Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for recognizing and defending against DNS SERVFAIL attack

A technology of level and identification, applied in electrical components, transmission systems, etc., can solve problems such as legitimate domain name query failures

Active Publication Date: 2016-01-13
INTERNET DOMAIN NAME SYST BEIJING ENG RES CENT
View PDF4 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The present invention provides a method and device for identifying and defending against DNSSERVFAIL attacks, which are used to solve the problem in the prior art that the legal domain name query of some areas with a large number of visits fails due to the use of static speed limit methods

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for recognizing and defending against DNS SERVFAIL attack
  • Method and device for recognizing and defending against DNS SERVFAIL attack
  • Method and device for recognizing and defending against DNS SERVFAIL attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0038] figure 1 It is a schematic flowchart of Embodiment 1 of the method for identifying and defending against DNSSERVFAIL attacks provided by the present invention. The execution subject of the method is a recursive server, such as figure 1 As shown, the method includes:

[0039] S101. Receive a domain name query request sent by a client, where the domain name query request carries a domain name to be queried and an identifier of a zone to which the domain ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and a device for recognizing and defending against a DNS SERVFAIL attack. The method comprises the steps as follows: receiving a domain name query request transmitted by a client, wherein the domain name query request carries a domain name to be queried and an identifier of a region to which the domain name belongs; obtaining a rank corresponding to the region to which the domain name belongs according to the domain name query request; obtaining a query permission of the region to which the domain name belongs according to the rank, querying the domain name according to the query permission, and updating a rank count of the region to which the domain name belongs according to the query result. The method adjusts the rank of the region to which the domain name belongs when the rank count reaches a certain value to change a query resource possessed by the region to which the domain name belongs so as to dynamically distribute the query resource for the region to which the domain name belongs according to historical query results of the region to which the domain name belongs, which not only ensures that the queries of legal domain names of some legal regions could be guaranteed, but also intercepts the queries of illegal domain names of some illegal regions.

Description

technical field [0001] The invention relates to domain name query technology, in particular to a method and device for identifying and defending DNSSERVFAIL attacks. Background technique [0002] The recursive server is used for recursive query during domain name query, and the recursive server will occupy a lot of system resources when performing recursive query. Therefore, the recursive server usually relies on the cache mechanism to avoid intensive recursive query as much as possible. And when the remote server requested by the recursive server does not respond, the recursive server cannot determine whether there is a problem with the remote server, so the recursive server will keep a certain waiting time and perform a certain number of retries, and will not respond to unresponsive The results are cached. Domain Name System Service Fail (DNSSERVFAIL for short) attack is to use the processing mechanism of the above recursive server, use one or more problematic remote serv...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/12H04L29/06
CPCH04L63/1466H04L61/4511
Inventor 陈超郄少杰张绍峰吴琦毛伟邢志杰
Owner INTERNET DOMAIN NAME SYST BEIJING ENG RES CENT