1. Patent Search
  2. Details

Domain name system (DNS) and domain name service method based on user information

10313299 ยท 2019-06-04

    Inventors

    Cpc classification

    International classification

    Abstract

    The present invention relates to a domain name system (DNS) and domain name service method based on user information. The DNS includes a client which outputs a domain name query including user information and service domain name information, a DNS which receives the domain name query from the client, and a database which receives the domain name query from the DNS, extracts the user information included in the domain name query, and differently provides destination path information for each set of user information, wherein the client receives destination path information for each set of user information from the database through the DNS.

    Claims

    1. A domain name service system based on user information, the domain name service system comprising: a client apparatus including an agent that outputs a domain name query comprising a domain name system (DNS) request message having user information added thereto; a first DNS server that receives the domain name query from the client apparatus, and outputs the domain name query; a second DNS server whose name server information is not published, that replaces the first DNS server when the first DNS server cannot operate due to an external attack or operation failure; and a database system that: receives the domain name query from the first DNS server; extracts the user information included in the received domain name query; and provides the first DNS server with destination path information for the extracted user information and path information of the second DNS server, wherein the path information of the second DNS server is not published, and is assigned differently for each received user information; wherein the first DNS server further: receives the destination path information corresponding to the domain name query of the client apparatus and the path information of the second DNS server from the database system; and transmits the destination path information and the path information of the second DNS server to the client apparatus, and wherein the agent of the client apparatus further: receives the destination path information and the path information of the second DNS server from the first DNS server in response to the domain name query and sends the destination path information and the path information of the second DNS server to the client apparatus; stores the path information of the second DNS server; outputs a subsequent domain name query comprising a domain name system (DNS) request message having user information added thereto to the first DNS server; and outputs a domain name query to the second DNS server by using the stored path information of the second DNS server-when the first DNS server cannot operate due to an external attack or operation failure for the subsequent domain name query.

    2. The domain name service system of claim 1, wherein the database system further: stores a different proxy path information for each of the user information; extracts the user information included in the domain name query when receiving the domain name query from the first DNS server; and provides the first DNS server with the path information of the proxy for the extracted user information; wherein the proxy whose server information is not published, is: used instead of the first DNS server when the first DNS server cannot operate due to an external attack or operation failure.

    3. The domain name service system of claim 1, wherein: the first DNS server comprises a query reception unit that receives the domain name query including the user information from the client apparatus; the database system comprises a path provision unit that: stores destination path information for each received user information; extracts the user information included in the domain name query transmitted from the query reception unit; provides the first DNS server with the destination path information for the extracted user information and path information of the second DNS server that is used instead of the first DNS server in a case where the first DNS server cannot operate due to an external attack or operation failure for the subsequent domain name query; and the first DNS server further comprises a query response unit that transmits the destination path information and the path information of the second DNS server provided from the path provision unit to the client apparatus.

    4. The domain name service system of claim 1, wherein the database system stores destination path information corresponding to each user information received from a plurality of client apparatuses.

    5. The domain name service system of claim 1, further comprising: a public DNS server whose information is set on the operating system of the client apparatus, that: performs a recursive query as an open DNS; receives the domain name query from the client apparatus and transmits the domain name query to the first DNS server; and receives the destination path information and the second DNS server path information from the first DNS server and transmit the received second path information to the client apparatus.

    6. The domain name service system of claim 1, further comprising: a proxy server whose path information is assigned differently for each user, that: exists on a path of the second DNS server; receives the subsequent domain name query from the agent; and transmits the subsequent domain name query to the second DNS server.

    7. A method of providing a domain name service based on user information, the method comprising: outputting, by a client apparatus, a domain name query including user information; receiving, by a first DNS server, the domain name query from the client apparatus; receiving, by a database system, the domain name query from the first DNS server and extracting user information included in the domain name query; providing, the first DNS server from the database system, destination path information for the extracted user information and path information of a second DNS server; receiving, by the first DNS server, the destination path information corresponding to the domain name query of the client apparatus and the path information of the second DNS server; transmitting the received destination path information and the received path information of the second DNS server with the first DNS server to the client apparatus; receiving, by the client apparatus, the destination path information and the path information of the second DNS server from the first DNS server; storing, with the client apparatus, the path information of the second DNS server; outputting, by the client apparatus, a subsequent domain name query including user information to the first DNS server; and outputting, by the client apparatus, a domain name query to the second DNS server by using the stored path information of the second DNS server when the first DNS server cannot operate due to an external attack or operation failure for the subsequent domain name query, wherein the path information of the second DNS server is not published, and is assigned by the database system differently for each received user information.

    8. The method of claim 7, wherein the providing of the destination path information comprises: providing the first DNS server with path information of a proxy for the extracted user information, wherein the proxy whose server information is not published, is used instead of the first DNS server in a case the first DNS server cannot operate due to an external attack or operation failure for the subsequent domain name query.

    9. The method of claim 7, wherein a proxy receives the subsequent domain name query from the agent and transmits the subsequent domain name query to the second DNS server, and wherein the proxy whose path information is assigned differently for each user information, exists on a path of the second DNS server.

    10. The method of claim 7, wherein the database system receives the domain name query from the first DNS server, extracts the user information included in the received domain name query, stores destination path information for each received user information, and provides the first DNS server with destination path information for the extracted user information and path information of the second DNS server, wherein the path information of the second DNS server is not published, and is assigned differently for each received user information.

    Description

    BRIEF DESCRIPTION OF THE DRAWINGS

    (1) FIG. 1 shows an example of a domain name address resolution process.

    (2) FIG. 2 shows a configuration of a domain-address service system based on user information, according to an embodiment of the present invention.

    (3) FIGS. 3 and 4 each show a block diagram of a detailed configuration of a client PC or equipment which is used in the process of requesting the DNS resolution of a client.

    (4) FIG. 5 is a block diagram of another example of a configuration of a domain name service system based on user information, according to the present invention.

    (5) FIG. 6 is a block diagram of a system configuration for illustrating an example a data transmission process between a client and a database in a domain name service system based on user information, according to the present invention.

    (6) FIG. 7 shows a service process between a client and a host server from which a service is provided to the client.

    (7) FIG. 8 shows a process of acquiring information by an agent in providing information on a program and a device using DNS.

    (8) FIG. 9 shows a process of obtaining information by a user when providing information on a program and a device using DNS.

    (9) FIG. 10 shows a DNS detour path control according to an embodiment of the present invention.

    (10) FIG. 11 shows a DNS detour path control according to another embodiment of the present invention.

    (11) FIG. 12 is a flowchart of a domain name service method based on user information, according to an embodiment of the present invention.

    (12) FIG. 13 is a flowchart of a domain name service method based on user information, according to another embodiment of the present invention.

    DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

    (13) The present invention will now be described more fully with reference to the accompanying drawings, in which exemplary embodiments of the invention are shown. The invention may, however, be embodied in many different forms and should not be construed as being limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the invention to those skilled in the art.

    (14) FIG. 2 shows a configuration of a domain name service system based on user information, according to an embodiment of the present invention. The domain name service system includes a client 200, a DNS 220, and a database 240.

    (15) The client 200 transmits the domain name query, including user information and domain name information, to the DNS. Furthermore, the client 200 receives destination path information for each user information set, which is outputted from the database 240, through the DNS 220.

    (16) The DNS 220 receives the domain name query from the client 200.

    (17) The database 240 receives the domain name query from the DNS 220 and extracts the user information included in the domain name query so as to provide the destination path information for each user information set. Specifically, the database 240 may provide detour DNS server path information or detour proxy or gateway path information, which may be used instead of the DNS when the host server path information or proxy or gateway path information and the DNS do not work for each user information set.

    (18) The client 200 may include a resolver (not shown) which transmits the DNS request message to a DNS which has been set for resolving the domain, and an agent (not shown) which outputs the query to the DNS by adding user information to the DNS request message.

    (19) Furthermore, the domain name service system based on user information, according to the present invention, may be formed of a DNS 220 and a database 240 separately from a client. Here, the DNS 220 receives the domain name query including the user information and the service domain name information from the client 200. Furthermore, the database 240 may receive the domain name query from the DNS 220 and extract the user information included in the domain name query so as to differently provide the destination path information for each user information set.

    (20) Here, the DNS 220 transmits the destination path information for each user information set, which is outputted from the database 240, to the client 220. Furthermore, the database 240 may provide detour DNS server path information or detour proxy or gateway path information, which may be used instead of the DNS when the host server path information or proxy or gateway path information and the DNS do not operate for each user information set.

    (21) FIGS. 3 and 4 each show a block diagram of a detailed configuration of a client PC or equipment which is used in the process of requesting the DNS resolution of a client 200.

    (22) The client 200 according to the present invention includes user programs 300 and 400, resolvers 310 and 420, agents 320 and 410, and caches 330, 340, 430, and 440. Further, FIG. 13 is a flowchart of a domain name service method based on user information, according to an embodiment of the present invention.

    (23) Exemplary embodiments on the domain name service system and method based on user information of the present invention will be described in detail below with reference to FIGS. 3, 4, and 13.

    (24) The user program 300 requests domain name resolution from the resolver 310 (S1300). The resolver 310 transmits the DNS request message to the DNS which is set for the domain name resolution (S1310). At this time, if there is a DNS request, the agent 320 adds user information to the query name area of a request section so as to transmit the DNS request message to a public DNS server 350.

    (25) The public DNS server 350 transmits information of the query name to a DNS server 360 having information (authority) of the DNS request message. The DNS server 360 having information (authority) enquires a predetermined database 370 (S1340). The DNS 360 performs a function of adding, correcting, and extracting a request message on the database 370. The database 370 responds with matched information (S1355). Here, the database 370 may extract user information added by the agent 320 so as to provide destination path information for each user information set, such as host server path information or proxy or gateway path information and detour DNS server path information or detour proxy or gateway path information.

    (26) The DNS server 360 transmits response information received from the database 370 to the public DNS 350 (S1365). If the public DNS 350 transmits the response information received from the DNS server 360 to the agent 320 (S1370), the agent 320 checks the content of the response message and transmits the DNS resolution to the resolver 310 (S1375). The resolver 310 analyzes and caches the response message and then transmits the cached response message to the user program 300 (S1380), and then the user program 300 connects to the response-received address so as to use the service (S1385). Here, the resolver 310 may cache the response message if the response message has the detour DNS server path information or detour proxy or gateway path information.

    (27) Furthermore, the positions of the resolver 310 and the agent 320 of FIG. 3 may be changed as in FIG. 4. That is, the agent 410 may transmit the DNS query to the resolver 420 and transmit the response message outputted from the resolver 420 to the agent 410.

    (28) FIG. 5 is a block diagram of another example of a configuration of a domain name service system based on user information, according to the present invention. The domain name service system includes a query reception unit 500, a path provision unit 520, and a query response unit 540.

    (29) The query reception unit 500 receives a domain name query including user information and service domain name information from a client 550.

    (30) The path provision unit 520 extracts the user information included in the domain name query from the query reception unit 500, and provides the destination path information to the query response unit 640 for each user information set. The path provision unit 520 may provide server path information or proxy or gateway path information for each user information set, and detour DNS server path information or detour proxy or gateway path information, which may be used instead of the DNS when the DNS is not operating.

    (31) The query response unit 540 transmits the destination path information for each user information set, which is outputted from the path provision unit 520, to the client 650.

    (32) The query reception unit 500, the path controller 520, and the query response unit 540 may be implemented and installed in one system, and the path controller 520 may be implemented and installed using a separate device such as a database.

    (33) FIG. 6 is a block diagram of a system configuration for illustrating an example a data transmission process between a client and a database in a domain name service system based on user information, according to the present invention.

    (34) An agent 620 is a program or device which performs a function of including user information to the message when the user information is collected and the DNS resolution of the user program (browser) is requested.

    (35) A DNS server, namely, a first DNS server 640, requests the DNS request message of a host from a predetermined database 650, and transmits information received from the database 650 to the agent 620 through a public DNS 630. The first DNS 640 is a DNS server whose name server information is published and is the same as a first DNS server 1030 of FIG. 10. Furthermore, a second DNS server 1070 of FIG. 10 is a DNS server whose name server information is not published, and uses the same database as that of the first DNS 640 and plays the same role as that of the first DNS 640.

    (36) Databases 650 and 1040 store data which is used in the service or management of the DNS, and store the setting of different destination paths for each user.

    (37) It is assumed that the domain name service system based on user information, illustrated in FIG. 6, has the following conditions:

    (38) 1) The domain service.com performs path control based on user information through the first DNS 640.

    (39) 2) The user desires to connect to a web server which uses the service.com domain through a program such as a browser.

    (40) 3) The service.com domain is registered in advance.

    (41) 4) The database 650 stores proxy or gateway path information (IP address, domain, etc.), path information of the gateway (IP address, domain, etc.), or host server path information (IP address, domain, etc.) for accessing to the host server of the service.com for each user information set.

    (42) 5) Various information sets for authenticating the user, such as Mac ID and Login ID as well as the IP address, may be singularly or compositively as client information, but it is assumed in FIG. 6 that only the IP address is used.

    (43) 6) It is assumed that the public IP of the client is 100.100.100.1.

    (44) 7) It is assumed that the IP address of the destination (proxy or gateway of the service.com) is 200.0.0.1.

    (45) The user-based destination path provision using the DNS is performed as follows: First, the process where the user's request is transmitted by the agent is as follows: A first user requests the IP address for the domain name (service.com) from the resolver 610, which is a DNS client, through a client program 600. The request-received resolver 610 transmits the DNS request message to the DNS server address where the domain name is set in the operating system, and the pre-installed agent 620 changes the DNS request message as follows:

    (46) Before change: service.com

    (47) After change: 100_100_100_1.Service.com

    (48) Here, 100_100_100_1 is a simple expression of the client IP, and the information represents the non-encrypted client IP address.

    (49) The agent 620-changed message is transmitted to the DNS server address which is set in the operating system (OS).

    (50) The public DNS 630 sends a resolution request to the root name server to resolve the 100_100_100_1.Service.com domain, and the root name server notifies the address of the com name server. The com name server notifies again the address of the DNS server where the service.com domain information is registered. The com name server notifies again the address of the DNS server where the service.com domain information is registered. The DNS server resolves 100_100_100_1.Service.com, and enquires for the domain content of the database 650.

    (51) The database 650 responds again to the DNS name server with an IP address: 200.0.0.1 of information which is matched to the data.

    (52) If there is no matched information, the first DNS 640 inserts information on the client 100_100_100_1 into the database 650 according to a preset policy.

    (53) The first DNS 640 responds to the public DNS 630 with received information, i.e., the destination path. The public DNS 630 responds to the agent 620 with the domain resolution result.

    (54) The agent 620 analyzes the response message, and if the received information is the IP address, the agent caches the IP address. Then, the result of the domain name resolution is sent to a resolver 610.

    (55) The resolver 610 sends the path to the client program 600 which has requested the domain resolution. The client program 600 connects to the server whose destination IP address is 200.0.0.1.

    (56) FIG. 7 shows a service process between a client 700 and a host server 750 from a service is provided to the client 700.

    (57) As shown in FIG. 7, if a client 700 outputs a DNS query, an agent 710 adds user information to the DNS query, and transmits a domain name query including user information and domain name information to a first DNS server 730 through a public DNS 720. Then the first DNS server 730 extracts the user information from the domain name query, and transmits the destination path information corresponding to the extracted user information, such as host server path information or proxy or gateway path information, and detour DNS server path information or detour proxy or gateway path information to the agent 710 through the public DNS 720. If the agent 710 transmits the host server path information or proxy or gateway path information to the client 700, the client 700 accesses a host server 750, which is the destination, through a prearranged host server, proxy, or gateway 740 based on the client 700's own information.

    (58) FIG. 8 shows a process of acquiring information by an agent in providing information on a program and a device using DNS.

    (59) In this process, a program and a device send a query to a first DNS server 830 so as be provided information. An agent 810 sends a DNS query including device information such as a program version and a setting version to the DNS periodically or when a certain event occurs so as to be provided information from a database.

    (60) The DNS query may be sent as a text, and may be responded in any format which may be applicable to a query type of a DNS query record.

    (61) If the agent 810 sends the DNS query configversion00002.service.com including the program version of the agent 810 itself to a public DNS 820 in a text format every 10 seconds and sends the request to the first DNS server 830 having the information of the service.com, the first DNS server 830 responds in a text format with information matched with the database.

    (62) The agent 810 may use the secondary information by applying or processing the information included in this response message.

    (63) FIG. 9 shows a process of obtaining information by a user when providing information on a program and a device using DNS. The process is similar to the information acquisition by the agent, but the query is transmitted to a first DNS server 930 via an agent 910 and a public DNS 920 by the request of a client 900 so as to be provided information.

    (64) Furthermore, FIG. 10 shows a DNS detour path control according to an embodiment of the present invention. The DNS detour path control is performed as follows:

    (65) The DNS is exposed to a direct attack such as a D-Dos attack by opening, for example, the IP and other registration information of the DNS server.

    (66) In the case of an abnormal situation, for example, when a normal DNS service is unavailable due to an error in the DNS server or an attack of a malicious user because of the availability to the public of the name server information of the DNS, the first DNS server 1030 maintains the continuity of the DNS service to the user where the agent 1010 has been installed by controlling the DNS request path with the second DNS Server 1070. This function is called DNS detour path control.

    (67) That is, the DNS detour path control controls the path to another second DNS server 1070, which uses the function and the same database when the first DNS server 1030 cannot be used.

    (68) The service situation is divided into the following two situations to illustrate an appropriate use of detour path control:

    (69) The first situation is a normal service process, and the second situation is a service process in an emergency situation, that is, when the first DNS server 1030, which is used in the normal service process, is not available.

    (70) The normal service process is the same as described with reference to FIGS. 6 and 7 which are expressed in the above DNS service model. However, only one user information set is additionally operated, and the user information set is path information of a proxy or gateway having information of the second DNS server 1070 or path information of the second DNS server 1070, that is, the IP address information of the proxy or gateway which plays the same role as that of the public DNS or IP address information of the second DNS server 1070.

    (71) The resolver generates the DNS request packet by the DNS resolution request of a client 1000, then the agent 1010 modifies the message and makes a request to the first DNS server 1030 through a public DNS 1020. The first DNS server 1030 provides information on the destination or the path based on user information included in the domain, and in this case, the path information of the second DNS server 1070 based on user information, for example, a proxy or gateway IP address or domain name may be simultaneously or sequentially included in the DNS response message so as to be transmitted.

    (72) The public DNS 1020 responds to the agent 1010 again with a response message, and the agent 1010 analyzes the corresponding DNS response message, and here, the situation is divided into the following two situations:

    (73) The first situation is a case when the response message is a normal response message. The agent 1010 divides the DNS response message into a response to the DNS request and detour DNS information, and caches the detour DNS information (second DNS information set) in a memory of a client 1000. If information is already cached, the information is changed, and the DNS response message is transmitted to the client 1000 through the resolver, and the client program uses a desired serviced through a reception path.

    (74) The second situation is a case when the message is an abnormal response message. In this case, the agent 1010 determines that the first DNS server 1030 cannot provide a normal service, and transmits the DNS request message with cached detour information such as the IP address of the proxy or gateway or domain name.

    (75) A proxy or gateway 1060 requests information matched with the domain name to the preset second DNS server 1070 or a device which is implemented to play the same role, and receives a response and sends the response to the agent 1010. At this time, the DNS request message is the same as the initially transmitted DNS request message, and the response is also the same because the same database is referred to. Both UDP and TCP communication are supported, and protocol modulation is also possible. Only, the detour path transmits path information of a third DNS server such as a third server DNS, which is not shown.

    (76) That is, the DNS provides the information on the domain name and the DNS detour information at the same time, and the agent 1010 receives the DNS service using the second DNS server 1070 whose name server information has not yet been exposed through the detour address when the use of the first DNS server 1030 is not possible in a state where the detour information is cached and stored.

    (77) FIG. 11 shows a DNS detour path control according to another embodiment of the present invention. FIG. 11 shows a case when there is no public DNS server 1020 and no proxy or gateway 1060 in FIG. 10. A client 1100, an agent 1110, a first DNS 1120, a database 1130, a cache 1140, and a second DNS 1150 have the same function as that of the agent 1010, the first DNS 1020, the database 1030, the cache 1040, and the second DNS 1050 of FIG. 10, respectively.

    (78) Furthermore, the DNS detour path control described in FIG. 10 may be performed without one of the public DNS 1020 and the proxy or gateway 1060 of FIG. 10.

    (79) Furthermore, FIG. 12 is a flowchart of a domain name service method based on user information, according to another embodiment of the present invention.

    (80) Referring to FIGS. 2 and 12, first, the client 200 transmits the domain name query including user information and service domain name information to the DNS 220 (S1200). The DNS 220 receives the domain name query from the client 200 and transmits the received domain name query to the database 240 (S1210). The database 240 receives the domain name query from the DNS 220, extracts the user information included in the domain name query, and differently provides the destination path information according to the user information (S1220). Here, the destination path information provision may include providing host server path information or proxy or gateway path information for each user information set and providing detour DNS server path information or detour proxy or gateway path information, which is usable instead of the DNS when the DNS does not operate. Furthermore, the client 200 receives the destination path information for each user information set from the database 240 through the DNS 220 (S1230).

    (81) As described above, the domain name service system and method based on user information according to the present invention separate an attacker from a general user in response to different host information for each user when there is an external attack such as D-Dos attack. To this end, if the client requests domain name resolution, a program and equipment for transmitting user information together may be used.

    (82) Furthermore, the IP address of the server, which becomes the subject of an attack, is not exposed, and when it is not possible to use of the DNS server, a detour path for differently using the DNS, whose IP address has not been exposed, for each user or each group to which the user belongs, is temporarily provided. To this end, the DNS server manages the domain information through the database, not through the zone file. The database exists at in or outside the DNS. Furthermore, when registering the domain, the time to live (TTL) is set to a minimum value so as not to be cached.

    (83) Furthermore, the detailed data format, which is used in the domain name service system and method based on user information according to the present invention is as follows:

    (84) First, Client's DNS message data format is shown below.

    (85) TABLE-US-00001 TABLE 1 DNS message data format Mac header IP header TCP/UDP header DNS header Data

    (86) The DNS message data format is a DNS message including a lower layer header of the open systems interconnection (OSI) reference model before decapsulation.

    (87) The information on the user, i.e., the client information which has requested the DNS message, may be understood through the header of the lower layer. For example, the Mac address of the part which transmits the packet may be found through the Mac header, the departure location address of the packet, i.e., the source address, may be found through the IP header, and the used port may be found through the TCP/UDP header.

    (88) However, as illustrated in FIG. 1, the departure location of the packet, which is received by the DNS on the currently used DNS, is the information of the public DNS, not the information of the user (client).

    (89) Furthermore, the formats of the DNS request message and the DNS response message are shown below.

    (90) TABLE-US-00002 TABLE 2 DNS request message format Header Question section

    (91) TABLE-US-00003 TABLE 3 DNS response message format Header Question section Answer section Authoritative section Additional section

    (92) The agent does not correct the header of the DNS request and response messages in order to follow the request for comment (RFC) standard, which is a standard which is commonly used in the existing DNS.

    (93) Furthermore, the format of the DNS query record is shown below.

    (94) TABLE-US-00004 TABLE 4 DNS query record format Query name Query type Query class

    (95) The query name field has a variable length and includes the domain name.

    (96) The query type is composed of 16 bits and indicates the type of a query.

    (97) The types of queries frequently used in the present invention are described in Table 5 below.

    (98) TABLE-US-00005 TABLE 5 Type Mnemonic Description 1 A IPv4 address 2 NS Name server 5 CNAME Canonical name 28 AAAA IPv6 address 16 TXT Text

    (99) The agent corrects the query name and the query type in the DNS query recording format, and transmits the DNS query message. Furthermore, it is also possible to change the query type in order to receive text-type information such as information needed in the client module, as well as the IP address.

    (100) Furthermore, in the domain name service system and method based on user information, according to the present invention, an example of a query name change before and after addition of user information is as follows:

    (101) When adding user information through one label:

    (102) Before change: www.service.com

    (103) After change: ipaddressuserid.www.service.com

    (104) When adding user information through a plurality of labels:

    (105) Before change: www.service.com

    (106) After change: ipaddress.userid.www.service.com

    (107) When adding information of the client module using the above method:

    (108) Before change: www.service.com

    (109) After change: moduleversion.userid.www.service.com

    (110) When adding equipment information using the above method:

    (111) Before change: www.service.com

    (112) After change: devinfo.www.service.com

    (113) That is, Information is added to the front of the domain name so that the DNS service may receive the information.

    (114) When servicedomain www.service.com is corrected so as to be received by another DNS server:

    (115) Before change: www.service.com

    (116) After change: ipaddress.userid.service.otherdns.com

    (117) That is, the DNS server, in which the domain information otherdns.com is registered, analyzes the domain information corresponding to the state after change.

    (118) Furthermore, an example of a database connection is shown in FIG. 6 below.

    (119) TABLE-US-00006 TABLE 6 An example of a database connection Description Example Matched information User A information Aclientinfo.service.com 200.0.0.1 User B information Bclientinfo.service.com 200.10.10.10 Equipment A information Adevinfo.service.com Information (text type) Equipment B information Bdevinfo.service.com Information (text type)

    (120) An example of FIG. 6 is a simple example for description, and the information matched with the requested domain name may be responded in various types as in Table 5. The DNSSEC scheme may also be applied for the security-requested DNS service.

    (121) Furthermore, an example of response data of the DNS of the present invention is described below. As response data used in the embodiment of the present invention, when DNS analysis is requested, the destination path for each user information (client) set, and the DNS detour information are responded together. The DNS response may include the destination IP address and the detour DNS address within one response message, or may be divided into two DNS response messages, depending on the policy.

    (122) TABLE-US-00007 TABLE 7 Destination IP address Detour DNS address

    (123) Even when information is inputted or acquired, the DNS detour information is responded together.

    (124) TABLE-US-00008 TABLE 8 Equipment information Detour DNS address

    (125) The invention can also be embodied as computer-readable code on a computer-readable recording medium. The computer-readable recording medium is any data storage device that can store data which can be thereafter read by a computer system. Examples of the computer-readable recording medium include read-only memory (ROM), random-access memory (RAM), CD-ROMs, magnetic tapes, floppy disks, optical data storage devices, etc.

    (126) While one or more embodiments of the present invention have been described with reference to the figures, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present invention as defined by the following claims.

    (127) The present invention may be applied to a DNS and domain name service which may maintain service continuity to users during an abnormal operation of a service and device which is used in the service.