CN101895591A - Method and domain name server for increasing robustness of credible Internet domain name service - Google Patents
Method and domain name server for increasing robustness of credible Internet domain name service Download PDFInfo
- Publication number
- CN101895591A CN101895591A CN 201010237757 CN201010237757A CN101895591A CN 101895591 A CN101895591 A CN 101895591A CN 201010237757 CN201010237757 CN 201010237757 CN 201010237757 A CN201010237757 A CN 201010237757A CN 101895591 A CN101895591 A CN 101895591A
- Authority
- CN
- China
- Prior art keywords
- name server
- domain
- name
- domain name
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a method and domain name server for increasing the robustness of credible Internet domain name service. The domain name server obtains the operational state of each associated domain name server instantly; when the operation of the associated domain name server is normal, the corresponding domain name information is cached according to the timeout mechanism and the corresponding source domain name server information is recorded; and when the associated domain name server is out of operation, the unoperated associated domain name server is used as the source domain name server, and all the domain name information is stored permanently. In addition, a credibility evaluation mechanism is introduced in the invention, and the credibility of the domain name server is evaluated according to a domain name server credibility white list. By using the method and domain name server of the invention, when the associated domain name server is out of operation, the domain name information can be furthest cached by the local domain name server, and the domain name inquiry of the client can be responded in the response-failing period according to the cached domain name information, thus realizing the applicability of the domain name server in the response-failing period as much as possible and increasing the robustness and credibility of credible Internet domain name service.
Description
Technical field
The present invention relates to technical field of the computer network, relate in particular to the method and the name server that improve credible Internet domain name service robustness.
Background technology
In current society, the Internet has become one of most important information infrastructure of modern society, and society is increasing to the degree of dependence of the Internet, and is more and more stronger to the requirement of the credible wilfulness of safe and reliable, the internet, applications of the Internet and information.
The fragility of current internet and trustless sex expression are in each links such as network design, realization and operational managements, and the internet security incident of frequently breaking out is the concrete manifestation of the Internet fragility.The consequence of the insincere wilfulness in the Internet is to make government and application prospect to the Internet among the people show great worry, making people's self-distrust that key is used intactly moves on the Internet, greatly limit the application of the Internet profound level, seriously restricted the performance of Internet development and great potential thereof.Simultaneously, the safety problem of the Internet also affects the sound development of national economy, even is threatening social stability and national security.Although existing the Internet has carried out costly repairing in each aspect of network architecture, still exist huge potential safety hazard.Therefore, credible Internet safety and network service become the key technology of setting up high credible Internet network.
Domain name system (DNS) is used for naming computer and the network service that is organized into the domain hierarchy structure.The availability of domain name system is related to the availability of a lot of other internet, applications, and for example: SMTP, SIP, POP3, IMAP, SSH etc., therefore, the robustness of domain name system is most important to the Internet.
In recent years, some had taken place on the Internet attacked at the denial of service formula of domain name system, as: 2002, the root name server of www.ripe.net was under attack, and service can not normally be provided to external world; 2002, the Ultra name server was under attack; 2004, the name server of Akamai was subjected to the attack at name server from Botnet; Nearest 2009, MPC software made telecommunications name server paralysis incident, exactly because domain name service merchant DNSPod has been subjected to attacking at the denial of service formula of name server, or the like.These other application of attacking all types of target the Internet have all caused destruction in various degree, have also caused corresponding economic loss simultaneously.
As seen, in present network application structure, domain name service has critical role.Equally, improve the robustness of credible Internet domain name service, reduction accident and attack, most important to the influence of domain name service.
At present, propose some and strengthened the research and the method for domain name service reliability.Because the structure of domain name service layering, classification, high-rise name server lacks a lot than the domain name quantity of low layer, this has just produced hidden danger to the robustness of high-rise name server, therefore, some research proposals adopt IP to appoint the redundancy of broadcasting the high-rise name server of (IPAnycast) skill upgrading.Yet this solution need drop into a large amount of name servers and routing device again, and needs extra expense, and the input of writing like this can't be born in the less territory of some scales, so ease for use is not strong.Other researchs are then wished by adopting domain name system coded communication (DNSSEC) to strengthen the reliability of domain name service between the client and server of domain name system, can prevent that domain name from poisoning effectively like this etc. at the attack of domain name service availability, but, adopt this scheme to need thoroughly to change existing domain name system structure, be not easy to implement.
Summary of the invention
The invention provides a kind of method and name server that improves credible Internet domain name service robustness, to improve the robustness and the availability of credible Internet domain name service.
A kind of method that improves credible Internet domain name service robustness provided by the invention comprises:
Set in advance maximum response time threshold value RT
MaxLife span TTL with domain name;
Buffer memory domain-name information, source domain name server information and name server confidence level white list in local domain name server, wherein:
Each bar domain-name information comprises parameter: the source name server of the life span of domain name, domain name, domain name and the confidence level of domain name;
Each bar source domain name server information comprises parameter: the network address of source name server, quote number of times and confidence level;
Name server confidence level white list is used to preserve the confidence level configuration of name server;
This method also comprises:
Local domain name server regularly sends the inquiry of the domain name request to each related name server, if at RT
MaxIn received related name server response, judge that then described related name server is working properly; If at RT
MaxIn do not receive related name server response, judge that then described related name server lost efficacy;
If judge that related name server is working properly, then carry out following operation in the domain-name information of institute's buffer memory: the life span of the corresponding domain name of the described response of buffer memory, domain name is set to TTL, determine and the source name server of record domain name, the confidence level of domain name are set to equal the confidence level of described source name server, and operate below carrying out in the source domain name server information of institute's buffer memory: number of times is quoted in the source of described source name server added 1;
If judging related name server lost efficacy, then will forever preserve as all domain-name informations of source name server with the related name server of this inefficacy, and to the life span time out of described all domain-name informations, related name server until this inefficacy is working properly, continues the life span of described all domain-name informations is carried out timing;
When receiving the inquiry of the domain name request of client, local domain name server responds the domain name query requests according to the domain-name information of institute's buffer memory, comprise in described response by the confidence level of nslookup, whether client uses domain name information according to the confidence level decision of domain name;
If local domain name server can't be according to the inquiry of the domain name request of the domain-name information customer in response end of local institute buffer memory, then obtain the domain-name information that described client is inquired about by inquiring about to other name servers, and operation below in the domain-name information of institute's buffer memory, carrying out: the domain name that caching query obtains, the life span of domain name is set to TTL, determine and write down the source name server of domain name, whether inquiry exists described source name server in the source domain name server information of institute's buffer memory, if exist, number of times is quoted in the source of described source name server added 1, and the confidence level of domain name is set to equal the confidence level of described source name server; If there is no, then in domain name server confidence level white list, inquire about the confidence level of described source name server, and in the source domain name server information of institute's buffer memory newly-increased described source name server, the number of times of quoting of described newly-increased source name server is set to 1, and the confidence level and the domain name Reliability of Information of described newly-increased source name server are set to equal to inquire about the confidence level that obtains.
Said method may further include:
Local domain name server carries out timing to the life span of each bar domain-name information;
When the life span timing of domain-name information is overtime, the overtime domain-name information of the described life span timing of deletion from the domain-name information of institute's buffer memory, and in the source domain name server information of institute's buffer memory, the number of times of quoting of the source name server of the domain-name information correspondence that described life span timing is overtime subtracts 1, and will quote number of times and be reduced to 0 source name server and delete from the source domain name server information of institute's buffer memory.
In the said method, determine domain-name information the source name server mode can for:
If inquiry of the domain name request and response that local domain name server is responsible for transmitting related name server, then local domain name server is defined as described higher level's name server the source name server of domain name information when buffer memory comes from the domain-name information of higher level's name server;
If local domain name server is by obtaining the acquiescence name server of domain name information to related domain name server lookup name server record, and and then when obtaining domain name information by the described acquiescence name server of inquiry, then described acquiescence name server is defined as the source name server of domain name information;
If local domain name server is the authoritative domain name server or the acquiescence name server of domain name information, then described local domain name server is defined as the source name server of domain name information.
Said method can further set in advance maximum dont answer times N;
When each related name server sent inquiry of the domain name, this method further comprised in the local domain name server timing: if at RT
MaxIn do not receive related name server response, then write down described related name server and once do not response, when the number of times that does not response when described related name server equals N time, judge that described related name server lost efficacy.
A kind of name server that improves credible Internet domain name service robustness provided by the invention comprises: related name server sensing module, home domain name cache module, related domain name server buffer module and confidence level white list cache module;
Described home domain name cache module is used for the buffer memory domain-name information, and each bar domain-name information comprises parameter: the source name server of the life span of domain name, domain name, domain name and the confidence level of domain name;
Described related domain name server buffer module is used for buffer memory source domain name server information, and each bar source domain name server information comprises parameter: the network address of source name server, quote number of times and confidence level;
Described confidence level white list cache module is used for caching nameserver confidence level white list, and domain name server confidence level white list is used to preserve the confidence level configuration of name server;
Described related name server sensing module is used for regularly sending the inquiry of the domain name request to each related name server, as the maximum response time threshold value RT that is setting in advance
MaxIn when having received the response of related name server, judge that described related name server is working properly, domain-name information in the described response is sent to the home domain name cache module, determine the source name server of domain name information, with described source name server notice home domain name cache module and related domain name server buffer module; When at RT
MaxIn when not receiving the response of related name server, judge that described related name server lost efficacy; Result notification home domain name cache module and related domain name server buffer module with described judgement;
Described home domain name cache module is used for carrying out corresponding operation according to the result of described judgement, in the result of described judgement is that related name server is when working properly, operation below in the domain-name information of institute's buffer memory, carrying out: the corresponding domain name of the described response of buffer memory, the life span TTL of the domain name that the life span of domain name is set to set in advance, the source name server of record domain name, to the confidence level that described related domain name server buffer module is inquired about described source name server, the confidence level of domain name is set to equal the confidence level of described source name server; In the result of described judgement is that related name server was when losing efficacy, operation below in the domain-name information of institute's buffer memory, carrying out: will forever preserve as all domain-name informations of source name server with the related name server of this inefficacy, and to the life span time out of described all domain-name informations, related name server until this inefficacy is working properly, continues the life span of described all domain-name informations is carried out timing;
Described related domain name server buffer module is used for being related name server when working properly in the result of described judgement, according to the notice of related name server sensing module number of times is quoted in the source of described source name server and is added 1;
When the inquiry of the domain name request of receiving client, described home domain name cache module also is used for according to the domain-name information of institute's buffer memory the domain name query requests being responded, comprise in described response by the confidence level of nslookup, whether client uses domain name information according to the confidence level decision of domain name;
When local domain name server can't be according to the inquiry of the domain name request of the domain-name information customer in response end of local institute buffer memory, described related name server sensing module also is used for obtaining the domain-name information that described client is inquired about by inquiring about to other name servers, the domain-name information that inquiry is obtained sends to the home domain name cache module, and the source name server of definite domain name information, with described source name server notice home domain name cache module and related domain name server buffer module;
Described related domain name server buffer module, be used for whether having described source name server in the inquiry of the source of institute's buffer memory domain name server information according to the source name server of related name server sensing module notice, when existing, number of times is quoted in the source of described source name server added 1, when not existing, inquire about to described confidence level white list cache module, obtain the confidence level of described source name server, and in the source domain name server information of institute's buffer memory newly-increased described source name server, the number of times of quoting of described newly-increased source name server is set to 1, and the confidence level of described newly-increased source name server is set to equal to inquire about the confidence level that obtains;
Described home domain name cache module also is used for the domain-name information that inquiry obtains according to related name server sensing module and carries out following operation at the domain-name information of institute's buffer memory: the domain name that caching query obtains, the life span of domain name are set to TTL, the source name server that writes down domain name, the confidence level of domain name and are set to equal the confidence level of described source name server.
Described home domain name cache module can be further used for the life span of each bar domain-name information is carried out timing, when the life span timing of domain-name information is overtime, be used for the overtime domain-name information of the domain-name information described life span timing of deletion, and notify described related domain name server buffer module the source name server of domain name from institute's buffer memory;
Described related domain name server buffer module is further used for the notice according to described home domain name cache module, the number of times of quoting of the source name server of the domain-name information correspondence that described life span timing is overtime subtracts 1 in the source domain name server information of institute's buffer memory, and will quote number of times and be reduced to 0 source name server and delete from the source domain name server information of institute's buffer memory.
Described related name server sensing module can be used to carry out following operation when the name server of the source of definite domain-name information:
If inquiry of the domain name request and response that the domain name server is responsible for transmitting related name server then when buffer memory comes from the domain-name information of higher level's name server, are defined as described higher level's name server the source name server of domain name information;
If the domain name server is by obtaining the acquiescence name server of domain name information to related domain name server lookup name server record, and and then when obtaining domain name information by the described acquiescence name server of inquiry, then described acquiescence name server is defined as the source name server of domain name information;
If the domain name server is the authoritative domain name server or the acquiescence name server of domain name information, then the domain name server is defined as the source name server of domain name information.
Described related name server sensing module is regularly sending inquiry of the domain name request and at RT to each related name server
MaxIn when not receiving the response of related name server, be further used for writing down the number of times that related name server does not response, when the number of times that does not response reaches the maximum dont answer times N that sets in advance, judge that described related name server lost efficacy.
As seen from the above technical solution, the method and the name server of raising credible Internet domain name service robustness provided by the invention, part server that can be in domain name system is barrier, mistake or attacked and paralysis period for some reason, buffer memory domain-name information farthest, and the domain-name information that uses institute's buffer memory is replied the inquiry of the domain name of paralysis period client, thereby farthest preserved the ability that name server continues to provide service, improved the robustness and the availability of credible Internet domain name service.
And, the improvement technical scheme that the present invention provides for the confidence level that improves the credible Internet domain name service, by name server confidence level white list is set, and name server carried out confidence level white list coupling, can estimate and record for the confidence level of domain-name information in the domain name system and name server, domain-name information is carried out confidence level distinguish, thereby improve the confidence level of domain name service.
In addition, the present invention does not need new hardware input, and can be operated in well on the existing DNS framework, need not domain name system is redesigned, and has higher easy implementation.
Description of drawings
Fig. 1 is the schematic flow sheet of local domain name server customer in response end inquiry in a preferred embodiment of the present invention;
Fig. 2 improves the system architecture schematic diagram of credible Internet domain name service robustness for the present invention;
Fig. 3 is the workflow schematic diagram of associated server sensing module in a preferred embodiment of the present invention.
Embodiment
For making purpose of the present invention, technical scheme and advantage clearer, below with reference to the accompanying drawing embodiment that develops simultaneously, the present invention is described in further detail.
In the existing IP network, the thought that its domain name system mechanism mainly is based on distributed storage, replys, the relevance between the name server is not strong, when domain name system breaks down or be under attack, name server can't be learned the ruuning situation of other servers, robustness a little less than.If on existing domain name system framework basis, increase the technological means that some improve robustness, just can when domain name system is under attack, farthest save as the ability that the client provides service, and ensure the robustness and the availability of domain name service.
Main thought of the present invention is: the operation conditions of being known related name server by local domain name server in real time, and domain-name information is taked corresponding local cache behavior according to the operation conditions of related name server, particularly: when related name server is working properly, according to the corresponding domain-name information of timeout mechanism buffer memory, when related name server lost efficacy, forever preserve corresponding domain-name information.Adopt the technical scheme provided by the present invention can be in related name server barrier, mistake or attacked and paralysis period for some reason, make local domain name server buffer memory domain-name information farthest, and the domain-name information that uses institute's buffer memory is replied the inquiry of the domain name of paralysis period client, thereby keep name server as much as possible in the availability of paralysis period, improve the robustness of credible Internet domain name service.
On the basis of above-mentioned main thought, the present invention further introduces confidence level and estimates mechanism, according to the name server confidence level white list that is disposed the confidence level of name server is estimated, and with the confidence level of name server as with the confidence level of this name server as the domain-name information in source, when the inquiry of the domain name of customer in response end, the confidence level of this domain name is sent to client in the lump, thereby make client can know the confidence level of domain-name information, and according to the confidence level of domain-name information whether decision uses this domain-name information, further improved the confidence level of credible Internet domain name service.
Among the present invention, related name server is meant: the set in the source of all domain-name informations in the local domain name server.According to the difference of confidence level, related name server can be divided into believable related name server and incredible related name server again.Local domain name server is meant the name server of implementing technical solution of the present invention.
Based on above-mentioned main thought, the present invention proposes a kind of method that improves credible Internet domain name service robustness, this method sets in advance maximum response time threshold value RT
MaxWith the life span TTL of domain name, and in local domain name server the buffer memory domain-name information and the source domain name server information, wherein:
Each bar domain-name information can comprise parameter: the source name server of the life span of domain name, domain name, domain name and the confidence level of domain name; Except above-mentioned parameter, can also comprise other relevant parameters, as A, NS, CNAME record etc., these other parameter is not an emphasis of the present invention, does not repeat them here.
Each bar source domain name server information can comprise parameter: the network address of source name server, quote number of times and confidence level.
Method provided by the invention is further comprising the steps of:
Local domain name server regularly sends the inquiry of the domain name request to each related name server, if at RT
MaxIn received related name server response, judge that then this association name server is working properly; If at RT
MaxIn do not receive related name server response, judge that then this association name server lost efficacy;
If judge that related name server is working properly, then in the domain-name information of institute's buffer memory, carry out following operation: the domain name that buffer memory is should response corresponding, the life span of this domain name be set to TTL, definite and write down the source name server of this domain name, the confidence level of this domain name is set to equal the confidence level of this source name server, and operate below the execution in the source domain name server information of institute's buffer memory: the source of the name server of will originating is quoted number of times and is added 1;
If judging related name server lost efficacy, then will forever preserve as all domain-name informations of source name server with the related name server of this inefficacy, and to the life span time out of described all domain-name informations, related name server until this inefficacy is working properly, continues the life span of described all domain-name informations is carried out timing.
Because after the related name server of a domain-name information lost efficacy, this domain-name information just can not obtain from this association name server once more, therefore, the present invention has taked the mode of permanent preservation for the domain-name information of the related name server of inefficacy to the source, thereby technical scheme provided by the present invention can be hindered for some reason at related name server, mistake or attacked and paralysis period, make local domain name server buffer memory domain-name information farthest, and the domain-name information that uses institute's buffer memory is replied the inquiry of the domain name of paralysis period client, thereby keep name server as much as possible in the availability of paralysis period, improve the robustness of credible Internet domain name service.
When receiving the inquiry of the domain name request of client, local domain name server responds this inquiry of the domain name request according to the domain-name information of institute's buffer memory, can comprise in response by the confidence level of nslookup, whether client can use this domain-name information according to the confidence level decision of domain name.
Based on the above method, can further introduce confidence level and estimate mechanism, thereby obtain a preferred embodiment of the present invention.Particularly: further caching nameserver confidence level white list in local domain name server, name server confidence level white list are used to preserve the confidence level configuration of name server;
If local domain name server can't be according to the inquiry of the domain name request of the domain-name information customer in response end of local institute buffer memory, then this method may further include:
Local domain name server obtains the domain-name information that client is inquired about by inquiring about to other name servers, and operation below carrying out in the domain-name information of institute's buffer memory: the domain name that caching query obtains, the life span of this domain name are set to TTL, determine and write down the source name server of this domain name, whether inquiry exists this source name server in the source domain name server information of institute's buffer memory, if exist, number of times is quoted in the source of this source name server added 1, and the confidence level of this domain name is set to equal the confidence level of this source name server; If there is no, then in domain name server confidence level white list, inquire about the confidence level of described source name server, and in the source domain name server information of institute's buffer memory newly-increased this source name server, the number of times of quoting of the source name server that this is newly-increased is set to 1, and the confidence level of the source name server that this is newly-increased and the confidence level of this domain-name information are set to equal to inquire about the confidence level that obtains.Here, when not having the confidence level of this source name server in the name server confidence level white list, the confidence level of this source name server can be used as default.
Here, the domain-name information of local institute buffer memory is all local known domain-name informations of local domain name server, comprise two aspects: being the domain-name information according to the inventive method buffer memory on the one hand, is the local Authorized Domain that disposes on local domain name server on the other hand.Local Authorized Domain is meant some domain-name informations of configuration before the local domain name server operation, promptly is used for being illustrated in the domain name system, and certain station server is the acquiescence name server of this domain name.The information of this all domain names finally all is that the default server from this domain name obtains.In domain name system, each domain name all has an acquiescence name server, when other servers can't response, they will inquire about the default server of being responsible for this domain name by the server record (being the NS record) of domain name, and by send the direct acquired information of inquiry to default server.
Fig. 1 is the schematic flow sheet of local domain name server customer in response end inquiry in the above-mentioned preferred embodiment of the present invention.Referring to Fig. 1, this flow process comprises:
In step 101, local domain name server is received the inquiry of the domain name request from client.
In step 102, whether the local domain name server inspection is cached with the domain-name information that client is inquired about, if having, continues execution in step 103, uses the inquiry of the domain-name information customer in response end of institute's buffer memory, and process ends; If no, continue execution in step 104.
In step 104, local domain name server carries out inquiry of the domain name to other name servers.
In step 105, the domain-name information that local domain name server obtains inquiry writes in the domain-name information of local institute buffer memory.
In step 106, whether local domain name server inspection this locality is cached with the source domain name server information of this domain-name information, if having, execution in step 107 adds 1 with the number of times of quoting of this source name server, record confidence level, and process ends; If no, execution in step 108.
In step 108, in the source domain name server information of institute's buffer memory, set up new clauses and subclauses, with this source name server relevant information records therein.
So far, finish flow process shown in Figure 1.
Among the present invention, local domain name server can carry out timing to the life span of each bar domain-name information; When the life span timing of domain-name information is overtime, the overtime domain-name information of this life span timing of deletion from the domain-name information of institute's buffer memory, and in the source domain name server information of institute's buffer memory, the number of times of quoting of the source name server of the domain-name information correspondence that this life span timing is overtime subtracts 1, and will quote number of times and be reduced to 0 source name server and delete from the source domain name server information of institute's buffer memory.
Among the present invention, determine domain-name information the source name server mode can for:
If local domain name server only is responsible for transmitting the inquiry of the domain name request and the response of related name server, then local domain name server is defined as this higher level's name server the source name server of this domain-name information when buffer memory comes from the domain-name information of higher level's name server;
If local domain name server is by obtaining the acquiescence name server of this domain-name information to related domain name server lookup name server record (NS), and and then when inquiring about this acquiescence name server and obtain this domain-name information, then will give tacit consent to the source name server that name server is defined as this domain-name information;
If local domain name server is the authoritative domain name server or the acquiescence name server of this domain-name information, then this local domain name server is defined as the source name server of this domain-name information.
On the basis of technique scheme provided by the invention, can further set in advance maximum dont answer times N; When each related name server sent inquiry of the domain name, this method may further include in the local domain name server timing: if at RT
MaxIn do not receive related name server response, then write down this association name server and once do not response, when the number of times that does not response when this association name server equals N time, judge that this association name server lost efficacy.As seen, if related name server lost efficacy, local domain name server will be at N at the most doubly to maximum response time RT
MaxTime in find, and take appropriate measures.
More than the method for raising credible Internet domain name service robustness provided by the invention is had been described in detail, below to the name server of raising credible Internet domain name service robustness provided by the invention, and use the system of this name server to be elaborated.
Fig. 2 improves the system architecture schematic diagram of credible Internet domain name service robustness for the present invention.The entity that relates among Fig. 2 comprises: several related name servers, the Internet, local domain name server and several clients, wherein: local domain name server links to each other by the related name server with several in the Internet, and local domain name server is responsible for the inquiry of the domain name request of several clients of being attached thereto is responded.
Local domain name server in the system shown in Figure 2 framework is the enforcement entity of technical solution of the present invention.At least comprise in this local domain name server: related name server sensing module, home domain name cache module and related domain name server buffer module; Can further include confidence level white list cache module in this local domain name server.Below each module in the local domain name server is elaborated.
In a preferred embodiment of the present invention, the performed operation of each module is as follows:
The home domain name cache module is used for the buffer memory domain-name information, and each bar domain-name information comprises parameter: the source name server of the life span of domain name, domain name, domain name and the confidence level of domain name;
Related domain name server buffer module is used for buffer memory source domain name server information, and each bar source domain name server information comprises parameter: the network address of source name server, quote number of times and confidence level;
Related name server sensing module is used for regularly sending the inquiry of the domain name request to each related name server, as the maximum response time threshold value RT that is setting in advance
MaxIn when having received the response of related name server, judge that this association name server is working properly, domain-name information in this response is sent to the home domain name cache module, determine the source name server of this domain-name information, the name server of should originating notice home domain name cache module and related domain name server buffer module; When at RT
MaxIn when not receiving the response of related name server, judge that this association name server lost efficacy; With the result notification home domain name cache module of judging and related domain name server buffer module;
The home domain name cache module is used for carrying out corresponding operation according to the result who judges, in the result who judges is that related name server is when working properly, in the domain-name information of institute's buffer memory, carry out following operation: the life span TTL of the domain name that the domain name of this response correspondence of buffer memory, the life span of this domain name are set to set in advance, write down the source name server of this domain name, to the confidence level that related domain name server buffer module is inquired about this source name server, the confidence level of this domain name is set to equal the confidence level of this source name server; When the result who judges be related name server inefficacy, operation below in the domain-name information of institute's buffer memory, carrying out: will forever preserve as all domain-name informations of source name server with the related name server of this inefficacy, and to the life span time out of these all domain-name informations, related name server until this inefficacy is working properly, continues the life span of these all domain-name informations is carried out timing;
Related domain name server buffer module is used for being related name server when working properly in the result who judges, quotes number of times and adds 1 according to will the originate source of name server of the notice of related name server sensing module.
When receiving the inquiry of the domain name request of client, the home domain name cache module is further used for according to the domain-name information of institute's buffer memory this inquiry of the domain name request being responded, comprise in response by the confidence level of nslookup, whether client uses this domain-name information according to the confidence level decision of this domain name.
When further comprising confidence level white list cache module in the name server, this confidence level white list cache module can be used for caching nameserver confidence level white list, and this name server confidence level white list is used to preserve the confidence level configuration of name server.When local domain name server can't be according to the inquiry of the domain name request of the domain-name information customer in response end of local institute buffer memory, the function of other modules need be improved accordingly, particularly:
Related name server sensing module is further used for obtaining the domain-name information that client is inquired about by inquiring about to other name servers, the domain-name information that inquiry is obtained sends to the home domain name cache module, and the source name server of definite this domain-name information, the name server of should originating notice home domain name cache module and related domain name server buffer module;
Related domain name server buffer module, be further used in the source domain name server information of institute's buffer memory, inquiring about whether there is described source name server according to the source name server of related name server sensing module notice, when existing, number of times is quoted in the source of this source name server added 1, when not existing, inquire about to confidence level white list cache module, obtain the confidence level of this source name server, and in the source domain name server information of institute's buffer memory newly-increased described source name server, the number of times of quoting of described newly-increased source name server is set to 1, and the confidence level of described newly-increased source name server is set to equal to inquire about the confidence level that obtains; Here, when not having the confidence level of this source name server in the name server confidence level white list, the confidence level of this source name server can be used as default;
The home domain name cache module is further used for inquiry obtains according to related name server sensing module domain-name information and operates below carrying out in the domain-name information of institute's buffer memory: the confidence level that the domain name that caching query obtains, the life span of domain name be set to TTL, write down the source name server of this domain name, this domain name is set to equal the confidence level of this source name server.
On the basis of above-mentioned preferred embodiment, the home domain name cache module can be further used for the life span of each bar domain-name information is carried out timing, and when the life span timing of domain-name information is overtime, be used for the overtime domain-name information of domain-name information deletion life span timing, and notify related domain name server buffer module the source name server of this domain name from institute's buffer memory;
At this moment, related domain name server buffer module is further used for the notice according to the home domain name cache module, the number of times of quoting of the source name server of the domain-name information correspondence that the life span timing is overtime subtracts 1 in the source domain name server information of institute's buffer memory, and will quote number of times and be reduced to 0 source name server and delete from the source domain name server information of institute's buffer memory.
In the name server provided by the present invention, related name server sensing module is used to carry out following operation when the name server of the source of definite domain-name information:
If inquiry of the domain name request and response that this name server is responsible for transmitting related name server then when buffer memory comes from the domain-name information of higher level's name server, are defined as this higher level's name server the source name server of this domain-name information;
If this name server is by obtaining the acquiescence name server of domain name information to related domain name server lookup name server record, and and then when obtaining domain name information by this acquiescence name server of inquiry, then will give tacit consent to the source name server that name server is defined as this domain-name information;
If this name server is the authoritative domain name server or the acquiescence name server of this domain-name information, then this name server is defined as the source name server of this domain-name information.
Preferably, related name server sensing module is regularly sending inquiry of the domain name request and at RT to each related name server
MaxIn when not receiving the response of related name server, can further write down the number of times that related name server does not response, and when the number of times that does not response reaches the maximum dont answer times N that sets in advance, judge that this association name server lost efficacy.As seen, if related name server lost efficacy, local domain name server will be at N at the most doubly to maximum response time RT
MaxTime in find, and take appropriate measures.Preferably, can be set to 3 by N, below by the workflow of associated server sensing module among a preferred embodiment explanation the present invention.
Fig. 3 is the workflow schematic diagram of associated server sensing module in a preferred embodiment of the present invention.Referring to Fig. 3:
In step 301, the associated server sensing module sends the inquiry of the domain name request to all the credible associated server in the related domain name server buffer module at set intervals.
In step 302, the associated server sensing module judges whether continuous response of not receiving associated server three times in maximum response time, if, continue execution in step 303, otherwise, execution in step 304 continued.
In step 303, scanning of home domain-name information cache module, stopping to originate is the life span timing of all domain-name informations of this association name server, and these domain-name informations are forever preserved.
In step 304, scanning of home domain-name information cache module confirms that the source is not forever preserved for all domain-name informations of this association name server, and continues to reduce the life span of source for the domain-name information of this credible related name server.
As seen from the above-described embodiment, the method and the name server of raising credible Internet domain name service robustness provided by the invention, part server that can be in domain name system is barrier, mistake or attacked and paralysis period for some reason, buffer memory domain-name information farthest, and the domain-name information that uses institute's buffer memory is replied the inquiry of the domain name of paralysis period client, thereby farthest preserved the ability that name server continues to provide service, improved the robustness and the availability of credible Internet domain name service.
And, the improvement technical scheme that the present invention provides for the confidence level that improves the credible Internet domain name service, by name server confidence level white list is set, and name server carried out confidence level white list coupling, can estimate and record for the confidence level of domain-name information in the domain name system and name server, domain-name information is carried out confidence level distinguish, thereby improve the confidence level of domain name service.
In addition, the present invention does not need new hardware input, and can be operated in well on the existing DNS framework, need not domain name system is redesigned, and has higher easy implementation.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (8)
1. method that improves credible Internet domain name service robustness is characterized in that:
Set in advance maximum response time threshold value RT
MaxLife span TTL with domain name;
Buffer memory domain-name information, source domain name server information and name server confidence level white list in local domain name server, wherein:
Each bar domain-name information comprises parameter: the source name server of the life span of domain name, domain name, domain name and the confidence level of domain name;
Each bar source domain name server information comprises parameter: the network address of source name server, quote number of times and confidence level;
Name server confidence level white list is used to preserve the confidence level configuration of name server;
This method also comprises:
Local domain name server regularly sends the inquiry of the domain name request to each related name server, if at RT
MaxIn received related name server response, judge that then described related name server is working properly; If at RT
MaxIn do not receive related name server response, judge that then described related name server lost efficacy;
If judge that related name server is working properly, then carry out following operation in the domain-name information of institute's buffer memory: the life span of the corresponding domain name of the described response of buffer memory, domain name is set to TTL, determine and the source name server of record domain name, the confidence level of domain name are set to equal the confidence level of described source name server, and operate below carrying out in the source domain name server information of institute's buffer memory: number of times is quoted in the source of described source name server added 1;
If judging related name server lost efficacy, then will forever preserve as all domain-name informations of source name server with the related name server of this inefficacy, and to the life span time out of described all domain-name informations, related name server until this inefficacy is working properly, continues the life span of described all domain-name informations is carried out timing;
When receiving the inquiry of the domain name request of client, local domain name server responds the domain name query requests according to the domain-name information of institute's buffer memory, comprise in described response by the confidence level of nslookup, whether client uses domain name information according to the confidence level decision of domain name;
If local domain name server can't be according to the inquiry of the domain name request of the domain-name information customer in response end of local institute buffer memory, then obtain the domain-name information that described client is inquired about by inquiring about to other name servers, and operation below in the domain-name information of institute's buffer memory, carrying out: the domain name that caching query obtains, the life span of domain name is set to TTL, determine and write down the source name server of domain name, whether inquiry exists described source name server in the source domain name server information of institute's buffer memory, if exist, number of times is quoted in the source of described source name server added 1, and the confidence level of domain name is set to equal the confidence level of described source name server; If there is no, then in domain name server confidence level white list, inquire about the confidence level of described source name server, and in the source domain name server information of institute's buffer memory newly-increased described source name server, the number of times of quoting of described newly-increased source name server is set to 1, and the confidence level and the domain name Reliability of Information of described newly-increased source name server are set to equal to inquire about the confidence level that obtains.
2. method according to claim 1 is characterized in that, this method further comprises:
Local domain name server carries out timing to the life span of each bar domain-name information;
When the life span timing of domain-name information is overtime, the overtime domain-name information of the described life span timing of deletion from the domain-name information of institute's buffer memory, and in the source domain name server information of institute's buffer memory, the number of times of quoting of the source name server of the domain-name information correspondence that described life span timing is overtime subtracts 1, and will quote number of times and be reduced to 0 source name server and delete from the source domain name server information of institute's buffer memory.
3. method according to claim 2 is characterized in that, determines that the mode of the source name server of domain-name information is:
If inquiry of the domain name request and response that local domain name server is responsible for transmitting related name server, then local domain name server is defined as described higher level's name server the source name server of domain name information when buffer memory comes from the domain-name information of higher level's name server;
If local domain name server is by obtaining the acquiescence name server of domain name information to related domain name server lookup name server record, and and then when obtaining domain name information by the described acquiescence name server of inquiry, then described acquiescence name server is defined as the source name server of domain name information;
If local domain name server is the authoritative domain name server or the acquiescence name server of domain name information, then described local domain name server is defined as the source name server of domain name information.
4. according to each described method of claim 1 to 3, it is characterized in that:
Further set in advance maximum dont answer times N;
When each related name server sent inquiry of the domain name, this method further comprised in the local domain name server timing: if at RT
MaxIn do not receive related name server response, then write down described related name server and once do not response, when the number of times that does not response when described related name server equals N time, judge that described related name server lost efficacy.
5. a name server that improves credible Internet domain name service robustness is characterized in that, comprising: related name server sensing module, home domain name cache module, related domain name server buffer module and confidence level white list cache module;
Described home domain name cache module is used for the buffer memory domain-name information, and each bar domain-name information comprises parameter: the source name server of the life span of domain name, domain name, domain name and the confidence level of domain name;
Described related domain name server buffer module is used for buffer memory source domain name server information, and each bar source domain name server information comprises parameter: the network address of source name server, quote number of times and confidence level;
Described confidence level white list cache module is used for caching nameserver confidence level white list, and domain name server confidence level white list is used to preserve the confidence level configuration of name server;
Described related name server sensing module is used for regularly sending the inquiry of the domain name request to each related name server, as the maximum response time threshold value RT that is setting in advance
MaxIn when having received the response of related name server, judge that described related name server is working properly, domain-name information in the described response is sent to the home domain name cache module, determine the source name server of domain name information, with described source name server notice home domain name cache module and related domain name server buffer module; When at RT
MaxIn when not receiving the response of related name server, judge that described related name server lost efficacy; Result notification home domain name cache module and related domain name server buffer module with described judgement;
Described home domain name cache module is used for carrying out corresponding operation according to the result of described judgement, in the result of described judgement is that related name server is when working properly, operation below in the domain-name information of institute's buffer memory, carrying out: the corresponding domain name of the described response of buffer memory, the life span TTL of the domain name that the life span of domain name is set to set in advance, the source name server of record domain name, to the confidence level that described related domain name server buffer module is inquired about described source name server, the confidence level of domain name is set to equal the confidence level of described source name server; In the result of described judgement is that related name server was when losing efficacy, operation below in the domain-name information of institute's buffer memory, carrying out: will forever preserve as all domain-name informations of source name server with the related name server of this inefficacy, and to the life span time out of described all domain-name informations, related name server until this inefficacy is working properly, continues the life span of described all domain-name informations is carried out timing;
Described related domain name server buffer module is used for being related name server when working properly in the result of described judgement, according to the notice of related name server sensing module number of times is quoted in the source of described source name server and is added 1;
When the inquiry of the domain name request of receiving client, described home domain name cache module also is used for according to the domain-name information of institute's buffer memory the domain name query requests being responded, comprise in described response by the confidence level of nslookup, whether client uses domain name information according to the confidence level decision of domain name;
When local domain name server can't be according to the inquiry of the domain name request of the domain-name information customer in response end of local institute buffer memory, described related name server sensing module also is used for obtaining the domain-name information that described client is inquired about by inquiring about to other name servers, the domain-name information that inquiry is obtained sends to the home domain name cache module, and the source name server of definite domain name information, with described source name server notice home domain name cache module and related domain name server buffer module;
Described related domain name server buffer module, be used for whether having described source name server in the inquiry of the source of institute's buffer memory domain name server information according to the source name server of related name server sensing module notice, when existing, number of times is quoted in the source of described source name server added 1, when not existing, inquire about to described confidence level white list cache module, obtain the confidence level of described source name server, and in the source domain name server information of institute's buffer memory newly-increased described source name server, the number of times of quoting of described newly-increased source name server is set to 1, and the confidence level of described newly-increased source name server is set to equal to inquire about the confidence level that obtains;
Described home domain name cache module also is used for the domain-name information that inquiry obtains according to related name server sensing module and carries out following operation at the domain-name information of institute's buffer memory: the domain name that caching query obtains, the life span of domain name are set to TTL, the source name server that writes down domain name, the confidence level of domain name and are set to equal the confidence level of described source name server.
6. name server according to claim 5 is characterized in that:
Described home domain name cache module is further used for the life span of each bar domain-name information is carried out timing, when the life span timing of domain-name information is overtime, be used for the overtime domain-name information of the domain-name information described life span timing of deletion, and notify described related domain name server buffer module the source name server of domain name from institute's buffer memory;
Described related domain name server buffer module is further used for the notice according to described home domain name cache module, the number of times of quoting of the source name server of the domain-name information correspondence that described life span timing is overtime subtracts 1 in the source domain name server information of institute's buffer memory, and will quote number of times and be reduced to 0 source name server and delete from the source domain name server information of institute's buffer memory.
7. name server according to claim 6 is characterized in that, described related name server sensing module is used to carry out following operation when the name server of the source of definite domain-name information:
If inquiry of the domain name request and response that the domain name server is responsible for transmitting related name server then when buffer memory comes from the domain-name information of higher level's name server, are defined as described higher level's name server the source name server of domain name information;
If the domain name server is by obtaining the acquiescence name server of domain name information to related domain name server lookup name server record, and and then when obtaining domain name information by the described acquiescence name server of inquiry, then described acquiescence name server is defined as the source name server of domain name information;
If the domain name server is the authoritative domain name server or the acquiescence name server of domain name information, then the domain name server is defined as the source name server of domain name information.
8. according to each described name server of claim 5 to 7, it is characterized in that:
Described related name server sensing module is regularly sending inquiry of the domain name request and at RT to each related name server
MaxIn when not receiving the response of related name server, be further used for writing down the number of times that related name server does not response, when the number of times that does not response reaches the maximum dont answer times N that sets in advance, judge that described related name server lost efficacy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102377574A CN101895591B (en) | 2010-07-23 | 2010-07-23 | Method and domain name server for increasing robustness of credible Internet domain name service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102377574A CN101895591B (en) | 2010-07-23 | 2010-07-23 | Method and domain name server for increasing robustness of credible Internet domain name service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101895591A true CN101895591A (en) | 2010-11-24 |
| CN101895591B CN101895591B (en) | 2012-10-31 |
Family
ID=43104656
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102377574A Expired - Fee Related CN101895591B (en) | 2010-07-23 | 2010-07-23 | Method and domain name server for increasing robustness of credible Internet domain name service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101895591B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102137174A (en) * | 2010-12-29 | 2011-07-27 | 华为技术有限公司 | Method for caching of domain name system, authorized domain name server and cache domain name server |
| CN104935683A (en) * | 2015-06-29 | 2015-09-23 | 北京经天科技有限公司 | Buffer processing method and device for domain name resolution |
| CN106027516A (en) * | 2016-05-17 | 2016-10-12 | 中国互联网络信息中心 | Domain name service security event evaluation method and system |
| CN106610975A (en) * | 2015-10-21 | 2017-05-03 | 北京国双科技有限公司 | Method and device for updating configuration list of cache server |
| WO2017101716A1 (en) * | 2015-12-17 | 2017-06-22 | 阿里巴巴集团控股有限公司 | Domain name query method and apparatus |
| CN109347996A (en) * | 2018-12-10 | 2019-02-15 | 中共中央办公厅电子科技学院 | A kind of DNS domain name acquisition system and method |
| CN109905388A (en) * | 2019-02-20 | 2019-06-18 | 中国互联网络信息中心 | A kind of processing method and system of the domain name credit based on block chain |
| CN111092966A (en) * | 2019-12-30 | 2020-05-01 | 中国联合网络通信集团有限公司 | Domain name system, domain name access method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6016512A (en) * | 1997-11-20 | 2000-01-18 | Telcordia Technologies, Inc. | Enhanced domain name service using a most frequently used domain names table and a validity code table |
| US20070033645A1 (en) * | 2005-07-22 | 2007-02-08 | Alcatel | DNS based enforcement for confinement and detection of network malicious activities |
| WO2008049093A2 (en) * | 2006-10-19 | 2008-04-24 | Paxfire, Inc. | Methods and systems for node ranking based on dns session data |
| CN101567888A (en) * | 2008-12-29 | 2009-10-28 | 郭世泽 | Safety protection method of network feedback host computer |
| CN101572701A (en) * | 2009-02-10 | 2009-11-04 | 中科正阳信息安全技术有限公司 | Security gateway system for resisting DDoS attack for DNS service |
-
2010
- 2010-07-23 CN CN2010102377574A patent/CN101895591B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6016512A (en) * | 1997-11-20 | 2000-01-18 | Telcordia Technologies, Inc. | Enhanced domain name service using a most frequently used domain names table and a validity code table |
| US20070033645A1 (en) * | 2005-07-22 | 2007-02-08 | Alcatel | DNS based enforcement for confinement and detection of network malicious activities |
| WO2008049093A2 (en) * | 2006-10-19 | 2008-04-24 | Paxfire, Inc. | Methods and systems for node ranking based on dns session data |
| CN101567888A (en) * | 2008-12-29 | 2009-10-28 | 郭世泽 | Safety protection method of network feedback host computer |
| CN101572701A (en) * | 2009-02-10 | 2009-11-04 | 中科正阳信息安全技术有限公司 | Security gateway system for resisting DDoS attack for DNS service |
Non-Patent Citations (1)
| Title |
|---|
| 《Second International Conference on Networks Security, Wireless Communications and Trusted Computing》 20100425 Li weimin et al. Alleviating the impact of DNS DDoS attacks 240-243 1-8 , * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012089013A1 (en) * | 2010-12-29 | 2012-07-05 | 华为技术有限公司 | Domain name system caching method, authorized domain name server and caching domain name server |
| CN102137174B (en) * | 2010-12-29 | 2013-10-09 | 华为技术有限公司 | Method for caching of domain name system, authorized domain name server and cache domain name server |
| CN102137174A (en) * | 2010-12-29 | 2011-07-27 | 华为技术有限公司 | Method for caching of domain name system, authorized domain name server and cache domain name server |
| CN104935683A (en) * | 2015-06-29 | 2015-09-23 | 北京经天科技有限公司 | Buffer processing method and device for domain name resolution |
| CN106610975A (en) * | 2015-10-21 | 2017-05-03 | 北京国双科技有限公司 | Method and device for updating configuration list of cache server |
| WO2017101716A1 (en) * | 2015-12-17 | 2017-06-22 | 阿里巴巴集团控股有限公司 | Domain name query method and apparatus |
| CN106899701A (en) * | 2015-12-17 | 2017-06-27 | 阿里巴巴集团控股有限公司 | A kind of domain name inquiry method and device |
| CN106027516A (en) * | 2016-05-17 | 2016-10-12 | 中国互联网络信息中心 | Domain name service security event evaluation method and system |
| CN106027516B (en) * | 2016-05-17 | 2019-06-14 | 中国互联网络信息中心 | A kind of domain name service security incident evaluation method and system |
| CN109347996A (en) * | 2018-12-10 | 2019-02-15 | 中共中央办公厅电子科技学院 | A kind of DNS domain name acquisition system and method |
| CN109905388A (en) * | 2019-02-20 | 2019-06-18 | 中国互联网络信息中心 | A kind of processing method and system of the domain name credit based on block chain |
| CN109905388B (en) * | 2019-02-20 | 2021-12-07 | 中国互联网络信息中心 | Domain name credit processing method and system based on block chain |
| CN111092966A (en) * | 2019-12-30 | 2020-05-01 | 中国联合网络通信集团有限公司 | Domain name system, domain name access method and device |
| CN111092966B (en) * | 2019-12-30 | 2022-04-26 | 中国联合网络通信集团有限公司 | Domain name system, domain name access method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101895591B (en) | 2012-10-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101895591B (en) | Method and domain name server for increasing robustness of credible Internet domain name service | |
| US8849921B2 (en) | Method and apparatus for creating predictive filters for messages | |
| Passerini et al. | Fluxor: Detecting and monitoring fast-flux service networks | |
| EP2502398B1 (en) | Detecting malicious behaviour on a network | |
| US8447856B2 (en) | Policy-managed DNS server for to control network traffic | |
| CN104219200B (en) | A kind of apparatus and method for taking precautions against DNS cache attack | |
| KR101425107B1 (en) | Apparatus for sharing security information among network domains and method for the same | |
| CN101924776B (en) | Method and system for domain name resolution server to resist flooding attacks of DNS (Domain Name System) request reports | |
| US20130031625A1 (en) | Cyber threat prior prediction apparatus and method | |
| US20070078936A1 (en) | Detecting unwanted electronic mail messages based on probabilistic analysis of referenced resources | |
| US8959626B2 (en) | Detecting a suspicious entity in a communication network | |
| CN101252443B (en) | Apparatus and method for detecting message security | |
| CN105472056B (en) | DNS recursion server is layered caching method and system | |
| JPWO2016140037A1 (en) | Communication destination correspondence collection apparatus, communication destination correspondence collection method, and communication destination correspondence collection program | |
| CN101340387A (en) | Method and apparatus for control forwarding data packets | |
| CN103685168B (en) | A kind of inquiry request method of servicing of DNS recursion server | |
| CN102624716A (en) | P | |
| US10560423B1 (en) | Identifying and predicting spammer domains through DNS reputation system lookups and DNS query volumes | |
| Yu et al. | Fast-flux attack network identification based on agent lifespan | |
| KR20130014300A (en) | Cyber threat prior prediction apparatus and method | |
| Yan et al. | Unwanted traffic control via hybrid trust management | |
| CN105491179A (en) | Solution for coping with reflection amplification attacks of domain name system (DNS) server | |
| CN114301696B (en) | Malicious domain name detection method, malicious domain name detection device, computer equipment and storage medium | |
| KR101063321B1 (en) | Harmful traffic blocking device and method | |
| CN111131285B (en) | Active protection method for random domain name attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121031 Termination date: 20140723 |
|
| EXPY | Termination of patent right or utility model |