摘要
域名系统是互联网重要组成部分,其安全性是互联网安全的基础,但实际部署中往往存在大量安全隐患。设计实现一种大规模快速权威DNS安全问题测量工具集,通过在教育网范围内大规模测量发现其中存在不当的NS配置、匿名区域传输、不安全的域名动态更新和不完整的DNSSEC配置等问题,证明工具集测量的高效和准确。针对教育网权威DNS安全测量结果,建议网络管理员通过采用完整的身份认证机制、正确部署DNSSEC等方式及时进行修复,以保障网络的安全稳定运行。
Domain Name System(DNS)serves as one of the Internet’s cornerstones,and the security of DNS is the basis of Internet security.However,current deployments still contain various vulnerabilities.This paper proposes a toolset to quickly detect vulnerabilities of DNS authoritative servers in a large scale,and performs actual measurements on CERNET domains.In the end,the proposed toolset can successfully discover vulnerabilities,including improper NS configurations,anonymous zone transfers,insecure dynamic updates and incorrect DNSSEC deployments.The measurement results of CERNET suggests that DNS operators mitigate the issues through strict authentication and correct deployments,so as to secure the network.
作者
周东杰
彭坚
陆超逸
张甲
段海新
ZHOU Dongjie;PENG Jian;LU Chaoyi;ZHANG Jia;DUAN Haixin(State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China;Insititute for Network Sciences and Cyberspace,Tsinghua University,Beijing 100084,China)
出处
《信息工程大学学报》
2019年第4期467-472,共6页
Journal of Information Engineering University
基金
国家自然科学基金资助资助项目(U1636204,61472215)
国家重点研发计划资助项目(2017YFB0803202)。
关键词
域名系统
网络测量
DNS安全
权威服务器
domain name system
network measurement
DNS security
authoritative server