摘要
DNS域名解析服务采用了分布式的数据结构来存放海量的“区域数据”信息。主服务器在特定区域内具有唯一性,负责维护该区域内的域名与IP地址之间的对应关系,从服务器可以从主服务器上获取指定的区域数据文件从而获得域名与IP地址的对应关系并进行维护,以防主服务器宕机,从而起到备份解析记录与负载均衡的作用,不仅通过部署从服务器可以减轻主服务器的负载压力,还可以提升用户的查询效率。目前,主从服务器之间数据同步的安全性,主要基于TSIG下的多种密钥进行加密进行传输,对于企业内部自建DNS服务器,文章结合多因素认证(MFA)的安全特性,提出了一种简单方便流动性强的安全加密实践方案。
DNS domain name resolution services have adopted a distributed data structure to store vast amounts of“area data”.The main server has uniqueness in a specific area,it is responsible for maintaining the corresponding relationship between domain name and IP address.The secondary service can obtain specified area data from the main server,then it can get and maintain the corresponding relationship between domain name and IP address.In case of the main server goes down,so as to have the effect of backup analytical records and load balance.In This way,deploying secondary server not only relieve the load pressure of main server but also can enhance the user's query efficiency.At present,the security of data synchronization between master and slave servers is mainly based on the encryption and transmission of multiple keys under TSIG.For the internal DNS servers built by enterprises.This paper combined with the security characteristics of multi-factor authentication(MFA),proposed a simple,convenient and highly mobile secure encryption scheme.
作者
周鸣爱
Zhou Mingai(Institute of Cyberspace Security,CCID,Beijing 100846)
出处
《网络空间安全》
2020年第12期80-86,共7页
Cyberspace Security
