摘要
DNS作为互联网的基础服务,其安全可靠运行对互联网影响巨大,也因此受到黑客的日益关注,安全事件层出不穷。通过分析目前DNS的安全现状,针对其在安全方面存在的不足,提出了一种基于服务群的DNS安全抗毁体系架构,给出了该架构下的两个重要协议—群建立协议和群协商协议,最后通过构建仿真模型验证了该方法的抗毁效能。仿真结果表明,与传统的主备模式相比,该方法大大提高了DNS服务的可用性与正确性,具备更强的安全抗毁能力。
As a basic service of the Internet,DNS has a huge impact on the Internet,and receives increasing attention from hackers,and security incidents emerge constantly.By analyzing the current security status of DNS,and aiming at its shortcomings in security,a DNS Security anti-destruction architecture based on service group is proposed,and two important protocols under the architecture—group establishment protocol and group negotiation protocol are given.Then,the anti-destructive performance of the method is verified by constructing a simulation model.The simulation results indicate that compared with the traditional active/standby mode,this method greatly improves the availability and correctness of the DNS service and has stronger security and damage resistance.
作者
冷冰
马晓旭
刘坚
LENG Bing;MA Xiao-xu;LIU Jian(No.30 Institute of CETC,Chengdu Sichuan 610041,China;China Cyber Security Co.,Ltd.,Chengdu Sichuan 610041,China)
出处
《通信技术》
2019年第7期1744-1750,共7页
Communications Technology
关键词
域名系统
安全
抗毁
拜占庭容错
服务群
DNS
security
anti-destruction
Byzantine fault tolerance
service group
