CN-116827902-B - Domain name generation method, domain name detection method, electronic device, and storage medium

Abstract

A domain name generating method, a domain name detecting method, an electronic device and a storage medium. The domain name generation method comprises the steps of inquiring a target domain name from one or more domain name resolvers, enabling a domain name server record corresponding to the target domain name to be cached in the one or more domain name resolvers, obtaining the cache validity period of the domain name server record of the target domain name in the one or more domain name resolvers, authorizing a new domain name and a domain name server resource record of the new domain name at the domain name server corresponding to the target domain name based on the target domain name, wherein the new domain name is a subdomain name of the target domain name, and inquiring the new domain name generated based on the target domain name from the one or more domain name resolvers before the cache validity period is over, so that the domain name server record of the new domain name is cached by the one or more domain name resolvers. The domain name generation method can enable the newly generated domain name to keep alive, thereby guaranteeing the normal operation of domain name resolution, and has the advantages of simple operation, low cost, wide applicable objects and the like.

Inventors

• LI XIANG
• LIU BAOJUN
• ZHANG MINGMING
• DUAN HAIXIN
• LI QI

Assignees

• 清华大学

Dates

Publication Date

20260512

Application Date

20230803

Claims (10)

1. 1. A domain name generation method, comprising: Querying one or more domain name resolvers for a target domain name, so that a domain name server record corresponding to the target domain name is cached in the one or more domain name resolvers; Acquiring the cache validity period recorded in the one or more domain name resolvers by the domain name server of the target domain name; Authorizing a new domain name and a domain name server resource record of the new domain name at a domain name server corresponding to the target domain name based on the target domain name, wherein the new domain name is a subdomain name of the target domain name; querying the one or more domain name resolvers for the new domain name generated based on the target domain name, before the cache validity period expires, such that the one or more domain name resolvers cache a domain name server record of the new domain name, And in response to the new domain name not reaching the maximum number of stages, taking the new domain name as a new target domain name, and circularly executing the domain name generation method.
2. 2. The domain name generation method according to claim 1, wherein the number of stages of the target domain name is N, where N is a positive integer greater than 1 and less than 128.
3. 3. The domain name generating method according to claim 1, wherein the target domain name comprises a registered domain name, a normal domain name, a stale domain name, a failed domain name, or a revoked domain name.
4. 4. A domain name generation method according to any of claims 1-3, wherein the domain name server that obtains the target domain name records a cache validity period in the one or more domain name resolvers, comprising: Querying the one or more domain name resolvers for a domain name server record for the target domain name; Receiving a reply from the one or more domain name resolvers, the reply including the cache validity period recorded by the domain name server in the one or more domain name resolvers.
5. 5. A domain name generation method according to any one of claims 1 to 3, wherein the authorizing, based on the target domain name, a new domain name and a domain name server resource record of the new domain name at a domain name server corresponding to the target domain name includes: Adding a prefix in front of the target domain name to generate the new domain name; And setting a grant resource record of the new domain name at the domain name server corresponding to the target domain name, wherein the grant resource record comprises a domain name server resource record and a glue resource record of the new domain name.
6. 6. A domain name detection method, comprising: Inquiring whether a domain name server resource record of a domain name to be detected of a target exists in a cache of a domain name resolver; Detecting whether a domain name server resource record from a parent domain name to an M-th upper-level domain name of the target domain name to be detected exists in a cache of the domain name resolver or not in response to the existence of the domain name server resource record of the target domain name to be detected in the cache of the domain name resolver, wherein M is a positive integer greater than or equal to 1 and less than 128; and outputting a detection result of the domain name to be detected of the target.
7. 7. The domain name detection method according to claim 6, further comprising: acquiring a domain name to be detected; judging whether the domain name to be detected needs to be determined as the target domain name to be detected according to the level number of the domain name to be detected; And if the number of levels of the domain name to be detected exceeds a threshold number of levels, determining the domain name to be detected as the target domain name to be detected.
8. 8. The domain name detection method according to claim 6 or 7, further comprising: determining a processing mode of the target domain name to be detected according to the detection result of the target domain name to be detected; if the detection result of the target domain name to be detected shows that the cache of the domain name resolver has a domain name server resource record from the father domain name of the target domain name to be detected to the M-th level upper domain name, a warning is sent out or whether the target domain name to be detected is a malicious domain name is detected; and deleting content related to the target domain name to be detected in a cache of the domain name analyzer or adding the target domain name to be detected into a domain name blacklist for processing by a network operator in response to the target domain name to be detected as a malicious domain name.
9. 9. An electronic device, comprising: a memory non-transitory storing computer-executable instructions; A processor configured to execute the computer-executable instructions, Wherein the computer executable instructions when executed by the processor implement a domain name generation method according to any of claims 1-5 or a domain name detection method according to any of claims 6-8.
10. 10. A non-transitory computer readable storage medium storing computer executable instructions which when executed by a processor implement the domain name generation method of any of claims 1-5 or the domain name detection method of any of claims 6-8.

Description

Domain name generation method, domain name detection method, electronic device, and storage medium Technical Field Embodiments of the present disclosure relate to a domain name generation method, a domain name detection method, an electronic device, and a storage medium. Background The domain name is a name which is convenient for people to memorize and is used for identifying the positioning of the computer during network data transmission, so that people can access the Internet more conveniently. The domain name has a certain corresponding relation with the IP address of the computer, and after the domain name system resolves the domain name, the IP address corresponding to the domain name can be found, so that the domain name is converted into the machine-readable IP address. Domain names are key underlying applications in today's internet that decisively impact numerous other network applications and protocols, including web site access, content distribution, mailing, certificate application, blacklist deployment, etc. However, domain names are also often abused in numerous networking activities, such as botnets, phishing, malicious mail, and so forth. Based on internet name and digital address assignment agency statistics, about 62 tens of thousands of domain names are misused and present a security threat at month 3 of 2023. As countermeasure, the network supervisor performs compliance processing on the malicious domain name by means of domain name revocation and the like, and cuts off the operation chain of the malicious network activity. In order to identify a malicious domain name in real time, a supervisor needs to learn a generation means of the malicious domain name. Domain name generation algorithms are a commonly used method of generating domain names, which generate a large number of domain names for use by a specific program algorithm. However, the domain name generation algorithm needs to generate a new domain name based on the registered domain name in the normal state, and once the registered domain name expires or is withdrawn, the new domain name cannot be generated by the registered domain name any more, so that it is necessary to constantly register the domain name and pay registration fees, annual fees, etc. Domain name generation algorithms are also often used to communicate botnets, malware, etc., for example, a preset domain name generation algorithm is used to generate a large number of repeatedly registered domain names, then a large number of malicious domain names are generated based on the registered domain names, and covert communication and evasion supervision are realized through the large number of malicious domain names. Because the domain names generated by the domain name generation algorithm have relatively fixed pattern features, such as randomness, time sensitivity, similarity in format, short domain name survival time, inability to resolve domain names, and the like, the network administrator can identify the malicious domain names based on the format features or other pattern features of the domain names or predict the malicious domain names through the reverse domain name generation algorithm. Disclosure of Invention At least one embodiment of the present disclosure provides a domain name generation method, including querying one or more domain name resolvers for a target domain name, such that a domain name server record corresponding to the target domain name is cached in the one or more domain name resolvers, obtaining a cache validity period of the domain name server record of the target domain name in the one or more domain name resolvers, authorizing a new domain name and a domain name server resource record of the new domain name at a domain name server corresponding to the target domain name based on the target domain name, wherein the new domain name is a subdomain name of the target domain name, querying the one or more domain name resolvers for the new domain name generated based on the target domain name before the cache validity period expires, such that the one or more domain name resolvers cache the domain name server record of the new domain name. For example, in the domain name generation method provided in at least one embodiment of the present disclosure, the number of stages of the target domain name is N, where N is a positive integer greater than 1 and less than 128. For example, in the domain name generating method provided in at least one embodiment of the present disclosure, the target domain name includes a registered domain name, a normal domain name, an expired domain name, a failed domain name, or a revoked domain name. For example, in a domain name generation method provided in at least one embodiment of the present disclosure, the obtaining the cache validity period of the domain name server record of the target domain name in the one or more domain name resolvers includes querying the one or more domain name resolvers for the domai