展。至今全球已有近490个根服务器镜像节点。由于部署根镜像服务器受资源限制大,对部署环境要求高,不能无限制的部署,因此利用任播技术部署根镜像的方法不能很好的满足对减少访问DNS根数据的时间的需求。In response to the explosive development of root zone access, since 2002, the DNS root service system has widely adopted anycast technology to expand the number of root servers. To date, there are nearly 490 root server mirror nodes in the world. Because the deployment of the root mirror server is limited by resources and requires high deployment environment, it cannot be deployed in an unrestricted manner. Therefore, the method of deploying the root image by using anycast technology cannot meet the requirement of reducing the time for accessing the DNS root data.

IETF最近推出了运行在环路地址上的根服务器的机制。这种方法相当于在全球规定的13个根服务器外又增加了一些额外的运行在本地环路上的根服务器。这种机制虽然能在一定程度上减少根的访问时间,但是这种机制在大量部署以后可能破坏现有的互联网域名解析机制,使DNS根域名服务失去作用,从而可能干扰互联网的正常稳定运行。The IETF recently introduced a mechanism for running a root server on a loop address. This approach is equivalent to adding a few additional root servers running on the local loop in addition to the 13 root servers specified worldwide. Although this mechanism can reduce the access time of the root to a certain extent, this mechanism may destroy the existing Internet domain name resolution mechanism after a large number of deployments, and the DNS root domain name service may be disabled, which may interfere with the normal and stable operation of the Internet.

发明内容Summary of the invention

针对现有技术中存在的技术问题,本发明的目的在于提供一种优化DNS根服务访问的方法与系统。本发明针对根区文件的特点和需要减少对根区数据访问时间的需求,增加了根数据缓存器及其相关算法和步骤,增加了根区数据分析器相关的算法和步骤,同时改进了递归解析器的算法。根据目前根区文件的设置特点,本发明和现有的基于通用缓存的性能相比,平均可以提高访问根区数据速度约7倍。本发明可以解决根服务器访问时间过长的问题,同时不会潜在破坏现有的根域名解析机制。In view of the technical problems existing in the prior art, an object of the present invention is to provide a method and system for optimizing DNS root service access. The present invention addresses the characteristics of the root zone file and the need to reduce the data access time of the root zone, adds a root data buffer and its associated algorithms and steps, adds algorithms and steps related to the root zone data analyzer, and improves recursion. The algorithm of the parser. According to the setting characteristics of the current root zone file, the present invention can increase the access root zone data speed by about 7 times on average compared with the existing general cache-based performance. The invention can solve the problem that the root server access time is too long, and does not potentially damage the existing root domain name resolution mechanism.

目前递归解析器所带的通用缓存器缓存所有各级域名的数据,无法对来自根服务器的顶 级域数据进行专门优化。通用缓存器存,由于无法获知域名数据是否是最新的,因此对域名的缓存时间一般比较短。域名缓存的时间决定于所缓存的域名数据是否是真实的最新数据;只要域名数据是最新的真实数据,理论上,就可以一直缓存下去。原始权威服务(SOA)记录的一个功能就是通过SOA中的序列号(serial)的变化告知区文件数据发生变化了,但是根区文件有时候仅仅是SOA记录本身发生了变化,区中的其它数据并没有发生变化。本系统通过对根服务器中的原始权威服务(SOA)记录的轮询以及根区文件的探测,保证了根域名数据是最新数据,同时通过对DNSSEC技术的应用保证了所获得的域名数据是真实的未经篡改的。本系统通过设计新功能算法和改进算法,延长了数据在缓存中的时间,减少了对根服务器的访问,减少了平均访问时间。The general purpose buffer currently used by the recursive parser caches data for all levels of domain names, and cannot be topped from the root server. The domain data is specifically optimized. The general-purpose cache is stored. Since the domain name data is not known to be up-to-date, the cache time for the domain name is generally short. The time of the domain name cache depends on whether the cached domain name data is the latest and most recent data; as long as the domain name data is the latest real data, in theory, it can be cached all the time. One function of the original authoritative service (SOA) record is to inform the zone file data changes through the serial number change in the SOA, but the root zone file sometimes only changes the SOA record itself, and other data in the zone. It has not changed. The system ensures that the root domain name data is the latest data through the polling of the original authoritative service (SOA) records in the root server and the detection of the root zone file. At the same time, the application of the DNSSEC technology ensures that the obtained domain name data is true. Untamed. By designing new functional algorithms and improved algorithms, the system prolongs the time of data in the cache, reduces access to the root server, and reduces the average access time.

本发明的技术方案为:The technical solution of the present invention is:

一种优化DNS根服务访问的方法,其步骤为:A method for optimizing DNS root service access, the steps of which are:

1)在递归服务器中设置一根区数据缓存器;1) setting a zone data buffer in the recursive server;

2)当递归解析器需要从根域名服务器查询某一类型的顶级域名所对应的资源记录RR时,首先检查该递归解析器的设定缓存是否有相对应的资源记录RR,如果有则反馈包含该资源记录RR的查询结果,否则进行步骤3);2) When the recursive parser needs to query the resource record RR corresponding to a certain type of top-level domain name from the root domain name server, first check whether the recursive parser's setting cache has a corresponding resource record RR, and if so, the feedback includes The resource records the query result of the RR, otherwise step 3);

3)该递归服务器在该根区数据缓存器的数据缓存里检查该类型的顶级域名所对应的资源记录RR,如果找到相对应的资源记录RR,则反馈包含该资源记录RR的查询结果,否则进行步骤4);3) The recursive server checks the resource record RR corresponding to the type of the top-level domain name in the data buffer of the root zone data buffer, and if the corresponding resource record RR is found, the feedback includes the query result of the resource record RR, otherwise Go to step 4);

4)该递归服务器向根域名服务器查询该类型的顶级域名所对应的资源记录RR,如果找到对应的资源记录RR,则反馈包含该资源记录RR的查询结果;如果没找到相对应的资源记录RR,则反馈查询失败的查询结果;4) The recursive server queries the root domain name server for the resource record RR corresponding to the type of the top-level domain name. If the corresponding resource record RR is found, the feedback includes the query result of the resource record RR; if the corresponding resource record RR is not found, , the feedback result of the query failure is fed back;

5)对于包含该资源记录RR的查询结果,该递归解析器检查该查询结果对应的查询是否为DNSSEC查询,如果是,则对该查询结果进行DNSSEC检测,如果通过DNSSEC验证,则该递归解析器将查询该类型的顶级域得到的对应资源记录RR存储到该根区数据缓存器,如果没有通过DNSSEC验证,则不对查询结果在根区数据缓存器里进行缓存;如果查询结果对应的查询不是DNSSEC查询,则该递归解析器向根域名服务器发送一个查询该类型顶级域名所对应资源记录RR的DNSSEC查询,并对反馈结果进行DNSSEC验证,如果通过验证,则该递归解析器将查询该类型的顶级域得到的对应资源记录RR存储到该根区数据缓存器,否则不在该根区数据缓存器中缓存该查询结果。 5) For the query result including the resource record RR, the recursive parser checks whether the query corresponding to the query result is a DNSSEC query, and if so, performs DNSSEC detection on the query result, and if verified by DNSSEC, the recursive parser The corresponding resource record RR obtained by querying the top-level domain of the type is stored in the root zone data buffer. If the DNSSEC verification is not performed, the query result is not cached in the root zone data buffer; if the query corresponding to the query result is not DNSSEC If the query is sent, the recursive parser sends a DNSSEC query to the root domain name server for querying the resource record RR corresponding to the type of the top-level domain name, and performs DNSSEC verification on the feedback result. If the verification is performed, the recursive parser queries the top level of the type. The corresponding resource record RR obtained by the domain is stored in the root zone data buffer, otherwise the query result is not cached in the root zone data buffer.

进一步的,在DNS根服务系统中还设置一根区文件分析器;所述根区文件分析器对所述根区缓存器中的资源记录RR是否更新进行判断,其方法为:Further, a zone file analyzer is further disposed in the DNS root service system; the root zone file analyzer determines whether the resource record RR in the root zone buffer is updated, and the method is:

21)所述根区文件分析器从根域名服务器查询获得SOA记录,然后设置所述根区数据缓存器的版本号为SOA记录的序列号,设置所述刷新定时器的值为SOA记录的过期值;21) The root zone file analyzer obtains the SOA record from the root domain name server query, and then sets the version number of the root zone data buffer to the serial number of the SOA record, and sets the value of the refresh timer to expire of the SOA record. value;

22)所述根区文件分析器从互联网数字分配机构获得根区文件,并对去除SOA记录及其数字签名记录RRSIG后的根区文件进行摘要操作,将获得的摘要值作为所述根区数据缓存器的指纹;22) The root zone file analyzer obtains a root zone file from an Internet digital distribution authority, and performs a digest operation on the root zone file after removing the SOA record and its digital signature record RRSIG, and uses the obtained digest value as the root zone data. The fingerprint of the buffer;

23)所述根区文件分析器定期查询根域名服务器的SOA记录,并比较根区数据缓存器的版本号与SOA的序列号是否一致,如果一致,则定期查询;如果不一致,则通知根区数据缓存器停止对递归解析器进行响应,并且重新获取根区文件,并对去除SOA记录及其数字签名记录RRSIG后的根区文件进行摘要操作,然后将新生成的摘要值与根区数据缓存器的指纹进行比较;如果一致,则设置根区数据缓存器的版本号为当前获取的SOA的序列号,并且更新根区数据缓存器中的SOA,然后通知根区数据缓存器继续对递归解析器进行响应;如果不一致,则将根区数据缓存器中的所有数据丢弃,然后通知根区数据缓存器继续对递归解析器进行响应。23) The root zone file analyzer periodically queries the SOA record of the root domain name server, and compares the version number of the root zone data buffer with the serial number of the SOA. If they are consistent, the query is performed periodically; if not, the root zone is notified. The data buffer stops responding to the recursive parser and reacquires the root zone file, and performs a digest operation on the root zone file after removing the SOA record and its digital signature record RRSIG, and then caches the newly generated digest value and the root zone data. The fingerprint of the device is compared; if it is consistent, the version number of the root zone data buffer is set to the serial number of the currently acquired SOA, and the SOA in the root zone data buffer is updated, and then the root zone data buffer is notified to continue the recursive resolution. The device responds; if not, discards all data in the root zone data buffer and then notifies the root zone data buffer to continue responding to the recursive resolver.

进一步的,所述根区数据缓存器给每个新放入根区数据缓存器的资源记录RR设置一刷新定时器。Further, the root zone data buffer sets a refresh timer for each resource record RR newly placed in the root zone data buffer.

进一步的,所述根区数据缓存器中,每一资源记录RR的刷新计时器进行倒计时,同时资源记录RR的时间TTL会保留在原有的值;根区数据缓存器抛弃刷新定时器值过期的资源记录RR。Further, in the root zone data buffer, the refresh timer of each resource record RR is counted down, and the time TTL of the resource record RR is retained in the original value; the root zone data buffer discards the refresh timer value expired. Resource record RR.

进一步的,对于所述查询结果中包含的资源记录RR,递归服务器删除查询结果中这些资源记录RR的刷新定时器,并且将所述查询结果中的资源记录RR的TTL开始倒计时。Further, for the resource record RR included in the query result, the recursive server deletes the refresh timer of the resource records RR in the query result, and starts counting down the TTL of the resource record RR in the query result.

进一步的,所述根区文件分析器定期查询根域名服务器的SOA记录的时间间隔为SOA记录的刷新值或者DNS管理员设定的数值。Further, the root zone file analyzer periodically queries the root domain name server for the SOA record interval to be the refresh value of the SOA record or the value set by the DNS administrator.

一种优化DNS根服务访问的系统,其特征在于,包括递归解析器、根区数据缓存器以及根区文件分析器;其中,A system for optimizing DNS root service access, comprising: a recursive parser, a root zone data buffer, and a root zone file analyzer; wherein

递归解析器,负责DNS数据的解析和查找;当需要从根域名服务器查询某一类型的顶级域名所对应的资源记录RR时,首先检查该递归解析器的设定缓存是否有相对应的资源记录RR,如果有则反馈包含该资源记录RR的查询结果;否则该递归服务器在该根区数据缓存器的数据缓存里检查该类型的顶级域名所对应的资源记录RR,如果找到相对应 的资源记录RR,则反馈包含该资源记录RR的查询结果;否则该递归服务器向根域名服务器查询该类型的顶级域名所对应的资源记录RR,如果找到对应的资源记录RR,则反馈包含该资源记录RR的查询结果;如果没找到相对应的资源记录RR,则反馈查询失败的查询结果;并且对于包含该资源记录RR的查询结果,如果是DNSSEC查询,则对该查询结果进行DNSSEC验证;如果通过DNSSEC验证,则该递归解析器将查询该类型的顶级域得到的对应资源记录RR存储到该根区数据缓存器,如果没有通过DNSSEC验证,则不对查询结果在根区数据缓存器里进行缓存;如果查询结果对应的查询不是DNSSEC查询,则该递归解析器向根域名服务器发送一个查询该类型同一个顶级域名所对应资源记录RR的DNSSEC查询,并对反馈结果进行DNSSEC验证,如果通过验证,则该递归解析器将查询该类型的顶级域得到的对应资源记录RR存储到该根区数据缓存器,否则不在该根区数据缓存器中缓存该查询结果;The recursive parser is responsible for parsing and searching DNS data. When it is required to query the resource record RR corresponding to a certain type of top-level domain name from the root domain name server, first check whether the recursive parser's setting cache has a corresponding resource record. RR, if yes, the feedback includes the query result of the resource record RR; otherwise, the recursive server checks the resource record RR corresponding to the type of the top-level domain name in the data buffer of the root zone data buffer, if the corresponding response is found The resource record RR, the feedback includes the query result of the resource record RR; otherwise, the recursive server queries the root domain name server for the resource record RR corresponding to the type of the top-level domain name, and if the corresponding resource record RR is found, the feedback includes the resource. Recording the query result of the RR; if the corresponding resource record RR is not found, feeding back the query result of the query failure; and if the query result including the resource record RR is a DNSSEC query, performing DNSSEC verification on the query result; Through DNSSEC verification, the recursive parser stores the corresponding resource record RR obtained by querying the top-level domain of the type into the root zone data buffer. If the DNSSEC verification is not passed, the query result is not cached in the root zone data buffer. If the query corresponding to the query result is not a DNSSEC query, the recursive parser sends a DNSSEC query to the root domain name server to query the resource record RR corresponding to the same top-level domain name, and performs DNSSEC verification on the feedback result. Then the recursive parser will query the top-level domain of the type RR corresponding to the resource record stored in the root zone data buffer area or not in the data buffer buffers the root of the query result;

根区数据缓存器,负责储存递归解析器从根域名服务器查询顶级域名TLD获得的并且递归服务器进行DNSSEC验证通过的顶级域对应的资源记录RR;The root zone data buffer is responsible for storing the resource record RR corresponding to the top-level domain obtained by the recursive parser from the root domain name server querying the top-level domain name TLD and the recursive server performing DNSSEC verification;

根区文件分析器,负责分析根区文件是否进行了更新,如果进行了更新,则通知根区数据缓存器清空所缓存数据。The root zone file parser is responsible for analyzing whether the root zone file has been updated. If an update is made, the root zone data buffer is notified to clear the cached data.

进一步的,所述根区数据缓存器设有三个参数:版本号、指纹和刷新定时器;其中,版本号为从根域名服务器查询获得的SOA记录的序列号,刷新定时器的值为SOA记录的过期值,指纹为去除SOA记录及其数字签名记录RRSIG后的根区文件的摘要值。Further, the root zone data buffer is provided with three parameters: a version number, a fingerprint, and a refresh timer; wherein the version number is a serial number of the SOA record obtained from the root domain name server query, and the refresh timer value is a SOA record. The expiration value of the fingerprint is the digest value of the root zone file after removing the SOA record and its digital signature record RRSIG.

进一步的,所述根区数据缓存器中,每一资源记录RR的刷新计时器进行倒计时,同时资源记录RR的时间TTL会保留在原有的值;根区数据缓存器抛弃刷新定时器值过期的资源记录RR。Further, in the root zone data buffer, the refresh timer of each resource record RR is counted down, and the time TTL of the resource record RR is retained in the original value; the root zone data buffer discards the refresh timer value expired. Resource record RR.

进一步的,对于所述查询结果中包含的资源记录RR,递归服务器删除查询结果中这些资源记录RR的刷新定时器,并且将所述查询结果中的资源记录RR的TTL开始倒计时。Further, for the resource record RR included in the query result, the recursive server deletes the refresh timer of the resource records RR in the query result, and starts counting down the TTL of the resource record RR in the query result.

本发明通过设计新型的递归解析器,增加根区数据缓存器以及根区文件分析器,通过三者的协调配合工作,有效的减少访问根服务器的时间。By designing a new recursive parser, the invention increases the root zone data buffer and the root zone file analyzer, and effectively reduces the time of accessing the root server through the coordinated cooperation of the three.

本发明提供了一种优化DNS根服务访问的方法与系统。该系统主要有三部分组成,分别是递归解析器、根区数据缓存器以及根区文件分析器。The present invention provides a method and system for optimizing DNS root service access. The system consists of three main components: recursive parser, root zone data buffer, and root zone file parser.

递归解析器负责DNS数据的解析和查找;The recursive parser is responsible for parsing and searching DNS data;

根区数据缓存器负责储存递归解析器从根服务器查询某一类型顶级域名TLD所获得的对应资源记录RR。 The root zone data buffer is responsible for storing the corresponding resource record RR obtained by the recursive parser from the root server for querying a type of top-level domain name TLD.

根区文件分析器负责分析根区文件的情况,判别根区文件是否进行了更新,如果进行了更新,需要通知根区数据缓存器清空所缓存数据。The root zone file parser is responsible for analyzing the root zone file and discriminating whether the root zone file has been updated. If it is updated, the root zone data buffer needs to be notified to clear the cached data.

根区数据缓存器,有三个参数,分别是版本号,指纹和刷新定时器。The root zone data buffer has three parameters, a version number, a fingerprint, and a refresh timer.

1)版本号:1) Version number:

其赋值与根区文件的当前版本的SOA序列号相同The assignment is the same as the SOA serial number of the current version of the root zone file.

2)指纹:2) Fingerprint:

其赋值是根区文件分析器对根区文件(不包括原始权威服务SOA及其数字签名记录RRSIG)进行相同算法的摘要操作(比如MD5)的摘要值。The assignment is the digest value of the root region file (excluding the original authoritative service SOA and its digital signature record RRSIG) performing the digest operation of the same algorithm (such as MD5).

3)刷新定时器:3) Refresh timer:

根区数据缓存器缓存的内容必须使用计时器。每一个资源记录RR将分配一个刷新定时器,当每个RR被放入根数据缓存时,给予默认值。这个默认的定时器的值是根区SOA记录的过期(expire)值。管理员也可以设置自己的定时器值。域名根服务器和其它辅服务器之间如果无法正常对根区数据进行更新,辅域名服务器的数据有效时间是SOA的expire值。本发明可以利用调整该参数值,把在根区数据缓存器里的数据的缓存时间提高至和expire一样长,也可以根据管理员需求提高至更长。The contents of the root zone data buffer cache must use a timer. Each resource record RR will be assigned a refresh timer, which is given a default value when each RR is placed in the root data cache. The value of this default timer is the expired value of the root zone SOA record. Administrators can also set their own timer values. If the root zone data cannot be updated normally between the domain name root server and other secondary servers, the data valid time of the secondary domain name server is the expire value of the SOA. The invention can adjust the parameter value to increase the buffering time of the data in the root zone data buffer to be as long as expire, or can be increased to be longer according to the administrator's needs.

1.该系统的详细使用步骤:1. Detailed steps for the use of the system:

第1步,当递归解析器需要从根域名服务器查询某个类型的顶级域名所对应的RR,应该先检查递归解析器的RFC 1035中指定的缓存。如果找到了相对应的RR,则根据RFC1035的要求组成答案,跳转到第4步,否则要跳转到第2步。In the first step, when the recursive parser needs to query the RR corresponding to a certain type of top-level domain name from the root domain name server, it should first check the cache specified in RFC 1035 of the recursive resolver. If the corresponding RR is found, the answer is made according to the requirements of RFC1035, and jump to step 4, otherwise you will jump to step 2.

第2步,在根区数据缓存器的数据缓存里,检查某个类型的顶级域名所对应的RR。如果它找到了相对应的RR,则根据RFC1035的要求组成答案,跳转到第4步,否则跳转到第3步。In the second step, in the data buffer of the root zone data buffer, check the RR corresponding to a certain type of top-level domain name. If it finds the corresponding RR, it will compose the answer according to the requirements of RFC1035, and jump to step 4, otherwise it will jump to step 3.

第3步,向根域名服务器询问(即查询步骤1中的某个类型的顶级域名所对应的RR),如果找到了相对应的RR,同时跳转到第5步和第4歩;如果没找到相对应的RR,根域名服务器会给出一些所查某个类型的顶级域名所对应的RR不存在的信息作为答案,则跳转到第4步。Step 3, query the root domain name server (that is, query the RR corresponding to a certain type of top-level domain name in step 1), and if the corresponding RR is found, jump to steps 5 and 4; if not Find the corresponding RR, the root domain name server will give some information that the RR corresponding to a certain type of top-level domain name does not exist as an answer, then jump to step 4.

第4步,递归解析器找到答案,并根据和遵循RFC 1035中指定的步骤进行操作,结束。In step 4, the recursive parser finds the answer and ends it according to and follows the steps specified in RFC 1035.

第5步,如果是DNSSEC查询,递归解析器应该验证响应是否通过DNSSEC检测。如果它通过DNSSEC验证,递归解析器应该把这些所查询顶级域所获得的对应资源记录RR放置到根区数据缓存器,并给每个新放入根区数据缓存器的资源记录RR设置刷新定时器。如果 没有通过DNSSEC验证,这数据不放入根区数据缓存器。如果它不是一个DNSSEC查询,则转到步骤6。In step 5, if it is a DNSSEC query, the recursive resolver should verify that the response is detected by DNSSEC. If it is verified by DNSSEC, the recursive parser should place the corresponding resource record RR obtained by these queried top-level domains into the root zone data buffer, and set the refresh timing for each resource record RR that is newly placed in the root zone data buffer. Device. in case This data is not placed in the root zone data buffer without DNSSEC validation. If it is not a DNSSEC query, go to step 6.

第6步,递归解析器应该向根域名服务器发送另一个相同问题的DNSSEC查询,如果响应通过DNSSEC验证,递归解析器应该把这些所查询顶级域所获得的对应资源记录RR放置到根区数据缓存器,并给每个新放入根区数据缓存器的资源记录RR设置刷新定时器。如果这些RR不能通过DNSSEC验证,递归解析器应该不把它们在根区数据缓存器中进行缓存。In step 6, the recursive resolver should send another DNSSEC query of the same problem to the root domain name server. If the response is verified by DNSSEC, the recursive resolver should place the corresponding resource record RR obtained by these queried top-level domains into the root zone data cache. And set a refresh timer for each resource record RR that is newly placed in the root zone data buffer. If these RRs cannot be verified by DNSSEC, the recursive resolver should not cache them in the root zone data buffer.

2.系统要求2. System requirements

为了实现本发明中所描述的机制:In order to implement the mechanism described in the present invention:

1、系统必须能够验证DNSSEC资源记录。1. The system must be able to verify DNSSEC resource records.

2、系统必须在递归解析器上有DNS根密钥的最新备份以便递归解析器在做DNSSEC验证的时候使用。2. The system must have a recent backup of the DNS root key on the recursive resolver for use by the recursive resolver when doing DNSSEC validation.

3、只有来自根域名服务器TLD RR数据及相关符合RFC1033、RFC1034、RFC4033和RFC4034规范的补充数据才能被根区数据缓存器缓存。3. Only supplementary data from the root domain name server TLD RR data and related RFC1033, RFC1034, RFC4033, and RFC4034 specifications can be cached by the root zone data buffer.

上面的要求是要确保在根数据缓存的权威数据必须与根服务器中的相对应的权威数据一致。The above requirement is to ensure that the authoritative data in the root data cache must match the corresponding authoritative data in the root server.

3.根区数据缓存器的要求3. Root zone data buffer requirements

根区数据缓存器的数据将被一个刷新定时器的值设定的超时机制丢弃。也可以通过根区文件分析器的分析,根据查询到的SOA中的序列号和根区缓存器中的序列号的对比,以及对根区数据(除了SOA记录以及相对应的RRSIG记录)的摘要值与根区缓存器中的指纹进行对比,如果两者都不一样,就可以判定旧有的根数据失效,也会指令根区数据缓存器丢弃数据。The data of the root zone data buffer will be discarded by the timeout mechanism set by the value of a refresh timer. It can also be analyzed by the root zone file analyzer, based on the comparison between the serial number in the SOA and the serial number in the root buffer, and the summary of the root zone data (except the SOA record and the corresponding RRSIG record). The value is compared with the fingerprint in the root buffer. If the two are different, it can be determined that the old root data is invalid, and the root data buffer is also instructed to discard the data.

运行根区数据缓存器的要求如下:The requirements for running the root zone data buffer are as follows:

1)在根区数据缓存器中,刷新计时器进行倒计时工作,而在资源记录RR的时间TTL会保留在原有的值,而不进行变化。1) In the root zone data buffer, the refresh timer is counted down, and the TTL of the resource record RR is retained at the original value without change.

2)每个RR当它被放入根区数据缓存器时,将分配一个默认值的刷新定时器。当RR从根区数据缓存器输出时,刷新定时器将被删除,在RR中的TTL将开始“倒计时”。2) Each RR will be assigned a default refresh timer when it is placed in the root zone data buffer. When the RR is output from the root zone data buffer, the refresh timer will be deleted and the TTL in the RR will start to "count down".

3)根区数据缓存器应该抛弃刷新定时器值过期的RR。3) The root zone data buffer should discard the RR whose refresh timer value expires.

4.根区文件分析器的操作4. Root Zone File Analyzer operation

步骤1,从根域名服务器查询获得SOA记录,SOA记录包含序列号(serial)、刷新值(refresh)和过期值(expire)等值,设置根区数据缓存器的版本号=SOA记录的序列号serial 值;刷新定时器的值=SOA记录的expire值。Step 1: Obtain an SOA record from the root domain name server query. The SOA record includes a serial number (serial), a refresh value (refresh), and an expiration value (expire), and sets a root zone data buffer version number=SOA record serial number. Serial Value; the value of the refresh timer = the expire value of the SOA record.

步骤2,从互联网数字分配机构IANA(The Internet Assigned Numbers Authority)获得完全的根区文件,并对根区文件(不包括SOA及其RRSIG)进行相同的摘要操作(比如MD5算法),从而获得摘要值。设置根区数据缓存器的指纹=摘要值。Step 2: Obtain the complete root zone file from the Internet Assigned Numbers Authority (IANA) and perform the same digest operation (such as MD5 algorithm) on the root zone file (excluding SOA and its RRSIG) to obtain the abstract. value. Set the fingerprint=summary value of the root zone data buffer.

步骤3,根区文件分析器定期查询根域名服务器的SOA记录,并用根区数据缓存器的版本号和SOA的序列号serial值进行比较。如果两个值是一样的,等待固定的时间(建议的时间是SOA的refresh值或每15分钟),然后跳转到步骤3;如果值是不一样的,要跳转到步骤4。Step 3: The root zone file analyzer periodically queries the SOA record of the root domain name server, and compares the version number of the root zone data buffer with the serial number serial value of the SOA. If the two values are the same, wait for a fixed time (the recommended time is the refresh value of the SOA or every 15 minutes), then jump to step 3; if the values are not the same, jump to step 4.

步骤4,通知根区数据缓存器暂时停止对递归解析器进行响应。获得完全的根区文件,并对根区数据(不包括SOA及其RRSIG)进行相同的摘要操作(比如MD5算法),从而获得摘要值。用根区数据缓存器的指纹和该摘要值进行比较。如果值是相同的,说明根区文件只是进行了关于SOA数据的更新,其它数据未变,则设置根区数据缓存器的版本号=当前获得的SOA的serial值,如果根区数据缓存器存有SOA记录,也同时进行更新。然后通知根区数据缓存器继续对递归解析器进行响应。跳转到步骤3。如果值不相同,说明根区数据已经发生了变化,则系统必须将根区数据缓存器中的所有数据丢弃,然后通知根区数据缓存器继续对递归解析器进行响应,再转到步骤1。In step 4, the root zone data buffer is notified to temporarily stop responding to the recursive parser. Obtain a full root zone file and perform the same digest operation (such as MD5 algorithm) on the root zone data (excluding SOA and its RRSIG) to get the digest value. The fingerprint of the root zone data buffer is compared to the digest value. If the values are the same, the root zone file is only updated about the SOA data. If the other data has not changed, set the root zone data buffer version number = the currently obtained SOA serial value, if the root zone data buffer is saved. There are SOA records and they are also updated at the same time. The root zone data buffer is then notified to continue responding to the recursive parser. Go to step 3. If the values are different, indicating that the root zone data has changed, the system must discard all data in the root zone data buffer, then notify the root zone data buffer to continue responding to the recursive resolver, and then go to step 1.

与现有技术相比,本发明的优点:Advantages of the present invention compared to the prior art:

1)避免了利用anycast任播技术部署大量的根镜像,节约了成本和带宽,不用频繁的直接访问根域名服务器。1) Avoid the use of anycast anycast technology to deploy a large number of root images, saving cost and bandwidth, without frequent direct access to the root domain name server.

2)相对于IETF RFC1035中规定的解析和通用缓存技术,该技术能使对根区数据访问的响应时间减少7倍。2) Compared to the parsing and general caching techniques specified in IETF RFC1035, this technology can reduce the response time for root zone data access by a factor of seven.

3)本发明易于部署,可以大量的部署在现有的域名递归服务器之上。3) The present invention is easy to deploy and can be deployed on a large number of existing domain recursive servers.

附图说明DRAWINGS

图1为现有解析器结构示意图;1 is a schematic structural view of a conventional parser;

图2为本发明系统结构示意图。2 is a schematic structural view of a system of the present invention.

具体实施方式detailed description

下面结合附图对本发明进行进一步详细描述:The present invention will be further described in detail below with reference to the accompanying drawings:

以“.cn”、“.com”和“.net”为例: Take ".cn", ".com", and ".net" as examples:

1、根区数据缓存器初始化:1, the root zone data buffer initialization:

由根区文件分析器获得当前根区文件的SOA信息以及摘要信息,给根区数据缓存器赋值。比如查询到的根区SOA记录如下:The root zone file analyzer obtains the SOA information and the summary information of the current root zone file, and assigns a value to the root zone data buffer. For example, the root zone SOA record queried is as follows:

type=SOA,class=IN,dlen=64Type=SOA,class=IN,dlen=64

ttl=7156(1hour 59mins 16secs)Ttl=7156 (1 hour 59mins 16secs)

primary name server=a.root-servers.netPrimary name server=a.root-servers.net

responsible mail addr=nstld.verisign-grs.comResponsible mail addr=nstld.verisign-grs.com

serial=2015091301Serial=2015091301

refresh=1800(30mins)Refresh=1800(30mins)

retry=900(15mins)Retry=900 (15mins)

expire=604800(7days)Expire=604800(7days)

default TTL=86400(1day)Default TTL=86400(1day)

下载根区文件,去除SOA记录及其RRSIG记录,进行MD5计算,获得摘要值D5-55-2E-81-33-B9-51-F0-2B-80-5D-D5-FC-8B-91-E3Download the root zone file, remove the SOA record and its RRSIG record, perform MD5 calculation, and obtain the digest value D5-55-2E-81-33-B9-51-F0-2B-80-5D-D5-FC-8B-91- E3

因此设置根区数据缓存器的参数如下:So set the parameters of the root zone data buffer as follows:

版本号=2015091301Version number=2015091301

指纹=D5-55-2E-81-33-B9-51-F0-2B-80-5D-D5-FC-8B-91-E3Fingerprint=D5-55-2E-81-33-B9-51-F0-2B-80-5D-D5-FC-8B-91-E3

刷新定时器=604800Refresh timer = 604800

1、根区数据缓存器累积学习过程:1, the root zone data buffer cumulative learning process:

当递归解析器需要查询“.cn”,先查询递归解析器中有RFC1035中规定的缓存,如果没找到,就去根区数据缓存器找,如果没有找到,就去远程根域名服务器找。找到“.cn”的相关信息后,如果通过DNSSEC认证,就将“.cn”的相关信息放到根区数据缓存器中,并且给每条资源记录RR放置一个刷新定时器,并设置其值为604800。依次类推,根数据缓存器里慢慢就有了“.com”和“.net”等递归解析器经常用到的数据。When the recursive parser needs to query ".cn", first query the recursive parser with the cache specified in RFC1035. If it is not found, go to the root zone data buffer to find it. If it is not found, go to the remote root domain name server. After finding the relevant information of ".cn", if DNSSEC authentication is passed, the information about ".cn" is placed in the root zone data buffer, and a refresh timer is set for each resource record RR, and its value is set. Is 604800. By analogy, the root data buffer slowly has data that is often used by recursive parsers such as ".com" and ".net".

2、根区数据缓存器信息查询2, the root zone data buffer information query

当递归解析器需要查询“.cn”的信息时候,就可以依据发明中的解析器的算法和步骤直接从根区数据缓存器中的获得数据。When the recursive parser needs to query the information of ".cn", it can obtain data directly from the root region data buffer according to the algorithm and steps of the parser in the invention.

3、根区数据缓存器的数据更新和清除3, the root zone data buffer data update and clear

当根区数据缓存器中的“.cn”数据信息的刷新定时器值到期,根区数据缓存器会删除“.cn”的数据信息,以保证信息的正确和时效性。或者当根区文件分析器通过SOA查询和摘要算法, 通过发明中规定的根区文件分析器的算法和步骤进行操作,发现根区文件已经被更新,根区文件分析器将通知根区数据缓存器删除包括“.cn”在内的所有数据。同时根区数据缓存器将重新开始学习。When the refresh timer value of the ".cn" data information in the root zone data buffer expires, the root zone data buffer deletes the data information of ".cn" to ensure the correctness and timeliness of the information. Or when the root zone file parser passes the SOA query and digest algorithm, By operating the algorithm and steps of the root zone file analyzer specified in the invention, it is found that the root zone file has been updated, and the root zone file analyzer will notify the root zone data buffer to delete all data including ".cn". At the same time, the root zone data buffer will resume learning.

DNS SOA记录介绍:Introduction to DNS SOA records:

在任何DNS区文件(Domain Name System(DNS)Zone file)中,都是以原始权威服务SOA(Start of Authority)记录开始。SOA资源记录表明此DNS服务器是该DNS域中的数据的信息的最佳来源。In any Domain Name System (DNS) Zone file, it starts with the original Authoritative Service (SOA) record. The SOA resource record indicates that this DNS server is the best source of information for the data in the DNS domain.

下面以一个DNS的SOA记录为例来说明其结构:Let's take a DNS SOA record as an example to illustrate its structure:

The SOA record is:The SOA record is:

Primary nameserver:ns51.domaincontrol.comPrimary nameserver: ns51.domaincontrol.com

HostmasterE-mail address:dns.jomax.netHostmasterE-mail address:dns.jomax.net

Serial#:2010123100Serial#:2010123100

Refresh:28800Refresh: 28800

Retry:7200Retry: 7200

Expire:604800 1 weeksExpire: 604800 1 week

Default TTL:86400Default TTL: 86400

源主机(Primary nameserver):Source host (Primary nameserver):

DNS记录文件所在的主机位置。The host location where the DNS log file is located.

联系邮箱(Hostmaster E-mail address):Contact email (Hostmaster E-mail address):

记录主机管理员的联系方式,其中第一个点表示的是@。Record the contact information of the host administrator, where the first point indicates @.

序列号(Serial):Serial number (Serial):

格式为yyyymmddnn,nn代表这一天是第几次修改。辅域名服务器通过比较这个序列号是否加载一份新的区数据拷贝。The format is yyyymmddnn, and nn means that this day is the first modification. The secondary domain name server loads a new copy of the zone data by comparing the serial number.

refresh(刷新):Refresh:

告诉该区的辅域名服务器相隔多久检查该区的数据是否是最新的。Tell the zone's secondary domain name servers how often the data in the zone is up to date.

retry(重试):Retry (retry):

如果辅域名服务器超过刷新间隔时间后无法访问主服务器,那么它就开始隔一段时间重试连接一次。这个时间通常比刷新时间短,但也不一定非要这样。If the secondary domain name server cannot access the primary server after the refresh interval, it starts to retry the connection once in a while. This time is usually shorter than the refresh time, but it does not have to be the case.

expire(过期或期满): Expire (expired or expired):

如果在期满时间内辅域名服务器还不能和主服务器连接上,辅域名服务器就使用这个我失效。这就意味着辅域名服务器将停止关于该区的回答,因为这些区数据太旧了,没有用了。设置时间要比刷新和重试时间长很多,以周为单位是较合理的。If the secondary domain name server is not connected to the primary server during the expiration time, the secondary domain name server will use this and I will be invalid. This means that the secondary domain name server will stop answering the area because the data in these areas is too old to be useful. The setup time is much longer than the refresh and retry time, which is more reasonable in weeks.

否定缓存TTL(生存期):Negative cache TTL (lifetime):

这个值对来自这个区的权威域名服务器的否定响应都适用。 This value applies to negative responses from authoritative domain name servers in this zone.

Claims (10)

一种优化DNS根服务访问的方法,其步骤为:A method for optimizing DNS root service access, the steps of which are: 6)在递归服务器中设置一根区数据缓存器;6) setting a zone data buffer in the recursive server; 7)当递归解析器需要从根域名服务器查询某一类型的顶级域名所对应的资源记录RR时,首先检查该递归解析器的设定缓存是否有相对应的资源记录RR,如果有则反馈包含该资源记录RR的查询结果,否则进行步骤3);7) When the recursive parser needs to query the resource record RR corresponding to a certain type of top-level domain name from the root domain name server, first check whether the recursive parser's setting cache has a corresponding resource record RR, and if so, the feedback includes The resource records the query result of the RR, otherwise step 3); 8)该递归服务器在该根区数据缓存器的数据缓存里检查该类型的顶级域名所对应的资源记录RR,如果找到相对应的资源记录RR,则反馈包含该资源记录RR的查询结果,否则进行步骤4);8) The recursive server checks the resource record RR corresponding to the type of the top-level domain name in the data buffer of the root zone data buffer, and if the corresponding resource record RR is found, the feedback includes the query result of the resource record RR, otherwise Go to step 4); 9)该递归服务器向根域名服务器查询该类型的顶级域名所对应的资源记录RR,如果找到对应的资源记录RR,则反馈包含该资源记录RR的查询结果;如果没找到相对应的资源记录RR,则反馈查询失败的查询结果;9) The recursive server queries the root domain name server for the resource record RR corresponding to the type of the top-level domain name. If the corresponding resource record RR is found, the feedback includes the query result of the resource record RR; if the corresponding resource record RR is not found, , the feedback result of the query failure is fed back; 10)对于包含该资源记录RR的查询结果,该递归解析器检查该查询结果对应的查询是否为DNSSEC查询,如果是,则对该查询结果进行DNSSEC检测,如果通过DNSSEC验证,则该递归解析器将查询该类型的顶级域得到的对应资源记录RR存储到该根区数据缓存器,如果没有通过DNSSEC验证,则不对查询结果在根区数据缓存器里进行缓存;如果查询结果对应的查询不是DNSSEC查询,则该递归解析器向根域名服务器发送一个查询该类型顶级域名所对应资源记录RR的DNSSEC查询,并对反馈结果进行DNSSEC验证,如果通过验证,则该递归解析器将查询该类型的顶级域得到的对应资源记录RR存储到该根区数据缓存器,否则不在该根区数据缓存器中缓存该查询结果。10) For the query result including the resource record RR, the recursive parser checks whether the query corresponding to the query result is a DNSSEC query, and if so, performs DNSSEC detection on the query result, and if verified by DNSSEC, the recursive parser The corresponding resource record RR obtained by querying the top-level domain of the type is stored in the root zone data buffer. If the DNSSEC verification is not performed, the query result is not cached in the root zone data buffer; if the query corresponding to the query result is not DNSSEC If the query is sent, the recursive parser sends a DNSSEC query to the root domain name server for querying the resource record RR corresponding to the type of the top-level domain name, and performs DNSSEC verification on the feedback result. If the verification is performed, the recursive parser queries the top level of the type. The corresponding resource record RR obtained by the domain is stored in the root zone data buffer, otherwise the query result is not cached in the root zone data buffer. 如权利要求1所述的方法,其特征在于,在DNS根服务系统中还设置一根区文件分析器;所述根区文件分析器对所述根区缓存器中的资源记录RR是否更新进行判断,其方法为:The method according to claim 1, wherein a zone file analyzer is further disposed in the DNS root service system; and the root zone file analyzer performs an update on the resource record RR in the root zone buffer. Judging, the method is: 24)所述根区文件分析器从根域名服务器查询获得SOA记录,然后设置所述根区数据缓存器的版本号为SOA记录的序列号,设置所述刷新定时器的值为SOA记录的过期值;24) The root zone file analyzer obtains the SOA record from the root domain name server query, and then sets the version number of the root zone data buffer to the serial number of the SOA record, and sets the value of the refresh timer to expire of the SOA record. value; 25)所述根区文件分析器从互联网数字分配机构获得根区文件,并对去除SOA记录及其数字签名记录RRSIG后的根区文件进行摘要操作,将获得的摘要值作为所述根区数据缓存器的指纹;25) The root zone file analyzer obtains a root zone file from the Internet digital distribution authority, and performs a digest operation on the root zone file after removing the SOA record and the digital signature record RRSIG, and uses the obtained digest value as the root zone data. The fingerprint of the buffer; 26)所述根区文件分析器定期查询根域名服务器的SOA记录,并比较根区数据缓存器的版本号与SOA的序列号是否一致,如果一致,则定期查询;如果不一致,则通知根 区数据缓存器停止对递归解析器进行响应,并且重新获取根区文件,并对去除SOA记录及其数字签名记录RRSIG后的根区文件进行摘要操作,然后将新生成的摘要值与根区数据缓存器的指纹进行比较;如果一致,则设置根区数据缓存器的版本号为当前获取的SOA的序列号,并且更新根区数据缓存器中的SOA,然后通知根区数据缓存器继续对递归解析器进行响应;如果不一致,则将根区数据缓存器中的所有数据丢弃,然后通知根区数据缓存器继续对递归解析器进行响应。26) The root zone file analyzer periodically queries the SOA record of the root domain name server, and compares the version number of the root zone data buffer with the serial number of the SOA. If they are consistent, the query is performed periodically; if not, the root is notified. The zone data buffer stops responding to the recursive parser and reacquires the root zone file, and performs a digest operation on the root zone file after removing the SOA record and its digital signature record RRSIG, and then the newly generated digest value and the root zone data. The fingerprint of the buffer is compared; if it is consistent, the version number of the root zone data buffer is set to the serial number of the currently acquired SOA, and the SOA in the root zone data buffer is updated, and then the root zone data buffer is notified to continue the recursion. The parser responds; if not, discards all data in the root zone data buffer and then notifies the root zone data buffer to continue responding to the recursive parser. 如权利要求1或2所述的方法,其特征在于,所述根区数据缓存器给每个新放入根区数据缓存器的资源记录RR设置一刷新定时器。The method according to claim 1 or 2, wherein said root zone data buffer sets a refresh timer for each resource record RR newly placed in the root zone data buffer. 如权利要求3所述的方法,其特征在于,所述根区数据缓存器中,每一资源记录RR的刷新计时器进行倒计时,同时资源记录RR的时间TTL会保留在原有的值;根区数据缓存器抛弃刷新定时器值过期的资源记录RR。The method according to claim 3, wherein in the root zone data buffer, a refresh timer of each resource record RR is counted down, and a time TTL of the resource record RR is retained at the original value; The data buffer discards the resource record RR whose refresh timer value has expired. 如权利要求2所述的方法,其特征在于,对于所述查询结果中包含的资源记录RR,递归服务器删除查询结果中这些资源记录RR的刷新定时器,并且将所述查询结果中的资源记录RR的TTL将开始倒计时。The method according to claim 2, wherein, for the resource record RR included in the query result, the recursive server deletes a refresh timer of the resource records RR in the query result, and records the resource in the query result The RR's TTL will start counting down. 如权利要求1或2所述的方法,其特征在于,所述根区文件分析器定期查询根域名服务器的SOA记录的时间间隔为SOA记录的刷新值或者DNS管理员设定的数值。The method according to claim 1 or 2, wherein the root zone file analyzer periodically queries the time interval of the SOA record of the root domain name server to be a refresh value of the SOA record or a value set by the DNS administrator. 一种优化DNS根服务访问的系统,其特征在于,包括递归解析器、根区数据缓存器以及根区文件分析器;其中,A system for optimizing DNS root service access, comprising: a recursive parser, a root zone data buffer, and a root zone file analyzer; wherein 递归解析器,负责DNS数据的解析和查找;当需要从根域名服务器查询某一类型的顶级域名所对应的资源记录RR时,首先检查该递归解析器的设定缓存是否有相对应的资源记录RR,如果有则反馈包含该资源记录RR的查询结果;否则该递归服务器在该根区数据缓存器的数据缓存里检查该类型的顶级域名所对应的资源记录RR,如果找到相对应的资源记录RR,则反馈包含该资源记录RR的查询结果;否则该递归服务器向根域名服务器查询该类型的顶级域名所对应的资源记录RR,如果找到对应的资源记录RR,则反馈包含该资源记录RR的查询结果;如果没找到相对应的资源记录RR,则反馈查询失败的查询结果;并且对于包含该资源记录RR的查询结果,如果是DNSSEC查询,则对该查询结果进行DNSSEC验证;如果通过DNSSEC验证,则该递归解析器将查询该类型的顶级域得到的对应资源记录RR存储到该根区数据缓存器,如果没有通过DNSSEC验证,则不对查询结果在根区数据缓存器里进行缓存;如果查询结果对应的查询不是DNSSEC查询,则该递归解析器向根域名服务器发送一个查询该类型同一个顶级域名所对应资源 记录RR的DNSSEC查询,并对反馈结果进行DNSSEC验证,如果通过验证,则该递归解析器将查询该类型的顶级域得到的对应资源记录RR存储到该根区数据缓存器,否则不在该根区数据缓存器中缓存该查询结果;The recursive parser is responsible for parsing and searching DNS data. When it is required to query the resource record RR corresponding to a certain type of top-level domain name from the root domain name server, first check whether the recursive parser's setting cache has a corresponding resource record. RR, if yes, the feedback includes the query result of the resource record RR; otherwise, the recursive server checks the resource record RR corresponding to the type of the top-level domain name in the data buffer of the root zone data buffer, and if the corresponding resource record is found The RR, the feedback includes the query result of the resource record RR; otherwise, the recursive server queries the root domain name server for the resource record RR corresponding to the type of the top-level domain name, and if the corresponding resource record RR is found, the feedback includes the resource record RR. The result of the query; if the corresponding resource record RR is not found, the query result of the query failure is fed back; and for the query result including the resource record RR, if it is a DNSSEC query, the query result is DNSSEC verified; if verified by DNSSEC , the recursive parser will query the corresponding resources obtained by the top-level domain of the type The source record RR is stored in the root zone data buffer. If the DNSSEC is not verified, the query result is not cached in the root zone data buffer; if the query corresponding to the query result is not a DNSSEC query, the recursive resolver goes to the root domain name. The server sends a query for the resource corresponding to the same top-level domain name. Recording the DNSSEC query of the RR and performing DNSSEC verification on the feedback result. If the verification is successful, the recursive parser stores the corresponding resource record RR obtained by querying the top-level domain of the type into the root zone data buffer, otherwise the root zone is not in the root zone. The query result is cached in the data buffer; 根区数据缓存器,负责储存递归解析器从根域名服务器查询顶级域名TLD获得的并且递归服务器进行DNSSEC验证通过的顶级域对应的资源记录RR;The root zone data buffer is responsible for storing the resource record RR corresponding to the top-level domain obtained by the recursive parser from the root domain name server querying the top-level domain name TLD and the recursive server performing DNSSEC verification; 根区文件分析器,负责分析根区文件是否进行了更新,如果进行了更新,则通知根区数据缓存器清空所缓存数据。The root zone file parser is responsible for analyzing whether the root zone file has been updated. If an update is made, the root zone data buffer is notified to clear the cached data. 如权利要求7所述的系统,其特征在于,所述根区数据缓存器设有三个参数:版本号、指纹和刷新定时器;其中,版本号为从根域名服务器查询获得的SOA记录的序列号,刷新定时器的值为SOA记录的过期值,指纹为去除SOA记录及其数字签名记录RRSIG后的根区文件的摘要值。The system according to claim 7, wherein said root zone data buffer is provided with three parameters: a version number, a fingerprint, and a refresh timer; wherein the version number is a sequence of SOA records obtained from a query of the root domain name server. No. The refresh timer value is the expiration value of the SOA record, and the fingerprint is the digest value of the root zone file after removing the SOA record and its digital signature record RRSIG. 如权利要求8所述的系统,其特征在于,所述根区数据缓存器中,每一资源记录RR的刷新计时器进行倒计时,同时资源记录RR的时间TTL会保留在原有的值;根区数据缓存器抛弃刷新定时器值过期的资源记录RR。The system according to claim 8, wherein in the root zone data buffer, a refresh timer of each resource record RR is counted down, and a time TTL of the resource record RR is retained at an original value; The data buffer discards the resource record RR whose refresh timer value has expired. 如权利要求7或8或9所述的系统,其特征在于,对于所述查询结果中包含的资源记录RR,递归服务器删除查询结果中这些资源记录RR的刷新定时器,并且将所述查询结果中的资源记录RR的TTL开始倒计时。 The system according to claim 7 or 8 or 9, wherein, for the resource record RR included in the query result, the recursive server deletes a refresh timer of the resource records RR in the query result, and the query result is The TTL of the resource record RR starts counting down.
PCT/CN2015/098472 2015-09-25 2015-12-23 Method and system for optimizing dns root service access Ceased WO2017049789A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510623169.7 2015-09-25
CN201510623169.7A CN105245631B (en) 2015-09-25 2015-09-25 A kind of method and system of optimization DNS root service access

Publications (1)

Publication Number Publication Date
WO2017049789A1 true WO2017049789A1 (en) 2017-03-30

Family

ID=55043128

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/098472 Ceased WO2017049789A1 (en) 2015-09-25 2015-12-23 Method and system for optimizing dns root service access

Country Status (2)

Country Link
CN (1) CN105245631B (en)
WO (1) WO2017049789A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115695275A (en) * 2022-12-30 2023-02-03 鹏城实验室 Root zone record monitoring method, system and equipment and readable storage medium
CN118631782A (en) * 2024-07-03 2024-09-10 中国电信股份有限公司 A method, device and equipment for domain name resolution

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108536603B (en) * 2018-04-16 2021-03-02 哈尔滨工业大学 An automated testing method for web browser behavior for new top-level domains
CN112655186B (en) * 2018-09-12 2021-10-22 华为技术有限公司 Trusted DNS resolution device and method
CN110049049B (en) * 2019-04-22 2021-05-11 中国互联网络信息中心 A method and device for verifying data in DNS area
CN111464668A (en) * 2020-03-27 2020-07-28 北京云端智度科技有限公司 Fast and safe domain name resolution method
CN111885212B (en) * 2020-06-03 2023-05-30 山东伏羲智库互联网研究院 Domain name storage method and device
CN113067836B (en) * 2021-04-20 2022-04-19 哈尔滨工业大学 Intelligent contract system based on decentralized DNS root zone management

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1756263A (en) * 2004-09-27 2006-04-05 上海贝尔阿尔卡特股份有限公司 Domain name analytic method, domain name server and domain name system
US8468247B1 (en) * 2010-09-28 2013-06-18 Amazon Technologies, Inc. Point of presence management in request routing

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102882791A (en) * 2012-10-30 2013-01-16 杭州迪普科技有限公司 Method and device for processing DNS (Domain Name Server) business
CN104378452B (en) * 2013-08-14 2019-02-15 阿里巴巴集团控股有限公司 Method, device and system for domain name resolution
CN103957285B (en) * 2014-04-18 2015-09-09 北京奇虎科技有限公司 Method and system for providing root domain name resolution service
CN103973835A (en) * 2014-05-16 2014-08-06 北京金山网络科技有限公司 Domain name system server selection method and device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1756263A (en) * 2004-09-27 2006-04-05 上海贝尔阿尔卡特股份有限公司 Domain name analytic method, domain name server and domain name system
US8468247B1 (en) * 2010-09-28 2013-06-18 Amazon Technologies, Inc. Point of presence management in request routing

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SURANJITH ARIYAPPERUMA ET AL.: "Security Vulnerabilities in DNS and DNSSEC", AVAILABILITY, RELIABILITY AND SECURITY, 2007. ARES 2007. THE SECOND IN TERNATIONAL CONFERENCE ON, IEEE., April 2007 (2007-04-01), pages 335 - 342, XP031079603 *
W. KUMARI ET AL.: "Decreasing Access Time to Root Servers by running one on loopback draft-ietf-dnsop-root-lookback-04", RFC7706, 14 September 2015 (2015-09-14), pages 1 - 11, XP015108395 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115695275A (en) * 2022-12-30 2023-02-03 鹏城实验室 Root zone record monitoring method, system and equipment and readable storage medium
CN118631782A (en) * 2024-07-03 2024-09-10 中国电信股份有限公司 A method, device and equipment for domain name resolution

Also Published As

Publication number Publication date
CN105245631B (en) 2018-10-26
CN105245631A (en) 2016-01-13

Similar Documents

Publication Publication Date Title
WO2017049789A1 (en) Method and system for optimizing dns root service access
US20230216884A1 (en) Method for minimizing the risk and exposure duration of improper or hijacked dns records
US11025482B2 (en) Resilient domain name service (DNS) resolution when an authoritative name server is degraded
CN104396220B (en) Method and apparatus for secure content retrieval
US8676989B2 (en) Robust domain name resolution
US8549581B1 (en) Distributed network security system deploying guard tables
CN106331212B (en) A kind of domain name analytic method and system resident based on DNS cache
US8793355B2 (en) Techniques for directory data resolution
CN112261172A (en) Service addressing access method, device, system, equipment and medium
CN103957239A (en) DNS cache information processing method, device and system
CN105791273A (en) Web vulnerability scanning system
CN102624716B (en) Prevention method and device for domain name system (DNS) denial of service
CN101488965A (en) Domain name filtering system and method
CN108111639A (en) A kind of method and system for improving domain name system availability
Lentz et al. D-mystifying the D-root Address Change
CN115913583B (en) Business data access method, device and equipment and computer storage medium
CN114785555A (en) Protection method and system for coping DDoS attack
CN111182059B (en) Query analysis method for domain name cache updating
EP3800833A1 (en) Deep packet inspection application classification systems and methods
JP2015076892A (en) Characterization of domain names based on changes in authoritative name servers
WO2023040070A1 (en) Method and apparatus for detecting domain name takeover vulnerability
CN105516383B (en) A Novel DNS Recursive Server Caching Method and System
US8161558B2 (en) Network management and administration
CN112118325A (en) DNS analysis processing method, device, analysis server and storage medium
CN115150469A (en) Storage method and device for domain name resolution result, electronic equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15904664

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 02/07/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 15904664

Country of ref document: EP

Kind code of ref document: A1