A method for defending domain name resolution server information leakage

A technology of server information and domain name resolution, which is applied in the field of defense against domain name resolution server information leakage, can solve problems such as security check errors, domain name resolution server loss of reverse query, Internet service loss, etc., to achieve easy implementation and defense of domain name resolution server information leakage Effect

Active Publication Date: 2021-11-12
SUN YAT SEN UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Most domain name resolution server administrators cannot discover and prevent this information leakage through traffic analysis
[0005] 2. Castration of the reverse query function of the domain name resolution server prevents some Internet hosts from obtaining Internet services normally
RFC1912 pointed out that if the PTR record of any specific Internet host does not match the A record, the inconsistency will result in the loss of some Internet services of the host, just like the host is not registered in DNS
Pointing PTR to the local machine or blank may cause security check errors, resulting in invalid DNS domain name resource records for some Internet services
[0006] 3. Castrate the reverse query function of the domain name resolution server, so that the domain name resolution server loses the reverse query function and damages the functional integrity of the server

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for defending domain name resolution server information leakage
  • A method for defending domain name resolution server information leakage
  • A method for defending domain name resolution server information leakage

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] see figure 1 , in order to solve the problems of the technologies described above, the technical solution of the present invention is as follows:

[0034] A method for defending domain name resolution server information leakage, comprising the following steps:

[0035] S1. Select the corresponding defense scheme according to the security level required by the LAN and the resources of the LAN (resources that can be used for domain name resolution server deployment)

[0036] S2. According to the defense scheme selected in step S1, isolate the internal domain name resource records (RRs) and external domain name resource records;

[0037] S3. According to the defense scheme selected in step S1, targeted screening of domain name resolution server response objects (IP addresses).

Embodiment 2

[0039] A method for defending domain name resolution server information leakage provided in this embodiment is consistent with Embodiment 1, and only further limits each step, including the following steps:

[0040] S1. Select the corresponding defense scheme according to the security requirements of the LAN and the resources of the LAN

[0041] S2. According to the defense scheme selected in step S1, isolate the internal domain name resource records (RRs) and external domain name resource records;

[0042] S3. According to the defense scheme selected in step S1, targeted screening of domain name resolution server response objects (IP addresses).

[0043] In a preferred solution, the specific steps of S1 are as follows:

[0044] S11. Determine the degree of security protection required by the LAN. The reference indicators include: the importance of the internal facilities of the LAN, and the overall security requirements of the LAN;

[0045] S12. Statistical ta...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a method for defending domain name resolution server information leakage, comprising the following steps: S1. Select a corresponding defense scheme according to the security degree required by the local area network and the resources of the local area network; S2. Isolate the internal domain name resources according to the defense scheme selected in step S1 Records and external domain name resource records; S3. According to the defense scheme selected in step S1, targeted screening of domain name resolution server response objects. The purpose of the present invention is to strive to ensure the data security and functional integrity of the domain name resolution server, provide a method for preventing domain name resolution server information leakage that takes into account both security and functional integrity, and improve domain name resolution under the premise of ensuring that the domain name resolution server is fully functional. Server Security.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for defending domain name resolution server information leakage based on a reverse query local area network reserved IP address. Background technique [0002] Currently, there are two defense methods for LAN administrators against information leakage of non-intrusive domain name resolution servers. 1. Manually analyze the traffic of the domain name resolution server, for example: check whether there are a large number of domain name query traffic of domain name resource records of request-sensitive types (for example: TXT, LOC, SSHFP, HINFO), check the domain name resource records of request-sensitive types Whether the objects are the same (or have strong association); 2. Castrate some functions of the domain name resolution server, for example: point the PTR type domain name resource records to the local 127.0.0.1 / localhost, or point to the blank bogon / <ro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1441H04L61/4511
Inventor 金舒原罗穗
Owner SUN YAT SEN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap