CN114374669A - VPN client proxy DNS analysis method and system - Google Patents
VPN client proxy DNS analysis method and system Download PDFInfo
- Publication number
- CN114374669A CN114374669A CN202210026279.5A CN202210026279A CN114374669A CN 114374669 A CN114374669 A CN 114374669A CN 202210026279 A CN202210026279 A CN 202210026279A CN 114374669 A CN114374669 A CN 114374669A
- Authority
- CN
- China
- Prior art keywords
- dns
- response message
- response
- vpn
- received
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004458 analytical method Methods 0.000 title claims description 10
- 230000004044 response Effects 0.000 claims abstract description 192
- 238000000034 method Methods 0.000 claims abstract description 38
- 238000001514 detection method Methods 0.000 claims description 4
- 238000011084 recovery Methods 0.000 claims description 2
- 230000000977 initiatory effect Effects 0.000 abstract description 3
- 230000007246 mechanism Effects 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 10
- 238000007796 conventional method Methods 0.000 description 5
- 235000008694 Humulus lupulus Nutrition 0.000 description 2
- 239000003795 chemical substances by application Substances 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003139 buffering effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000005215 recombination Methods 0.000 description 1
- 230000006798 recombination Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present disclosure relates to a VPN client proxy DNS resolution method and system. The method comprises the following steps: receiving a DNS query request; forwarding the DNS query request to a user side DNS server and a VPN side DNS server; analyzing DNS inquiry response messages from the user side DNS server and the VPN side DNS server; and adopting the first received and error-free inquiry response message to reply. The problem of wrong access to VPN intranet resources caused by a DNS server preference mechanism of an operating system can be avoided, and the access to public network domain names is not influenced. In addition, under the condition of simultaneously initiating the DNS request, generally for a public network domain name and a user side network private domain name, the user side DNS server is fast in resolution, the problem of the proximity of cross operators and a CDN is solved, a VPN agent can preferentially return a DNS resolution result to an application program, a user can quickly access the network, and the user internet experience is improved.
Description
Technical Field
The present disclosure relates to the field of VPN technologies, and in particular, to a method and a system for analyzing a VPN client proxy DNS.
Background
A DNS server is built in an office network of a general user, a host carries out DNS domain name resolution by configuring an internal network DNS address and a public network DNS, so that when the internal network DNS server goes wrong, the public network DNS server is adopted for resolution, and the internal network DNS server can resolve a private domain name and a public network domain name of a client network.
When a user uses a VPN, because part of VPN resources are issued in a domain name mode, a DNS server at a user side of an original network of the user cannot analyze the VPN domain name resources, and the domain name of the VPN resources requires to be analyzed by the DNS server at the VPN server side. The public domain name can be resolved through a DNS server at the VPN server side, or through a DNS server at the original network user side of the client, but the private domain name in the client needs to be resolved through the DNS server at the original network user side.
When the VPN is used, the domain name of the internal network requires VPN DNS resolution, and the domain name of the public network requires public network DNS resolution. In part of operating systems, the priority of the network card can be modified by conventional methods such as modifying a registry and the number of network card hops, so that the DNS request is preferentially analyzed by using an intranet DNS server. However, part of the operating systems cannot modify the network card priority by using a conventional method, and after the VPN is normally connected, the public network DNS priority is higher than the VPN DNS priority, so that the intranet domain name is resolved into a public network address or cannot be resolved, and thus, a user cannot correctly access the intranet domain name.
The existing VPN can not modify the network card priority by using a conventional method, and after the VPN is normally connected, the priority of an original network DNS server is higher than that of a DNS server at the side of the VPN server, so that the domain name of a VPN resource is resolved into a public network address or cannot be resolved, and a user can not correctly access the VPN resource. If the VPN side DNS server does not support the resolution of the public network domain name, after the VPN side DNS server fails in resolution, the original network DNS server is used for resolution, the domain name is resolved twice, the resolution speed is low, and the user experience is seriously influenced. If the DNS server at the VPN side supports the resolution of the public network domain name, the geographic positions of the user and the DNS server measured by the VPN are different, so that the resolved IP has the problems of operator crossing, CDN proximity and the like.
Therefore, a method and a system for analyzing a VPN client proxy DNS without modifying the network card priority are needed.
Disclosure of Invention
In view of the above, the present disclosure provides a method and system for DNS resolution by a VPN client. According to an aspect of the present disclosure, a VPN client proxy DNS resolution method is provided, where the method includes: receiving a DNS query request; forwarding the DNS query request to a user side DNS server and a VPN side DNS server; analyzing DNS inquiry response messages from the user side DNS server and the VPN side DNS server; and adopting the first received and error-free inquiry response message to reply.
According to the VPN client proxy DNS analysis method, if the first received query response message is not error-free, the query response message is cached; determining response overtime when other query response messages are not received after a preset time after a non-error query response message is received for the first time and the query response message is cached; and responding by adopting the cached inquiry response message.
According to the VPN client proxy DNS analysis method disclosed by the invention, if the received response messages are not error-free, the last received query response message is adopted for responding.
According to the VPN client proxy DNS analysis method, if the inquiry response message is not received in the preset time period, no response is carried out.
According to the VPN client proxy DNS analysis method disclosed by the invention, the cache space is released after the response is carried out by adopting the cached inquiry response message.
According to another aspect of the present disclosure, there is also provided a VPN client system, including: a receive request component for receiving a DNS query request; the forwarding component is used for forwarding the DNS query request to a user side DNS server and a VPN side DNS server; the analysis component is used for analyzing the query response messages from the user side DNS server and the VPN side DNS server; and the response component is used for responding by adopting the first received and error-free query response message.
The VPN client proxy DNS resolution system according to the present disclosure further includes: the cache component is used for caching the query response message if the response message received for the first time is not error-free; the overtime detection component is used for determining response overtime when other query response messages are not received after a preset time after a non-error query response message is received for the first time and the query response message is cached; and the response component is also used for responding by adopting the cached inquiry response message.
According to the VPN client proxy DNS analysis system disclosed by the invention, the response component adopts the last received query response message to respond when the received response messages are not error-free.
According to the VPN client proxy DNS analysis system disclosed by the invention, when the response component does not receive the query response message within the preset time period, no response is carried out.
The VPN client proxy DNS resolution system according to the present disclosure further includes: and the recovery resource component is used for releasing the cache space after the cached inquiry response message is adopted for response.
In summary, by using the method and system for proxy DNS resolution of the VPN client, the network card priority is not required to be set, and the local port is monitored by the VPN client, all DNS query requests of the local machine are proxied, and DNS request resolution is completed. Specifically, when a user side initiates a DNS query request, a VPN client side receives a DNS request message, analyzes the request message, proxies the DNS client side to simultaneously forward the DNS query request to a DNS server at a VPN server side and a DNS server at a user side, and feeds back a correct response message which arrives firstly to the DNS client side through analyzing the response message, so that the error of accessing VPN intranet resources caused by a DNS server preference mechanism of part of operating systems is avoided, and the access of public network domain names is not influenced. In addition, under the condition of simultaneously initiating the DNS request, generally for a public network domain name and a user side network private domain name, the user side DNS server is fast in resolution, the problem of the proximity of cross operators and a CDN is solved, a VPN agent can preferentially return a DNS resolution result to an application program, a user can quickly access the network, and the user internet experience is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are merely some embodiments of the present disclosure, and other drawings may be derived from those drawings by those of ordinary skill in the art without inventive effort.
Fig. 1 is a schematic diagram illustrating an application example of the VPN client proxy DNS resolution method and system according to the embodiment of the present disclosure.
Fig. 2 is a flow chart illustrating a VPN client proxy DNS resolution method according to an embodiment of the present disclosure.
Fig. 3 is a schematic structural diagram of a DNS message used in the embodiment of the present disclosure.
Fig. 4 is a schematic diagram illustrating a flag field in a DNS message used in an embodiment of the present disclosure.
Fig. 5 is a schematic diagram illustrating a response process of the VPN client proxy DNS resolution method according to the embodiment of the present disclosure.
Fig. 6 is a schematic diagram illustrating a VPN client according to an embodiment of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, systems, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the present disclosure.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It is to be understood by those skilled in the art that the drawings are merely schematic representations of exemplary embodiments, and that the blocks or processes shown in the drawings are not necessarily required to practice the present disclosure and are, therefore, not intended to limit the scope of the present disclosure.
Fig. 1 is a schematic diagram illustrating an application example of the VPN client proxy DNS resolution method and system according to the embodiment of the present disclosure. As shown in fig. 1, in an application environment of VPN (virtual private network), since part of VPN resources are published in the form of domain names, a user accessing these resources needs to access a DNS (domain name system) server on the VPN side to resolve the VPN resource domain name. Accessing resources on the public network and the private network within the user requires accessing a DNS server on the user side of the original network to resolve the public network domain name and the private network domain name.
The domain name of the VPN resource requires to be resolved by a DNS server at the VPN side, and the DNS server at the user side cannot resolve. The public network domain name can be resolved through a VPN side DNS server, and also can be resolved through a user side DNS server, but the user private network domain name needs to be resolved through the user side DNS server. When the host is configured with the DNS server, an address of a VPN side DNS server and an address of a public network DNS server are configured, so that when the VPN side DNS server has a problem, the public network DNS server is adopted for resolution.
When the VPN is used, the domain name of the internal network requires VPN DNS resolution, and the domain name of the public network requires public network DNS resolution. Therefore, in some VPN environments, people usually modify the priority of the network card by modifying a registry, network card hops, and other conventional methods, so as to implement resolution of the DNS request by preferentially using the intranet DNS server. The conventional method is difficult to modify the network card priority, and after the VPN is normally connected, the public network DNS priority is higher than the VPN DNS priority, so that the intranet domain name is resolved into a public network address or cannot be resolved, and a user cannot correctly access the intranet domain name. This brings bad experience to people, and modifying the network card priority is a technical obstacle that is difficult to overcome for ordinary users. Accordingly, the present disclosure proposes a VPN client proxy DNS resolution method.
Fig. 2 is a flow chart illustrating a VPN client proxy DNS resolution method according to an embodiment of the present disclosure. The domain name resolution can be totally divided into two steps: firstly, the local machine sends a DNS request message to a domain name server, and the message carries a domain name to be inquired; and then, the domain name server responds a DNS response message to the local machine, wherein the DNS response message contains the IP address corresponding to the domain name. Under the VPN environment, the VPN client can proxy the local machine to forward a DNS query request message to the domain name server and receive a DNS response message from the domain name server.
In the VPN environment, after the VPN client is started, since the default port number of the DNS protocol is 53, the VPN client starts to monitor the local 53 port to proxy all DNS resolution of the local. And then storing the DNS server address of the user side, and setting the DNS server addresses of the physical network card and the virtual network card to be 127.0.0.1.
As shown in fig. 2, in S202, a DNS query request is received. The DNS query request may be a request for resolving a VPN resource domain name or a public network domain name, and may be from a VPN client itself or various application programs that a user needs to perform network communication, such as a web browsing application, a search application, an instant messaging tool, a mailbox client, social platform software, a shopping application, and the like. The DNS message is divided into a request message and a response message. The format of the DNS request message and the DNS response message is substantially the same. Fig. 3 is a schematic structural diagram of a DNS message.
More specifically, when a user application initiates a DNS request, a DNS query request message is sent to a local 53 port, and at this time, the VPN client may newly build a process UDP Socket1, receive the DNS query request from the local 53 port through UDP Socket1, and perform resolution on the DNS query request, including extracting domain name information requested to be resolved.
In S204, the DNS query request is forwarded to the user side DNS server and the VPN side DNS server. More specifically, the VPN client process may create two UDP sockets: UDP Socket2 and UDP Socket 3. The DNS query request may be forwarded to the user side DNS server with UDP Socket2, and forwarded to the VPN side DNS server with UDP Socket 3.
In S206, DNS query response messages from the user side DNS server and the VPN side DNS server are parsed. Fig. 4 is a schematic structural diagram of a flag field of a DNS packet. rcode (reply code) is a response code field for indicating the error status of the response. When the value is 0, no error is indicated; when the value is 1, the message Format error (Format error) is represented, and the server cannot understand the requested message; when the value is 2, it indicates that the domain name Server fails (Server failure), and there is no way to process this request due to the Server; when the value is 3, a Name Error (Name Error) is indicated, which is meaningful only to the authoritative domain Name resolution server, indicating that the resolved domain Name does not exist; when the value is 4, it indicates that the query type does Not support (Not instantiated), that is, the domain name server does Not support the query type; when the value is 5, it indicates a rejection (rejected), typically a rejection by the server due to a set policy, e.g. the server does not want to give a response to some requesters.
In S208, the first received and error-free query response message is used for responding. More specifically, whether the response message has an error may be determined according to whether the response code of the query response message is 0. If the response code is 0, the response message has no error; if the response code is not 0, it represents that the response message has an error. The query response message which is received first and has the response code of 0 is forwarded to the application program through UDP Socket 1.
Fig. 5 is a schematic diagram illustrating a response process of the VPN client proxy DNS resolution method according to the embodiment of the present disclosure.
As shown in fig. 5, in an embodiment, the VPN client proxy DNS resolution method determines whether a first response message is received in step S504. The first response message may come from the user side DNS server or the VPN side DNS server. More specifically, the determination may be made by detecting the setting of the response flag and the buffering flag corresponding to the DNS query. The initial states of the response flag bit and the buffer flag bit are both unset states. After receiving the response message, the VPN client detects the states of the response flag bit and the cache flag bit, and if the response flag bit and the cache flag bit are not set, the message is the first received response message.
In S506, it is determined whether the first response packet is error-free. More specifically, the response code of the first response packet is detected. If the response code is 0, the response message is free of errors; if the answer code is not 0, the response message is non-error-free.
In S508, if the first response packet has no error, the first response packet is used for responding. More specifically, if it is detected that the response code of the first response packet is 0, which indicates that the first response packet has no error, the first response packet is adopted to perform response, and the response process is ended. And setting the response flag bit so as to directly discard the received response message when receiving the response message subsequently. More specifically, the first response message may be forwarded to the application program through UDP Socket 1.
In S510, if the first response message has an error, the first received response message is buffered. More specifically, if it is detected that the response code of the first response packet is not 0, which indicates that the first response packet has an error, the first received response packet is cached. And setting a cache flag bit.
In S512, it is determined whether a second response message is received. More specifically, after receiving the response packet, the VPN client detects the states of the response flag bit and the cache flag bit. At this time, the cache flag bit is set, which indicates that the first response message is received and the first response message is non-error-free, and the received response message is the second received response message at this time.
If the second response message is received, the second response message is used for responding at S514. More specifically, at this time, the buffer flag bit is set, which indicates that the first response packet has an error, that is: the DNS server on the side returning the first response packet fails to successfully resolve the domain name in the DNS request packet. At this time, the response code of the second response message is 0, which indicates that the second response message is error-free, and then the second response message is adopted to respond, so as to ensure that the response message which is received firstly and has no error is adopted to respond, and the response process is finished. More specifically, the second response message may be forwarded to the application via UDP Socket 1.
Optionally, in one embodiment, the VPN client proxy DNS resolution method also times the response time of the response message. Starting from the forwarding of the DNS query request at the VPN client, the response time of the DNS query request is counted.
As shown in fig. 5, in step S502, let t equal to 0, the timer starts counting time. If it is determined in step S504 that the first response message is received, the process proceeds to step S520. When it is determined that T > T in step S520, it indicates that no response message is received from the user side DNS server and the VPN side DNS server within the preset time, and therefore, it is determined that the response is overtime. Therefore, the VPN client does not make any response at step S522. That is, when the response message of the DNS server on any side is not received within the preset time, no response is made. Further, when it is determined at step S520 that T is smaller than the given timeout threshold T, the VPN client may feed back to step S504 to further determine whether to receive the first response packet, and wait for the first response packet.
Alternatively, when it is determined at step S504 that the result of whether the first response message is received is yes and the result of whether the first response message is error-free is no, it is also determined at step S512 whether the waiting response is time-out if the result of whether the second response message is received is no. Specifically, when it is determined at step S516 that T > T, meaning that the second response packet is not received after the predetermined time T is exceeded, the response is determined to be time out. Similarly, when it is determined at step S516 that T is smaller than the given timeout threshold T, the VPN client will feed back to step S512 to further determine whether to receive the second response packet and wait for the second response packet.
If it is determined at step S516 that T > T, i.e. in case the time to wait for the second response message is out of time, the cached first response message is used for answering at step S518. More specifically, at this time, the buffer flag bit is set, which indicates that the first received response packet has an error, that is: and if the DNS server on the side returning the first response message fails to successfully analyze the domain name in the DNS request message and does not receive the second response message within the preset time, responding by using the cached first response message. More specifically, the cached first response message may be forwarded to the application program through UDP Socket 1.
Optionally, after answering with the buffered first response packet at step S518, at step S524, the buffer space is released. More specifically, after determining the timeout, the states of the response flag and the cache flag are detected. At this time, the response flag bit is not set and the buffer flag bit is set, which indicates that the first response message is received and the second response message is not received within the predetermined time, and the buffered first response message is forwarded to the application program through the UDP Socket1, and then the buffer space is released.
Fig. 6 is a schematic diagram illustrating a VPN client according to an embodiment of the present disclosure.
As shown in fig. 6, VPN client system 60 comprises a receive request component 602, a forward component 604, a parse component 608, and a reply component 610. A receive request component 602 that receives a DNS query request. A forwarding component 604, configured to forward the DNS query request to a user side DNS server and a VPN side DNS server. And the analyzing component 606 is used for analyzing the query response messages from the user side DNS server and the VPN side DNS server. The replying component 608 is configured to reply with the first received and error-free query response message.
As shown in fig. 6, in one embodiment, the VPN client system may further comprise a caching component 610 and a timeout detection component 612. A cache component 610, configured to cache the query response packet if the response packet received for the first time is non-error-free; an overtime detection component 612, configured to determine that a response is overtime when no other query response message is received after a predetermined time elapses after a non-error-free query response message is received for the first time and the query response message is cached; and a reply component 608, further configured to reply with the cached query response message.
In one embodiment, as shown in fig. 6, the reply component 608 of the VPN client system is further configured to reply with the last received query response message if none of the received response messages are error-free. The response component 608 does not receive the query response message within the preset time period T and does not perform any response.
In one embodiment, as shown in fig. 6, the VPN client system further comprises a reclamation resource component 612 for releasing the cache space after replying with the cached query response message.
In summary, by using the method and system for proxy DNS resolution of the VPN client, the network card priority is not required to be set, and the local port is monitored by the VPN client, all DNS query requests of the local machine are proxied, and DNS request resolution is completed. Specifically, when a user side initiates a DNS query request, a VPN client side receives a DNS request message, analyzes the request message, proxies the DNS client side to simultaneously forward the DNS query request to a DNS server at a VPN server side and a DNS server at a user side, and feeds back a correct response message which arrives firstly to the DNS client side through analyzing the response message, so that the error of accessing VPN intranet resources caused by a DNS server preference mechanism of part of operating systems is avoided, and the access of public network domain names is not influenced. In addition, under the condition of simultaneously initiating the DNS request, generally for a public network domain name and a user side network private domain name, the user side DNS server is fast in resolution, the problem of the proximity of cross operators and a CDN is solved, a VPN agent can preferentially return a DNS resolution result to an application program, a user can quickly access the network, and the user internet experience is improved.
The basic principles of the present disclosure have been described in connection with specific embodiments, but it should be noted that it will be understood by those skilled in the art that all or any of the steps or components of the method and apparatus of the present disclosure may be implemented in any computing device (including processors, storage media, etc.) or network of computing devices, in hardware, firmware, software, or a combination thereof, which can be implemented by those skilled in the art using their basic programming skills after reading the description of the present disclosure.
Thus, the objects of the present disclosure may also be achieved by running a program or a set of programs on any computing device. The computing device may be a general purpose device as is well known. Thus, the object of the present disclosure can also be achieved merely by providing a program product containing program code for implementing the method or apparatus. That is, such a program product also constitutes the present disclosure, and a storage medium storing such a program product also constitutes the present disclosure. It is to be understood that the storage medium may be any known storage medium or any storage medium developed in the future.
It is also noted that in the apparatus and methods of the present disclosure, it is apparent that individual components or steps may be disassembled and/or re-assembled. These decompositions and/or recombinations are to be considered equivalents of the present disclosure. Also, the steps of executing the series of processes described above may naturally be executed chronologically in the order described, but need not necessarily be executed chronologically. Some steps may be performed in parallel or independently of each other.
The above detailed description should not be construed as limiting the scope of the disclosure. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.
Claims (10)
1. A VPN client proxy DNS resolution method includes:
receiving a DNS query request;
forwarding the DNS query request to a user side DNS server and a VPN side DNS server;
analyzing DNS inquiry response messages from the user side DNS server and the VPN side DNS server; and
and adopting the first received and error-free inquiry response message to reply.
2. The method of claim 1, further comprising:
if the first received query response message is not error-free, caching the query response message;
determining response overtime when other query response messages are not received after a preset time after a non-error query response message is received for the first time and the query response message is cached; and
and responding by using the cached inquiry response message.
3. The method of claim 1, further comprising:
and if the received response messages are not error-free, adopting the last received query response message to respond.
4. The method of claim 1, further comprising:
and if the inquiry response message is not received in the preset time period, no response is carried out.
5. The method of claim 2, further comprising:
and releasing the cache space after the cached inquiry response message is adopted for response.
6. A VPN client system comprising:
a receive request component for receiving a DNS query request;
the forwarding component is used for forwarding the DNS query request to a user side DNS server and a VPN side DNS server;
the analysis component is used for analyzing the query response messages from the user side DNS server and the VPN side DNS server;
and the response component is used for responding by adopting the first received and error-free query response message.
7. The system of claim 6, further comprising:
the cache component is used for caching the query response message if the response message received for the first time is not error-free;
the overtime detection component is used for determining response overtime when other query response messages are not received after a preset time after a non-error query response message is received for the first time and the query response message is cached; and
and the response component is also used for responding by adopting the cached inquiry response message.
8. The system of claim 6, wherein the first and second sensors are arranged in a single package,
and the response component is also used for responding by adopting the finally received query response message if the received response messages are not error-free.
9. The system of claim 6, wherein the first and second sensors are arranged in a single package,
the response component is further configured to not perform any response if the query response message is not received within the preset time period.
10. The system of claim 7, further comprising:
and the recovery resource component is used for releasing the cache space after the cached inquiry response message is adopted for response.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210026279.5A CN114374669B (en) | 2022-01-11 | 2022-01-11 | VPN client proxy DNS analysis method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210026279.5A CN114374669B (en) | 2022-01-11 | 2022-01-11 | VPN client proxy DNS analysis method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114374669A true CN114374669A (en) | 2022-04-19 |
| CN114374669B CN114374669B (en) | 2024-04-26 |
Family
ID=81144558
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210026279.5A Active CN114374669B (en) | 2022-01-11 | 2022-01-11 | VPN client proxy DNS analysis method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114374669B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115297088A (en) * | 2022-08-03 | 2022-11-04 | 中电云数智科技有限公司 | Domain name resolution system and method in cloud computing environment |
| CN115378906A (en) * | 2022-08-16 | 2022-11-22 | 北京轻网科技股份有限公司 | VPN framework-based local DNS proxy method, device, equipment and medium |
Citations (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050071630A1 (en) * | 2003-08-15 | 2005-03-31 | Imcentric, Inc. | Processing apparatus for monitoring and renewing digital certificates |
| US20050235044A1 (en) * | 2004-04-20 | 2005-10-20 | Tazuma Stanley K | Apparatus and methods relating to web browser redirection |
| CN1791053A (en) * | 2004-12-13 | 2006-06-21 | 杭州华为三康技术有限公司 | Method for implementing optimization selection for multi server |
| US20070124487A1 (en) * | 2005-11-28 | 2007-05-31 | Hitachi Communication Technologies, Ltd. | DNS server |
| US20110010413A1 (en) * | 2009-07-09 | 2011-01-13 | International Business Machines Corporation | Tcp/ip host name resolution on a private network |
| EP2347561A1 (en) * | 2008-10-15 | 2011-07-27 | Nokia Corporation | Methods, apparatuses, and computer program products for determining a network interface to access a network resource |
| US20130291101A1 (en) * | 2012-04-30 | 2013-10-31 | At&T Intellectual Property I, L.P. | Detecting and blocking domain name system cache poisoning attacks |
| CN103581258A (en) * | 2012-08-03 | 2014-02-12 | 中国移动通信集团公司 | Network data caching method and system |
| US20140173134A1 (en) * | 2012-12-18 | 2014-06-19 | Hughes Network Systems, Llc | Method and system for optimized opportunistic transmission of domain name reference information |
| US20150350256A1 (en) * | 2014-05-28 | 2015-12-03 | Apple Inc. | Device and Method for Virtual Private Network Connection Establishment |
| CN106453685A (en) * | 2016-11-15 | 2017-02-22 | 中国移动通信集团江苏有限公司 | Method for resolving with public DNS (Domain Name System) server, system and server |
| US20170222978A1 (en) * | 2016-02-03 | 2017-08-03 | Verisign, Inc. | Systems, devices, and methods for improved domain name system firewall protection |
| CN107592374A (en) * | 2017-09-04 | 2018-01-16 | 北京新流万联网络技术有限公司 | The DNS correcting methods and system of DNS domain name error resolution |
| CN107911496A (en) * | 2017-11-17 | 2018-04-13 | 杭州迪普科技股份有限公司 | A kind of VPN service terminal acts on behalf of the method and device of DNS |
| CN107995321A (en) * | 2017-11-17 | 2018-05-04 | 杭州迪普科技股份有限公司 | A kind of VPN client acts on behalf of the method and device of DNS |
| CN108093098A (en) * | 2018-01-31 | 2018-05-29 | 杭州迪普科技股份有限公司 | A kind of domain name mapping request sending method and device |
| CN108156274A (en) * | 2017-12-18 | 2018-06-12 | 杭州迪普科技股份有限公司 | Equipment is made to obtain the method and device of domain name mapping result in a kind of VPN network |
| CN112272158A (en) * | 2020-09-16 | 2021-01-26 | 厦门网宿有限公司 | Data proxy method, system and proxy server |
| CN112887444A (en) * | 2021-01-19 | 2021-06-01 | 网宿科技股份有限公司 | VPN (virtual private network) request processing method, client device and system |
-
2022
- 2022-01-11 CN CN202210026279.5A patent/CN114374669B/en active Active
Patent Citations (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050071630A1 (en) * | 2003-08-15 | 2005-03-31 | Imcentric, Inc. | Processing apparatus for monitoring and renewing digital certificates |
| US20050069136A1 (en) * | 2003-08-15 | 2005-03-31 | Imcentric, Inc. | Automated digital certificate renewer |
| US20050235044A1 (en) * | 2004-04-20 | 2005-10-20 | Tazuma Stanley K | Apparatus and methods relating to web browser redirection |
| CN1791053A (en) * | 2004-12-13 | 2006-06-21 | 杭州华为三康技术有限公司 | Method for implementing optimization selection for multi server |
| US20070124487A1 (en) * | 2005-11-28 | 2007-05-31 | Hitachi Communication Technologies, Ltd. | DNS server |
| CN1976307A (en) * | 2005-11-28 | 2007-06-06 | 日立通讯技术株式会社 | DNS server |
| EP2347561A1 (en) * | 2008-10-15 | 2011-07-27 | Nokia Corporation | Methods, apparatuses, and computer program products for determining a network interface to access a network resource |
| US20110225284A1 (en) * | 2008-10-15 | 2011-09-15 | Nokia Corporation | Methods, appratuses, and computer program products for determining a network interface to access a network resource |
| US20110010413A1 (en) * | 2009-07-09 | 2011-01-13 | International Business Machines Corporation | Tcp/ip host name resolution on a private network |
| US20130291101A1 (en) * | 2012-04-30 | 2013-10-31 | At&T Intellectual Property I, L.P. | Detecting and blocking domain name system cache poisoning attacks |
| CN103581258A (en) * | 2012-08-03 | 2014-02-12 | 中国移动通信集团公司 | Network data caching method and system |
| US20140173134A1 (en) * | 2012-12-18 | 2014-06-19 | Hughes Network Systems, Llc | Method and system for optimized opportunistic transmission of domain name reference information |
| US20150350256A1 (en) * | 2014-05-28 | 2015-12-03 | Apple Inc. | Device and Method for Virtual Private Network Connection Establishment |
| US20170374110A1 (en) * | 2014-05-28 | 2017-12-28 | Apple Inc. | Device and Method for Virtual Private Network Connection Establishment |
| US20170222978A1 (en) * | 2016-02-03 | 2017-08-03 | Verisign, Inc. | Systems, devices, and methods for improved domain name system firewall protection |
| CN106453685A (en) * | 2016-11-15 | 2017-02-22 | 中国移动通信集团江苏有限公司 | Method for resolving with public DNS (Domain Name System) server, system and server |
| CN107592374A (en) * | 2017-09-04 | 2018-01-16 | 北京新流万联网络技术有限公司 | The DNS correcting methods and system of DNS domain name error resolution |
| CN107911496A (en) * | 2017-11-17 | 2018-04-13 | 杭州迪普科技股份有限公司 | A kind of VPN service terminal acts on behalf of the method and device of DNS |
| CN107995321A (en) * | 2017-11-17 | 2018-05-04 | 杭州迪普科技股份有限公司 | A kind of VPN client acts on behalf of the method and device of DNS |
| CN108156274A (en) * | 2017-12-18 | 2018-06-12 | 杭州迪普科技股份有限公司 | Equipment is made to obtain the method and device of domain name mapping result in a kind of VPN network |
| CN108093098A (en) * | 2018-01-31 | 2018-05-29 | 杭州迪普科技股份有限公司 | A kind of domain name mapping request sending method and device |
| CN112272158A (en) * | 2020-09-16 | 2021-01-26 | 厦门网宿有限公司 | Data proxy method, system and proxy server |
| CN112887444A (en) * | 2021-01-19 | 2021-06-01 | 网宿科技股份有限公司 | VPN (virtual private network) request processing method, client device and system |
Non-Patent Citations (2)
| Title |
|---|
| FUTUREWEI, ITRI: "S2-2003643 "KI#1, Solution Update - Connectivity Models, Private Access and Architecture Assumptions"", 3GPP TSG_SA\\WG2_ARCH, no. 2, 3 June 2020 (2020-06-03) * |
| 高斐,高永仁: ""一种DNS数据源的获取与分析方法"", 《莆田学院学报》, 25 October 2012 (2012-10-25) * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115297088A (en) * | 2022-08-03 | 2022-11-04 | 中电云数智科技有限公司 | Domain name resolution system and method in cloud computing environment |
| CN115378906A (en) * | 2022-08-16 | 2022-11-22 | 北京轻网科技股份有限公司 | VPN framework-based local DNS proxy method, device, equipment and medium |
| CN115378906B (en) * | 2022-08-16 | 2024-02-13 | 北京轻网科技股份有限公司 | Local DNS proxy method, device, equipment and medium based on VPN framework |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114374669B (en) | 2024-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110636115B (en) | Cross-cloud service calling processing method, gateway server and requester server | |
| CN107528862B (en) | Domain name resolution method and device | |
| CN110392130B (en) | Information processing method based on network, electronic equipment and network system | |
| WO2013143403A1 (en) | Method and system for accessing website | |
| US20130275595A1 (en) | Network element failure detection | |
| CN106533944B (en) | Distributed API gateway, management method and management system | |
| WO2009021318A1 (en) | Cache expiry in multiple-server environment | |
| CN107613037B (en) | Domain name redirection method and system | |
| WO2013059541A1 (en) | Answer augmentation system for authoritative dns servers | |
| WO2017166524A1 (en) | Domain name parsing method and apparatus | |
| US11201792B2 (en) | Management system and control method | |
| CN114374669B (en) | VPN client proxy DNS analysis method and system | |
| US20190081924A1 (en) | Discovering address mobility events using dynamic domain name services | |
| WO2017096888A1 (en) | Method and device for implementing domain name system | |
| CN113905050B (en) | Method, device and system for detecting internet access information | |
| CN108173979B (en) | Message processing method, device, equipment and storage medium | |
| CN111031148B (en) | Address resolution method and device, electronic equipment and storage medium | |
| CN113315852B (en) | Domain name resolution method, device and system | |
| CN109413224B (en) | Message forwarding method and device | |
| CN114338597B (en) | Network access method and device | |
| CN114553827A (en) | VPN client proxy DNS analysis method and device | |
| CN106899456B (en) | Method for realizing link detection and repair | |
| RU2008121872A (en) | NEAREST NODE FOR CONNECTIONS OF DISTRIBUTED SERVICES | |
| CN109831473A (en) | Logistics service providing method and equipment | |
| CN115118700B (en) | Communication method and communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |