CN-122027694-A - CNAME buffer pollution problem prevention method based on negotiation

Abstract

The application discloses a CNAME buffer pollution problem prevention method based on negotiation, which comprises the steps of adding a struct pseudo resource record in a DNS message, packaging the request by a client as required and giving an integer value, ignoring the CNAME record in a buffer searching stage after detecting the record by a recursion server, initiating recursion to an upstream authority to acquire a target type resource record and TTL thereof when the record is missed, performing differentiation processing on the existing homonym CNAME buffer according to the struct value, and finally writing the new record into the buffer and returning a response. The struct records only act between the client and the recursion server, are not transmitted upstream, can realize immediate weakening or clearing of the pollution cache without increasing extra memory overhead, and are compatible with the existing DNS protocol.

Inventors

• CHEN CHAO
• WANG ZHIGANG
• JIANG CHAO
• Zhu Ruishuang
• XING ZHIJIE
• MAO WEI

Assignees

• 互联网域名系统北京市工程研究中心有限公司

Dates

Publication Date

20260512

Application Date

20260129

Claims (10)

1. 1. The CNAME buffer pollution problem prevention method based on negotiation is characterized by comprising the following steps: defining a struct pseudo resource record in the DNS message, wherein the struct record carries an integer value and is used for indicating the neglect and subsequent processing strategies of the CNAME cache by the recursion server; When a client initiates a query, encapsulating the strict record in a DNS query request and setting a corresponding integer value; after receiving the DNS request, if a struct record is detected, the recursive server ignores the CNAME type cache when inquiring the cache, and only searches the corresponding cache according to the request type; When the cache data corresponding to the query type is not found, triggering the recursion query by the recursion server, and acquiring the resource record of the request type and the cache ttl thereof from the authority server; And the recursion server executes differentiation processing on the existing CNAME type cache according to the integer value of the struct record, and returns a response after writing the newly acquired resource record into the cache.
2. 2. The method of claim 1, wherein when the integer value of the struct record is 0, the recursive server directly ignores the CNAME type cache in the query cache stage, if no cache data corresponding to the query type is retrieved, the recursive query is triggered, after the resource record of the present type is successfully obtained, the resource record is written into the cache according to the original ttl of the record, and no modification is made to the existing CNAME type cache.
3. 3. The method of claim 1, wherein when the integer value of the struct record is 1, the recursive server ignores the CNAME type cache in the query cache stage, if no cache data corresponding to the query type is retrieved, triggers the recursive query, locates an existing CNAME type cache entry under a homonymic tag after the resource record of the type is successfully acquired, adjusts the ttl value of the CNAME cache to a value not exceeding the ttl value of the newly acquired record, and then writes the newly acquired resource record of the type into the cache as the original ttl.
4. 4. The method according to claim 1, wherein when the integer value of the struct record is 2, the recursion server ignores the CNAME type cache in the query cache stage, and if no cache data corresponding to the query type is retrieved, triggers the recursion query, and after the resource record of the present type is successfully obtained, deletes the existing CNAME type cache entry under the homonymic tag, and then writes the newly obtained resource record of the present type into the cache as the original ttl.
5. 5. The method of claim 1, wherein after receiving the DNS query request, the recursive server first checks whether there is a struct type pseudo resource record in the request, if not, directly retrieves the cache according to the original flow, returns a response if hit, triggers the recursive query and writes the result into the cache if miss, and does not execute the ignoring the CNAME cache and the subsequent differentiated processing logic throughout.
6. 6. The method of claim 1, wherein when the client encapsulates a struct pseudo-resource record in a DNS query request, the record is only placed in a message between the client and the recursion server, and the recursion server removes the struct record from the request to be sent before initiating a recursion query to the upstream authoritative server, ensuring that the authoritative server does not receive the pseudo-resource record.
7. 7. The method of claim 1, wherein after completing the differentiation process and writing in the newly acquired resource record, the recursive server constructs a response message, and fills the same struct record and its integer value as the original request in the additional segment, and returns the same to the client along with the response to indicate that the current query has executed the corresponding CNAME caching operation according to the specified level of the client.
8. 8. A negotiation-based CNAME cache pollution problem prevention system, the system comprising: An implementation end is used for defining a struct pseudo resource record in the DNS message, wherein the struct record carries an integer value and is used for indicating the neglect and subsequent processing strategies of the recursive server to the CNAME cache; The client is used for packaging the struct record in the DNS query request and setting a corresponding integer value when the query is initiated; The server comprises a DNS (Domain name System) server, a recursive server, a right server and a recursive server, wherein the DNS server is used for receiving the DNS request, if a struct record is detected, the CNAME type cache is ignored when the cache is inquired, the corresponding cache is searched only according to the request type, when the cache data corresponding to the query type is not found, the recursive server triggers the recursive inquiry, the resource record of the request type and the cache ttl thereof are obtained from the right server, the recursive server executes differentiation processing on the existing CNAME type cache according to the integer value of the struct record, and the newly obtained resource record is written into the cache and returns a response.
9. 9. An electronic device comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, performs the method of any of claims 1 to 7.
10. 10. A computer readable storage medium, characterized in that a computer program is stored thereon, which computer program, when being executed by a processor, implements the method according to any of claims 1 to 7.

Description

CNAME buffer pollution problem prevention method based on negotiation Technical Field The application relates to the technical field of data processing, in particular to a CNAME buffer pollution problem prevention method based on negotiation. Background CNAME cache pollution means that because DNS records of CNAME type and other types of records have mutual exclusion relation and can exist in the cache in the recursion server at the same time, if the response of some authoritative servers does not meet the standard, CNAME results are returned only when a specific type of inquiry is performed, so that confusion of performance is possibly caused, and the required records cannot be found as expected. For example, when a record is normally queried first, the authority server may return the A record, but when an AAAA record is queried, the authority returns the CNAME. At this time, the CNAME is cached by the recursive server, so that subsequent requests for a type a record may also occur, and the CNAME may not directly initiate the query of the original domain name because the CNAME exists in the cache, and instead, the CNAME is switched and the a record of the CNAME domain name is queried, which has the aforementioned effect, that is, until the CNAME record expires in the cache, the performance of failing to find the correct a record may continue. Because of the mutual exclusivity of CNAME records and other types, other types of queries, in addition to type A, will also be affected by this CNAME record cache. A possible solution to this problem of cache pollution is to trigger the type of request to be introduced into the secondary cache for each type of cache record to determine whether this request type itself can be introduced into the corresponding type record or the CNAME record. But this precaution method requires an additional generation of a larger proportion of memory space. Disclosure of Invention Based on the above, the embodiment of the application provides a CNAME buffer pollution prevention method based on negotiation, which solves the problem of increased buffer memory occupation for the solution of the request type of introducing secondary buffer through recording. In a first aspect, a method for preventing a CNAME cache pollution problem based on negotiation is provided, the method includes: defining a struct pseudo resource record in the DNS message, wherein the struct record carries an integer value and is used for indicating the neglect and subsequent processing strategies of the CNAME cache by the recursion server; When a client initiates a query, encapsulating the strict record in a DNS query request and setting a corresponding integer value; after receiving the DNS request, if a struct record is detected, the recursive server ignores the CNAME type cache when inquiring the cache, and only searches the corresponding cache according to the request type; When the cache data corresponding to the query type is not found, triggering the recursion query by the recursion server, and acquiring the resource record of the request type and the cache ttl thereof from the authority server; And the recursion server executes differentiation processing on the existing CNAME type cache according to the integer value of the struct record, and returns a response after writing the newly acquired resource record into the cache. Optionally, when the integer value of the struct record is 0, the recursive server directly ignores the CNAME type cache in the query cache stage, if the cache data corresponding to the query type is not retrieved, the recursive server triggers the recursive query, and after the resource record of the type is successfully obtained, the resource record is written into the cache according to the original ttl of the record, and any modification is not performed on the existing CNAME type cache. Optionally, when the integer value of the struct record is 1, the recursive server ignores the CNAME type cache in the query cache stage, if the cache data corresponding to the query type is not retrieved, the recursive server triggers the recursive query, after the resource record of the type is successfully acquired, the existing CNAME type cache entry is positioned under the homonymic tag, the ttl value of the CNAME cache is adjusted to be not more than the value of the ttl of the newly acquired record, and then the newly acquired resource record of the type is written into the cache according to the original ttl. Optionally, when the integer value of the struct record is 2, the recursion server ignores the CNAME type cache in the query cache stage, if the cache data corresponding to the query type is not retrieved, the recursion query is triggered, after the resource record of the type is successfully obtained, the existing CNAME type cache entry is deleted under the same name label, and then the newly obtained resource record of the type is written into the cache according to the original ttl.