DoS (Denial of Service) and DDoS (Distributed Denial of service) attack resisting method of DNS recursive server

Abstract

The invention relates to a DoS and DDoS attack resisting method and device of a DNS recursive server. The method comprises monitoring the current concurrent recursive request quantity of the recursive server in real time, and when the recursive request quantity is continuously larger than the designated multiples of the maximum concurrent recursive query total volume that the recursive service can process within a specific time period, starting the response mechanism of a common DNS cache for prefetching and limiting the concurrent recursive query quantity when the specific time period times out. According to the DoS and DDoS attack resisting method of the DNS recursive server, by monitoring the current concurrent recursive request quantity of the recursive server in real time and starting the response mechanism at the appropriate time, the cache hit rate of DNS query can be improved, queries issued by the recursive server to other DNSs can be inhibited, so that server resources and network bandwidth which are occupied during DoS and DDoS attacks can be reduced, so that normal response to analysis requests of legitimate users can be guaranteed to the maximum extent, and safe operation of a DNS system can be maintained.

Description

technical field [0001] The invention belongs to the technical field of the Internet, and more specifically relates to a method for a DNS recursive server to resist DoS and DDoS attacks. Background technique [0002] In the domain name query system, the user (resolver) sends a certain domain name resolution request to the recursive server. The recursive server first checks whether there is a resolution result of the domain name from its own cache (Cache). If there is (that is, a Cache hit), it will directly return the result to the user; if not, it will initiate a query to the DNS authoritative server (that is, a recursive query ) to get the answer, save the answer in the Cache, and then return the final query result to the user. [0003] Such as figure 1 The flow chart of the domain name query is shown. In the case of a cache hit, only the "Q1+Q2+A2+A1" process shown in the figure needs to be executed, and the whole process takes less than 1ms; the recursive domain name qu...

AI Technical Summary

Problems solved by technology

[0009] 2) The domain name cache hit rate of the query will be greatly reduced, and a large number of domain name resolution requests need to be completed recursively

In the case of DoS and DDoS attacks, because a large number of query domain names initiated by attackers are artificially forged and highly random, most of these domain names will not be hit in the cache of the recursive server. According to the existing Recursive query mechanism, the recursive server has to initiate domain name queries to other domain name servers, so that the amount of concurrent recursive requests M of the recursive server increases significantly, consumes a large amount of target recursive server and network resources, and even causes more serious damage to achieve the purpose of the attack

[0010] As a result, DoS and DDoS attacks will cause network congestion and a large amount of recursive server resources will be occupied, and recursive servers flooded by DoS and DDoS attacks will lose data packets and cannot reply to all DNS requests, resulting in paralysis of domain name resolution services and affecting legitimate users. DNS resolution query

Images