1. Field of the Invention
The invention relates to a DDNS (Dynamic Domain Name System) server and a DDNS client terminal as its client, and a DDNS system comprising the server and the terminal.
The invention also relates to a web server terminal which permits an access only when a registered host name matches a received host name and its network system, and an access control method for detecting a host name to determine whether to permit an access.
2. Description of the Related Art
In recent years, the internet has attained a widespread use. Various web pages are registered on a server on the internet and internet users can acquire a variety of information more easily and readily than ever.
It is necessary to specify the global IP address of a server on the internet before accessing the server on the internet. However, the global IP address is difficult for the user to understand, so that a domain name (DNS name) is used in general. The domain name is managed by the DNS server through mapping a host name (domain name) of a unit such as a server to a global IP address. In general, a global IP address and a host name are communicated from a unit such as a server to a DNS server, and the global IP address and the host name are registered and managed by the DNS server.
The operation of an access to a server unit registered to a DNS server by using a domain name will be described. When a domain name is input to browser means used to access a unit, the global IP address corresponding to the domain name is inquired of a DNS server. The DNS server, on the inquiry, returns the corresponding global IP address to the accessing browser means, which uses this global IP address to communicate with the server unit.
The global IP address is assigned by an ISP. The global IP address is either statically or dynamically assigned to an ISP client. In general, in order to assign limited global IP addresses to as many clients as possible, a global IP address is often dynamically assigned. As means for assigning a global IP address, the DHCP (Dynamic Host Configuration Protocol) is used.
By way of the DHCP, a DHCP client requests assignment of a global IP address from a DHCP server on connection to a network or power ON to receive assignment of a global IP address from a DHCP server. The global IP address is assigned by a DHCP server for a predetermined period. Without a repeated assignment request by the DHCP client, assignment of a global IP address to the DHCP client is no longer valid. In general, a DHCP client makes an IP address assignment request again in the available period of the global IP address communicated by the DHCP server as long as the DHCP remains connected to the network. Thus the global IP address of a DHCP client does not become invalid in this context. However, in case the power is turned off or connection to the network is terminated, the global IP address once assigned becomes invalid and a global IP address assignment request must be made again. In this practice, a new global IP address may be different from the previously acquired global IP address. Further, some DHCP servers do not necessarily assign the same global IP address in response to a second assignment request.
Thus, the permanent DNS cannot support a DHCP client whose global IP address dynamically changes.
In recent years, dynamically changing global IP address and host name have been managed using the DDNS. In the DDNS, a DDNS server registers/manages a global IP address and a domain name communicated from a client on a regular basis. This avoids any inconsistency between the actual state taking place when a related art DNS and DHCP are used and the information registered to the DDNS. In DDNS, some problems remain in case an IP address is dynamically assigned by a DHCP server as mentioned below.
Inconsistency between the actual state and the registered information persists for a short period until the update in response to a regular notice from a client to a DDNS server. A related art DDNS system will be described. FIG. 6 is a block diagram of a related art DDNS system. FIG. 7A is a time chart of connection updates in a related art DDNS. FIG. 7B is a time chart of the registration of a terminal management table and IP address usage by DHCP in a related art DDNS. In FIG. 6, a numeral 1 represents the internet, 2a, 2b, 2′ PC terminals, 3, 3′ servers as a window of domain such as web servers and mail servers, 4 a DHCP server which assigns IP addresses to PC terminals 2a, 2b in the domain of the server 3, 5a DDNS server which converts an access destination domain name (hereinafter a domain name includes a sub-domain name) to a global IP address on an access from the PC terminals 2a, 2b, 5a a terminal management table for managing terminals provided on the DDNS server 5, and 8 a DNS server.
A sequence of internet connection using the related art DDNS system and updates of DDNS is described below. In FIG. 7A, at time T1, the PC terminal 2a of User A connects to the internet by way of power ON or circuit connection, is assigned a global IP address ‘222.222.222.222’ by the DHCP server 4, and starts internet connection. The PC terminal 2a assigned a global IP address communicates the assigned global IP address and its domain name (domain name ‘aa.xx.ne.jp’ of the PC terminal registered to the DDNS server 5 beforehand) to the DDNS server 5. The DDNS server 5, in response to this, updates the mapping of global IP addresses to domain names.
At time T2, the PC terminal 2a turns off the power or releases circuit connection to release internet connection. The global IP address ‘222.222.222.222’ is released.
At time T3, the PC terminal 2b of User B connects to the internet by way of power ON or circuit connection, is assigned a global IP address ‘222.222.222.222’ by the DHCP server 4, and starts internet connection. The PC terminal 2b communicates the assigned global IP address and its domain name (‘bb.xx.ne.jp’) to the DDNS server 5. The DDNS server 5 updates the registration. In this state, at time t4, the PC terminal 2a starts internet connection again. The PC terminal 2a is assigned an IP address ‘222.222.222.111’ by the DHCP server 4. The PC terminal 2a communicates the assigned global IP address and its domain name (‘aa.xx.ne.jp’) to the DDNS server 5. The DDNS server 5 updates the registration. At time T5, the pp 2b releases internet connection. At time T6, the second connection of the PC terminal 2a is released.
In the aforementioned connection sequence, as long as the DHCP server 4 is used, the same global IP address could be registered to the PC terminal 2a and 2b, as shown in FIG. 7B. That is, the terminal address (‘aa.xx.ne.jp’) and the global IP address ‘222.222.222.222’ are registered in the information area of the PC terminal 2a in the terminal management table 5a at time T1. The global IP address is released at time T2 although the registered information of the PC terminal 2a in the terminal management table 5a is maintained until the time T4 the global IP address changes.
The global IP address ‘222.222.222.333’ on the last access is recorded in the information area of the PC terminal 2b in the terminal management table 5a at time T3. In case User 3 makes an access at this point in time T3, the DHCP server 4 assigns the global IP address ‘222.222.222.222’ which has just become vacant to the PC terminal 2b, and registers ‘222.222.222.222’ to the terminal management table 5a. From time T3 to time T4, the same global IP address ‘222.222.222.222’ is assigned as a global IP address to two different terminal addresses ‘aa.xx.ne.jp’ and ‘bb.xx.ne.jp’ in the terminal management table 5a. In this state, in case an access is made using the terminal address ‘aa.xx.ne.jp’ from an external PC terminal 2′ to the PC terminal 2a, the DDNS server 5 transmits data by using the global IP address ‘222.222.222.222’ which establishes a connection to the PC terminal 2b. The user of the external PC terminal 2′ who attempted to access the PC terminal 2a cannot access the PC terminal 2a but accesses the unintended PC terminal 2b. This also violates privacy and causes a security problem. While in DDNS, the global IP address of the PC terminal 2a is updated to ‘222.222.222.111’ at time T5 and double registration will not take place afterwards, such double registration could occur at least until update is complete. For DNS, the period of double registration is longer than that in the DDNS because of absence of regular updates. Some DHCP servers do not necessarily assign the same global IP address in response to a second assignment request even in case internet connection is not released. Further, a request to update the DDNS server 5 is made at regular intervals. The problem of double registration occurs in this case also.
In order to eliminate the danger of double registration, the same global IP address must not issued to the PC terminals 2a, 2b. However, making a restriction so as not to issue the same global IP address presents a problem. In a case where a plurality of terminals are locally connected to a router connected to the internet, these terminals share the same global IP address and separate domain names cannot be assigned to these plurality of terminals. As a result, only a single terminal can be connected to a DDNS server.
FIG. 8 is a block diagram of a DDNS system comprising a related art terminal connected to the internet via a router. In FIG. 8, a numeral 1 represents the internet, 2′ a PC terminal, 3′ a server as a window of domain such as a web server and a mail server connected to the internet 1, 4 a DHCP server which assigns an IP address in the domain of the server 3, 5 a DDNS server, and 5a a terminal management table for managing terminals provided on the DDNS server 5. Numerals 6a, 6b represent a plurality of image pickup terminals, 7 a router equipped with the image pickup terminals 6a, 6b to allow an access from outside on a port forward basis, and 8 a DNS server.
As shown in FIG. 8, in a related art DDNS system comprising a terminal connected via a router, the router 7 is assigned an IP address ‘222.222.222.222’ by the DHCP server 4. This does not allow the system to recognize the image pickup terminals 6a, 6b. Thus port numbers are given to the image pickup terminals 6a, 6b. For example, the image pickup terminal 6a is assigned a port number ‘800’ and the image pickup terminal 6b‘8000’. The image pickup terminal 6a identifies itself using the IP address ‘222.222.222.222’ and the port number ‘800’ while the image pickup terminal 6b identifies itself using the IP address ‘222.222.222.222’ and the port number ‘8000’. The URL of the image pickup terminal 6a is ‘http//222.222.222.222:800/’ and the URL of the image pickup terminal 6b is ‘http//222.222.222.222:8000/’.
To access the image pickup terminal 6a from outside via the internet, ‘222.222.222.222’ as a destination IP address and ‘800’ as a port number are written into the IP header, then an IP packet is transmitted to the network. The router 7 having the IP address ‘222.222.222.222’ receives this packet and transfers it into the domain because of port forward sequence. The packet is then received by the image pickup terminal 6a having the port number ‘800’. Similarly, an IP packet can be transmitted to the image pickup terminal 6b by using the port number ‘8000’.
In this way, in an access to the image pickup terminals from outside, a same IP address is used to identify both image pickup terminals 6a, 6b. In case a restriction is applied so as not to issue a same IP address in order to avoid the problem of double registration mentioned earlier, only either the image pickup terminal 6a or image pickup terminal 6b can be registered to the DDNS server 5.
As mentioned in the preceding paragraphs, a same IP address could be registered to two image pickup terminals 6a, 6b in a related art DDNS system as long as the DHCP server 4 is used. When an access is made by an external terminal in this state, the DDNS server 5 transmits data to this IP address, which causes the terminal to be connected to the PC terminal 2b instead of the target PC terminal 2a. Although this occurs for a short interval, the user's privacy is not protected and this system is imperfect in terms of security. In case a restriction is applied so as not to issue a same IP address to the PC terminals 2a, 2b in order to eliminate the possibility of double registration, only one of a plurality of terminals (for example image pickup terminals 6a, 6b) locally connected to a router unit, if any, can be registered to the DDNS server 5.