Unlock instant, AI-driven research and patent intelligence for your innovation.
Domain takeover vulnerability detection method and device
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A detection method and vulnerability detection technology, applied in the Internet field, can solve problems such as domain name takeover vulnerabilities, DNS resolution authority takeover, etc.
Active Publication Date: 2021-12-24
WUHAN GREENET INFORMATION SERVICE
View PDF5 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
When using a third-party DNS resolution service, DNS records will be stored on the third-party platform, and these DNS records form a record file, which is called a DNS Zone file; when the user no longer uses the third-party DNS resolution service, the third-party The platform will delete the DNS Zone file corresponding to this domain name. If the NS record of the target domain name is not updated in time at this time, a domain name takeover vulnerability will occur, resulting in the DNS resolution authority of the entire domain of the target domain name being taken over.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0060] Embodiment 1 of the present invention provides a detection method for a domain name takeover vulnerability, such as figure 2 shown, including:
[0061] In step 201, query the recursive resolution server for the DNS A record of the target domain name.
[0062] In step 202, the DNS response message is obtained, and when it is checked that the DNS response status code is SERVFAIL, the DNS A record of the target domain name is inquired from the NS server.
[0063] Wherein, the status code is SERVFAIL, indicating one or more of the recursive analysis server being unable to network, DNSSEC verification failing, NS server being unreachable, and NS server having no DNS ZONE file corresponding to the domain name.
[0064] In step 203, obtain the result of querying the DNS A record of the target domain name returned by the first NS server, record the first NS server as NS_1; record the domain that the NS_1 server is responsible for as DOMAIN_1; record the first NS server as DOM...
Embodiment 2
[0080] Based on the solution proposed in Embodiment 1, the embodiment of the present invention gathers several possible domain name takeover vulnerabilities into a complete analysis logic for presentation from a relatively complete analysis logic, as shown in image 3 shown, including the following steps:
[0081] Step S101, querying the recursive resolution server for the DNS A record of the target domain name;
[0082] The recursive resolution server here refers to DNS Resolver, such as the public 114.114.114.114, Google's 8.8.8.8, or the default DNS resolution servers provided by major operators.
[0083] Here we need to clarify the concepts and nouns. Although the DNS server we usually configure for computers on the Internet is also called "DNS server", strictly speaking, this name is wrong. According to the DNS specification, it should be called a recursive resolution server ( Or called DNS Resolver), and the authoritative domain name server in the DNS system is called D...
Embodiment 3
[0111] Such as Figure 5 As shown in FIG. 2 , it is a schematic structural diagram of a detection device for a domain name takeover vulnerability according to an embodiment of the present invention. The device for detecting a domain name takeover vulnerability in this embodiment includes one or more processors 21 and a memory 22 . in, Figure 5 A processor 21 is taken as an example.
[0112] Processor 21 and memory 22 can be connected by bus or other means, Figure 5 Take connection via bus as an example.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The invention relates to the technical field of Internet, and provides a domain takeover vulnerability detection method and device. The method comprises the following steps: querying a target domain DNS A record from a recursive resolution server; obtaining a response message of a DNS, and querying the target domain DNS A record from an NS when checking that a DNS response status code is SERVFAIL; and querying a DNS NS record of a DOMAIN_1 from an NS_1, comparing the obtained DNS NS record with the NS_1, and if the obtained DNS NS record is not matched with the NS_1, determining that a domain takeover vulnerability exists. According to the invention, the problem of the domain takeover vulnerability is analyzed through respective data maintenance characteristics of the current-level NS and the superior NS of the current-level NS server under the condition that resolution of the target domain DNS A record fails.
Description
【Technical field】 [0001] The invention relates to the technical field of the Internet, in particular to a method and device for detecting domain name takeover vulnerabilities. 【Background technique】 [0002] With the continuous development and maturity of cloud computing technology, various network facilities are gradually migrating to the cloud, and the traditional network architecture has undergone tremendous changes. Under the traditional technical framework, if a company wants to deploy a website, it often needs to purchase domain names, configure DNS resolution, purchase IP addresses or network space services. If the website needs data storage, it needs to build database services by itself. A large number of concurrent accesses requires a load balancing or CDN network. Now, with the development of virtualization technology, cloud computing companies provide a variety of services, covering almost all application scenarios. For example, Amazon Cloud Computing provides cl...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More