Security protection method and device for domain name system (DNS) and DNS

A security protection and DNS server technology, applied in the field of communication, can solve the problems of single anti-DDoS protection and poor security protection, and achieve the effect of avoiding manslaughter and improving the response rate and efficiency.

Active Publication Date: 2017-07-14
CHINA MOBILE GRP FUJIAN CO LTD
View PDF4 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] In view of this, the embodiment of the present invention expects to provide a DNS security protection method, device and DNS, setting a security protection strategy on at least one designated node, at least partially solving the security protection caused by the single anti-DDoS protection of DNS in the prior art sex problem

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security protection method and device for domain name system (DNS) and DNS
  • Security protection method and device for domain name system (DNS) and DNS
  • Security protection method and device for domain name system (DNS) and DNS

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0081] Such as figure 1 As shown, this embodiment provides a domain name system DNS security protection method, the method includes:

[0082] Step S110: Set a security protection strategy on at least one designated node of the DNS;

[0083] Step S120: Perform attack identification and / or filtering based on the security protection strategy.

[0084] At least one designated node of the DNS in this embodiment, where the designated node is a constituent node of the DNS. DNS usually includes DNS servers, network access nodes that access the DNS server, user access nodes, firewalls, and other nodes.

[0085] In this embodiment, a corresponding security protection policy is set on at least one designated node of the DNS, so that the designated node will perform attack identification and / or attack filtering based on the security protection policy to improve security. For example, by setting up security protection strategies on 2 or more nodes, not only can there be special attack detection n...

Embodiment 2

[0111] Such as image 3 As shown, this embodiment provides a domain name system DNS security protection device, which includes:

[0112] The configuration unit 110 is configured to set a security protection strategy on at least one designated node of the DNS;

[0113] The protection unit 120 is configured to perform attack identification and / or filtering based on the security protection strategy.

[0114] The device in this embodiment may be a DNS device that can configure information for each node in the DNS and control these nodes for security protection.

[0115] In this embodiment, the configuration unit 110 and the protection unit 120 can each correspond to a processor or a processing circuit, and the processing can include information processing such as a central processing unit, a digital signal processor, a microprocessor, or a programmable array. structure. The processing circuit may include an application specific integrated circuit or the like. The configuration unit 110 ...

example 1

[0118] Example 1: The configuration unit 110 is specifically configured to set a first protection strategy on the access node of the external network; the protection unit 120 is specifically configured to allow the DNS server response to carry a legal external network based on the first protection policy Protocols DNS requests for IP addresses, and prohibits the DNS server from responding to DNS requests that carry illegal external network IP addresses; wherein, the legal IP address is an external network IP address that has passed security confirmation in advance. In this embodiment, by setting a protection strategy on the access nodes of the external network, the access nodes of the external network are used to filter or identify attacks from the external network.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a security protection method and device for a domain name system (DNS) and the DNS. The security protection method for the DNS comprises the following steps: setting a security protection strategy on at least one specified node of the DNS; and performing attack identification and / or filtering based on the security protection strategy.

Description

Technical field [0001] The present invention relates to the field of communications, in particular to a domain name system (Domain Name System, DNS) security protection method, device and DNS. Background technique [0002] DNS is a distributed database on the Internet that maps domain names and IP addresses to each other, enabling clients to access the Internet more conveniently without having to remember the Internet Protocol (IP) strings that can be directly read by machines. Through the host name, the process of finally obtaining the IP address corresponding to the host name is called domain name resolution. The DNS protocol runs on top of the UDP protocol and uses port number 53. [0003] With the rapid development of Internet services, especially mobile Internet services, the Internet has penetrated into all aspects of social life, and people cannot do without the Internet for a minute. DNS is the basic service of the Internet. Almost all applications rely on DNS. If you con...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/0227H04L63/1425H04L63/1458H04L61/4511
Inventor 陈灿杨慰民陈建荣程琦
Owner CHINA MOBILE GRP FUJIAN CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap