摘要
由于DNS设计之初没有考虑其安全性因素,使其脆弱性日益暴露出来。本文利用IPFS技术构建新型的域名解析服务。域名解析服务简化为根和顶级域两层结构,减少查询次数。将资源记录文件上传到IPFS网络,IPFS是一种基于内容寻址的分布式网络,该网络可永久保存上传的文件,并且使用P2P传输协议从邻居节点传输资源记录文件缩短时延。针对域名解析的安全问题,本文还增加了签名验证机制,使用非对称密码从文件父域到子域形成信任链,能够有效地解决域名解析的安全问题。
Since the DNS design did not consider its security factors at the beginning,its vulnerability is increasingly exposed.This paper uses IPFS technology to build a new domain name resolution service.The domain name resolution service is simplified into a two-tier structure of root and top-level domains,reducing the number of queries.The resource record file is uploaded to the IPFS network,which is a distributed network based on content addressing,and can permanently save the uploaded file and reduce the delay by transmitting the resource record file from the neighbor node using the P2 P transmission protocol.Aiming at the security issue for domain name resolution,a signature verification mechanism has been added to form a trust chain from a parent domain to a child domain using an asymmetric password,and the security problem of domain name resolution could be effectively solved.
作者
刘姝言
翟健宏
LIU Shuyan;ZHAI Jianhong(School of Computer Science and Technology,Harbin Institute of Technology,Harbin 150001,China)
出处
《智能计算机与应用》
2020年第2期365-369,共5页
Intelligent Computer and Applications
