摘要
当前互联网域名系统的中心化根体系伴随着长期的担忧:一方面担忧国家代码顶级域可能由于根权威职能被破坏而失控;另一方面担忧去中心化的根替代方案会导致域名空间分裂.上述担忧的根源在于当前和替代的根区管理在自治化和透明化上不足,导致对当前的根权威或替代方案的不信任.为解决上述问题,提出一种新的域名系统根区管理体系——根共识链,通过增强互信缓解各方担忧.根共识链中多个自治的注册局共同参与根区管理,每个注册局下辖国家代码顶级域和根服务器运营者,共同构建一个基于联盟式区块链的根区管理体系.根共识链在维护统一域名空间和唯一全球根权威的同时,通过根共识链管理者们建立根共同体提高自治性,通过区块链记录和执行各方协议以及根区操作提高透明性.基于现网科研测试床的实验结果表明,根共识链能够有效应对上述担忧,具有良好的可行性与实用性.
The centralized root architecture of Domain Name System(DNS)in the current Internet is accompanied by longterm concerns:on one hand,the country code toplevel domain may be out of control due to the destruction of the root authority function;on the other hand,it is worried that decentralized root alternatives will cause the domain name space to split.The root cause of the above concerns lies in the lack of autonomy and transparency in current and alternative root zone management,leading to a lack of trust in the current root authority or alternative solutions.This paper describes a new DNS root zone management architecture,the root consensus chain,to enhance mutual trust and ease the concerns of all parties.Multiple autonomous registries participate in root zone management in the root consensus chain.Each registry has a country code toplevel domain and root server operators to jointly build a consortium blockchainbased root zone management system.While maintaining a unified name space and a unique global root authority,the root consensus chain improves autonomy through the establishment of a root community by the root consensus chain managers;improves transparency by recording and executing the agreements among the parties and the operation of the root zone.The experimental results based on the real network research testbed show that the root consensus chain can effectively cope with the above concerns,and it has good feasibility and practicability.
作者
张宇
冯禹铭
张伟哲
方滨兴
Zhang Yu;Feng Yuming;Zhang Weizhe;Fang Binxing(School of Cyberspace Science,Harbin Institute of Technology,Harbin 150001;Cyberspace Institute of Advanced Technology,Guangzhou University,Guangzhou 510006;Department of New Networks,Peng Cheng Laboratory,Shenzhen,Guangdong 518055;School of Computer Science and Technology,Harbin Institute of Technology(Shenzhen),Shenzhen,Guangdong 518055)
出处
《信息安全研究》
CSCD
北大核心
2024年第7期602-615,共14页
Journal of Information Security Research
基金
鹏城实验室重大攻关项目(PCL2023A05)
深圳市高等院校稳定支持计划重点项目(GXWD20220817124251002)。