1. Field of the Invention
The present invention relates to a network using DNS and in particular to a method of and a device for domain name solution in dynamic DNS.
2. Description of Related Art
When attempting to communicate with a node over an IP network such as the Internet, it is seldom to directly specify the IP (Internet Protocol) address of a destination host to which access is attempted. Instead, a common practice for network access and communication is to use a Domain Name System (DNS) where a domain name is used to specify the access destination. A DNS server holds IP address to domain name mappings. By request from a host, the IP address of the host is registered on the DNS server, mapped to its domain name. By request from a host, the DNS server translates the host's domain name into its IP address (or vice versa). This translation is called “domain name solution.”
Commonly, a domain name mapped to a static IP address has been registered in the DNS. However, with the development of dynamic address assignment techniques such as a Dynamic Host Configuration Protocol (DHCP), it has become necessary to register a dynamic address mapped to a domain name. Then, in RFC (Requests for Comments) 2136, dynamic IP address and domain name registration (dynamic DNS) definitions and rules were specified. Using this dynamic DNS, it made possible to make access by domain name to a host that runs the DHCP or the like and does not have a fixed address. Besides, in an IPv6 environment, because automatic and dynamic IP address assignment is fundamentally practiced, the importance of the dynamic DNS is considered becoming increasingly great.
FIG. 10 is a schematic diagram showing a network system using the above dynamic DNS of prior art. Reference symbols S1 to S26, D1, and D2 denote DNS servers which make translation between a static IP address and a domain name. Reference symbol D0 denotes a DNS server which makes translation between a dynamic IP address and a domain name. Reference symbols C1 and C2 denote servers called cache servers which send a request for translation between an IP address and a domain dame to a DNS server on behalf of a host. Reference symbols H1 and H2 denote hosts.
Also, the DNS servers S1 to S26 and D0 to D2 exist on a network such as the Internet and are organized in a tree structure wherein the DNS server S1 is positioned at the root. By tracing the tree structure from the DNS server S1 positioned at the root (which is referred to as the “root server”) to lower hierarchies of the tree, any domain name or IP address for any host connected to the network can be looked up.
FIG. 11 illustrates examples of IP address to domain name mapping tables which are used for translation, held by the DNS servers shown in FIG. 10. Reference symbol “TS1” in FIG. 11 denotes an IP address to domain name mapping table held by the DNS server “S1.”
Using this drawing, by a query from the host H2, a procedure for deriving the IP address of the host H1 from its domain name “pc-1.isp1.com” (this process is referred to as a “forward lookup”) will be described below.
When having received a request for IP address solution from the “pc-1.isp1.com” domain name, the cache server C2 queries the root server S1 about the domain name. Because the data registered in the table TS1 on the root server S1 indicates that the DNS server S11 has detailed information on the domain name ending with “.com,” the root server S1 directs the cache server C2 which is the source of the query to issue a query to the DNS server S11 accordingly. When having received this directive, the cache server C2 issues a query to the DNS server S11 about the domain name.
Because the data registered in the table TS11 held by the DNS server S11 indicates that the DNS server D1 has detailed information on the domain name in which an “.isp1” string precedes the “.com” string, the DNS server S11 directs the cache server C2 which is the source of the query to issue a query to the DNS server D1 accordingly. When having received this directive, the cache server C2 issues a query to the DNS server D1. Because the data registered in the table held by the DNS server D1 indicates that IP address “1.1.1.1” corresponds to the domain name in which a “pc-1” string precedes the “.isp1.com” string, the DNS server D1 answers the cache server C2 which is the source of the query that the IP address corresponding to the “pc-1.isp1.com” name is “1.1.1.1” accordingly. When having received this answer, the cache server C2 answers the host H2 which is the initial source of the query that the IP address corresponding to the “pc-1.isp1.com” domain name is “1.1.1.1”. Through the above-described procedure, the IP address is derived from the domain name.
Next, a procedure for deriving a domain name from an IP address (this process is referred to as a “reverse lookup”) will be described.
When a reverse lookup is performed, a special domain name for query purposes for translation from an IP address is generated. If an IPv4 protocol is applied, the above name is created in a decimal notation of an address with dot delimiters “.” in which each value consisting of eight bits is separated with a dot, starting with the lowest position value of the original IP address and ending with an “.in-addr arpa” string. For example, from a “2.2.2.1” IPv4 address, a special domain name for query purposes “1.2.2.2.in-addr.arpa” is generated. Using this domain name, a series of queries from the root server is performed in the same manner as described above; that is, a number of queries are repeated in a route S1->S21->S22->S24->S26 and, finally, the query route arrives at the DNS server D2. The data registered in the table TD2 held by the DNS server D2 indicates that domain name “term-2.isp2.com” corresponds to “1.2.2.2.in-addr.arpa”. Through the above-described process, it is figured out that “term2.isp2.com” is the domain name corresponding to the “1.2.2.2.in-addr.arpa” domain for reverse lookup, or in other words, IP address “2.2.2.1”.
If an IPv6 protocol is applied, a query domain name is created in a hexadecimal notation of an address with dot delimiters “.” in which each value consisting of four bits is separated with a dot, starting with the lowest position value of the original IP address and ending with an “.ip6.arpa” string. For example, from a “0123:4567:89ab:cdef:0123:4567:89ab:cdef” IPv6 address, a special domain name for query purposes “f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.ip6.arpa” is generated. In the case of IPv6, the same reverse lookup procedure as for IPv4 is performed.
Next, as an example of dynamic DNS operation, a process in which resolving a domain name of the host H2 is performed by request from the host H1 will be described, using a sequence diagram of FIG. 12.
In advance of use of dynamic DNS, the host H2 sends the dynamic DNS server D0 a registration request message 0101 to register its address mapped to its domain name “host-b.vdm.com” on the server. Similarly, the host H1 sends the server D0 a registration request message 0102 to register its address “1.1.1.1” mapped to its domain name “host-a.vdm.com” on the server.
The host H1 sends the cache server C1 in its local network a query message 0103 which requests the cache server to find a solution of IP address corresponding to the “host-b.vdm.com” domain name. Through a series of queries from the root server S1 as described above, the cache server C1 knows that the DNS server D0 has mapping information on the “host-b.vdm.com” domain name and sends the DNS server D0 a query message 0104. The DNS server D0 sends back to the cache server C1 an answer message 0105 that the address “2.2.2.1” corresponds to the “host-b.vdm.com” domain name and the cache server C1 transfers the answer to the host H1 (0106).
Using the address “2.2.2.1” obtained through the above procedure, the host H1 sends a packet 0107 to the host H2, thus becoming able to communicate with the host H2.
[Non-Patent Document 1]
P. Vixie et al., “RFC2136,” “online,” December, 1997, Internet <URL:http://www/ietf.org/rfc/rfc2136.txt>
In the dynamic DNS of prior art, if a host which has been assigned a dynamic IP address by, for example, an Internet Service Provider (ISP) under the DHCP or the like has registered its domain name with a dynamic DNS server, the domain name concatenated with the ISP's domain is derived through a reverse lookup from the IP address to the domain name, because the IP address has been assigned by the ISP not the domain manager. In other words, the ISP has the right of management of the DNS server which executes the reverse lookup and, consequently, it has been impossible to register a non-ISP domain name that can be reversely looked up in dynamic DNS.
Therefore, even if attempts are made to exert access control over hosts, for instance, to limit hosts that can attempt access to those within a same domain or even if attempts are made to know the domain name of the source of access request from its IP address in order to check for illegal access and the like, its dynamic DNS-based domain name cannot be obtained by a reverse lookup from the IP address in the dynamic DNS of prior art.
FIG. 13 is a sequence diagram explaining a flow of such a reverse lookup process.
When a packet 0107 from the host H1 arrives at the host H1, the host H2 sends the cache server C2 a request 0201 for an IP address to domain name translation, using the source address “1.1.1.1” specified within the packet 0107, in order to check what domain under which the host that sent the packet 0107 has been registered.
The cache server C2 issues queries to the root server S1 and other DNS servers having information on the “1.1.1.1” address sequentially. Then, the cache server C2 knows that the DNS server D1 has the mapping information on the “1.1.1.1” address and sends the DNS server D1 a query message 0202. Because the data registered in the table TD1 held by the DNS server D1 indicates that the “pc-1.isp1.com” domain name corresponds to the “1.1.1.1” address, the DNS server D1 sends back to the cache server C2 an answer message 0203 with the “pc-1.isp1.com” domain name.
As a result, the host H2 is informed that the “pc-1.isp1.com” domain corresponds to the “1.1.1.1” address. Therefore, the host H2 cannot know that the host H1 with the “1.1.1.1” address also has the “host-b.vdm.com” domain name and that the packet 0107 was sent from the host under the “vdm.com” domain.