摘要
域名系统(domain name system,DNS)是Internet的重要基础设施,其核心功能是域名解析。为保证域名解析的可用性以及解析结果的正确性,需要参与解析的域名服务器正常、稳定工作。该文针对域名解析过程中的安全性问题,提出了一个域名解析故障分析方法。首先,根据域名解析过程的依赖关系构造依赖图;其次,运用故障树分析法挖掘出了保证域名解析的关键服务器集合和引起域名解析故障的关键服务器集合,用来定位DNS重点防护区域;最后,使用该方法对单个域名和Alex Top 50 000的域名进行了解析故障分析。结果发现,部分域名区域配置存在不合理的依赖关系,这将导致非必要的域名解析过程,加重DNS服务器的解析负载。
The domain name system(DNS)is an important part of the internet with core function being to resolve the domain name.The DNS servers must be stable to ensure the availability of the domain name resolution process and accurate resolution results.A domain name resolution fault analysis method is presented in this paper to resolve name resolution problems. Firstly,a name dependency graph is constructed according to the dependency relationship of the name resolution.Then a fault tree analysis is used to mine the DNS servers that give success for name resolution and the DNS servers that fail to give correct results.A single domain name and the Alex Top 50 000 domain names were analyzed using this method to show that there are unreasonable dependencies in the configurations of individual domain names which lead to some unnecessary resolution procedures and increase the DNS server load.
作者
许海燕
王营康
杜跃进
闫健恩
张兆心
XU Haiyan WANG Yingkang DU Yuejin YAN Jianen ZHANG Zhaoxin(School of Computer Science and Technology, Harbin Institute of Technology, Harbin 150001, China Information Center of Ministry of Industry and Information Technology, Beijing 100846, China)
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2017年第7期680-686,共7页
Journal of Tsinghua University(Science and Technology)
基金
国家科技支撑计划资助项目(2012BAH45B01)
国家自然科学基金资助项目(61100189
61370215
61370211)
国家信息安全计划资助项目(2014A085)
关键词
域名系统
域名解析
故障树分析法
domain name system(DNS)
domain name resolution
fault tree analysis
