期刊文献+

CERNET中权威域名服务器安全问题的测量研究 被引量:2

Measurement Study on Security of DNS Authoritative Name Servers in CERNET
下载PDF
导出
摘要 域名系统是互联网重要组成部分,其安全性是互联网安全的基础,但实际部署中往往存在大量安全隐患。设计实现一种大规模快速权威DNS安全问题测量工具集,通过在教育网范围内大规模测量发现其中存在不当的NS配置、匿名区域传输、不安全的域名动态更新和不完整的DNSSEC配置等问题,证明工具集测量的高效和准确。针对教育网权威DNS安全测量结果,建议网络管理员通过采用完整的身份认证机制、正确部署DNSSEC等方式及时进行修复,以保障网络的安全稳定运行。 Domain Name System(DNS)serves as one of the Internet’s cornerstones,and the security of DNS is the basis of Internet security.However,current deployments still contain various vulnerabilities.This paper proposes a toolset to quickly detect vulnerabilities of DNS authoritative servers in a large scale,and performs actual measurements on CERNET domains.In the end,the proposed toolset can successfully discover vulnerabilities,including improper NS configurations,anonymous zone transfers,insecure dynamic updates and incorrect DNSSEC deployments.The measurement results of CERNET suggests that DNS operators mitigate the issues through strict authentication and correct deployments,so as to secure the network.
作者 周东杰 彭坚 陆超逸 张甲 段海新 ZHOU Dongjie;PENG Jian;LU Chaoyi;ZHANG Jia;DUAN Haixin(State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China;Insititute for Network Sciences and Cyberspace,Tsinghua University,Beijing 100084,China)
出处 《信息工程大学学报》 2019年第4期467-472,共6页 Journal of Information Engineering University
基金 国家自然科学基金资助资助项目(U1636204,61472215) 国家重点研发计划资助项目(2017YFB0803202)。
关键词 域名系统 网络测量 DNS安全 权威服务器 domain name system network measurement DNS security authoritative server
  • 相关文献

参考文献1

二级参考文献6

  • 1Mockapetris P.Domain Names-Concepts and Facilities[S].RFC1034,1987.
  • 2SANS Institute.The Twenty Most Critical Internet Security Vulnerabilities[Z].http://www.sans.org/top20/,2004.
  • 3Lioy A,Maino F,Marian M.DNS Security[C].Proc.of Terena Networking Conference,2000.
  • 4Men & Mice.Single Point of Failure Research[Z].http://www.menandmice.com/6000/6300_single_point_failure.html,2001.
  • 5Duda R O,Hart P E,Stork D G.Pattern Classification (2nd Edition)[M].New York:Wiley & Sons,2001.
  • 6林曼筠.域名服务器的安全保护[J].网络安全技术与应用,2001(1):21-24. 被引量:9

共引文献21

同被引文献8

引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部