A DNS Root Zone Management Architecture Based on Consortium Blockchain

Journal of Information Security Reserach ›› 2024, Vol. 10 ›› Issue (7): 602-.

Previous Articles Next Articles

A DNS Root Zone Management Architecture Based on Consortium Blockchain

Zhang Yu1,3, Feng Yuming3,4, Zhang Weizhe3,4,1, and Fang Binxing2,3,4

1(School of Cyberspace Science, Harbin Institute of Technology, Harbin 150001)
2(Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006)
3(Department of New Networks, Peng Cheng Laboratory, Shenzhen, Guangdong 518055)
4(School of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), Shenzhen, Guangdong 518055)

Online:2024-07-14 Published:2024-07-18

基于联盟式区块链的域名系统根区管理体系

张宇1,3冯禹铭3,4张伟哲3,4,1方滨兴2,3,4

1(哈尔滨工业大学网络空间安全学院哈尔滨150001)
2(广州大学网络空间先进技术研究院广州510006)
3(鹏城实验室新型网络研究部广东深圳518055)
4(哈尔滨工业大学(深圳)计算机科学与技术学院广东深圳518055)

通讯作者: 张伟哲博士，教授.主要研究方向为网络空间安全、数据安全、高性能计算. wzzhang@hit.edu.cn
作者简介:张宇博士，教授.主要研究方向为互联网关键资源安全、网络拓扑测量、未来网络体系. yuzhang@hit.edu.cn 冯禹铭博士研究生，工程师.主要研究方向为互联网关键资源安全、物联网安全、区块链安全. fengym@pcl.ac.cn 张伟哲博士，教授.主要研究方向为网络空间安全、数据安全、高性能计算. wzzhang@hit.edu.cn 方滨兴博士，教授，中国工程院院士.主要研究方向为计算机体系结构、计算机网络、信息安全. bxfang@cae.cn

Abstract

Abstract: The centralized root architecture of Domain Name System (DNS) in the current Internet is accompanied by longterm concerns: on one hand, the country code toplevel domain may be out of control due to the destruction of the root authority function; on the other hand, it is worried that decentralized root alternatives will cause the domain name space to split. The root cause of the above concerns lies in the lack of autonomy and transparency in current and alternative root zone management, leading to a lack of trust in the current root authority or alternative solutions. This paper describes a new DNS root zone management architecture, the root consensus chain, to enhance mutual trust and ease the concerns of all parties. Multiple autonomous registries participate in root zone management in the root consensus chain. Each registry has a country code toplevel domain and root server operators to jointly build a consortium blockchainbased root zone management system. While maintaining a unified name space and a unique global root authority, the root consensus chain improves autonomy through the establishment of a root community by the root consensus chain managers; improves transparency by recording and executing the agreements among the parties and the operation of the root zone. The experimental results based on the real network research testbed show that the root consensus chain can effectively cope with the above concerns, and it has good feasibility and practicability.

Key words: DNS, root server, root zone management, consortium blockchain, registry

摘要： 当前互联网域名系统的中心化根体系伴随着长期的担忧：一方面担忧国家代码顶级域可能由于根权威职能被破坏而失控；另一方面担忧去中心化的根替代方案会导致域名空间分裂.上述担忧的根源在于当前和替代的根区管理在自治化和透明化上不足，导致对当前的根权威或替代方案的不信任.为解决上述问题，提出一种新的域名系统根区管理体系——根共识链，通过增强互信缓解各方担忧.根共识链中多个自治的注册局共同参与根区管理，每个注册局下辖国家代码顶级域和根服务器运营者，共同构建一个基于联盟式区块链的根区管理体系.根共识链在维护统一域名空间和唯一全球根权威的同时，通过根共识链管理者们建立根共同体提高自治性，通过区块链记录和执行各方协议以及根区操作提高透明性.基于现网科研测试床的实验结果表明，根共识链能够有效应对上述担忧，具有良好的可行性与实用性.

关键词: 域名系统, 根服务器, 根区管理, 联盟式区块链, 注册局

CLC Number:

TP309.2

张宇, 冯禹铭, 张伟哲, 方滨兴, . 基于联盟式区块链的域名系统根区管理体系[J]. 信息安全研究, 2024, 10(7): 602-.

References

［1］段海新. 从根上治理互联网：互联网治理与网络空间的驯化［M］. 北京: 电子工业出版社, 2019［2］Von Arx K G, Hagan G R. Sovereigndomains: A declaration of independence of ccTLDs from foreign control［J］. Richmond Journal of Law & Technology, 2002, 9(1): 430［3］方滨兴. 论网络空间主权［M］. 北京: 科学出版社, 2017［4］Kumari W A, Hoffman P E. RFC 8806 Running a root server local to a resolver［S］. Wilmington, DE: The Internet Engineering Task Force (IETF), 2020［5］Allman M. On eliminating root nameservers from the DNS［C］ Proc of the 18th ACM Workshop on Hot Topics in Networks. New York: ACM, 2019: 18［6］De Vey Mestdagh C N J, Rijgersberg R W. Rethinking accountability in cyberspace: A new perspective on ICANN［J］. International Review of Law, Computers & Technology, 2007, 21(1): 2738［7］MouC. DNS is the Internet pivotal basics and fundamental［J］. International Journal of Advanced Network, Monitoring and Controls, 2022, 7(2): 1123［8］Jones B, Feamster N, Paxson V, et al. Detecting DNS root manipulation［C］ Proc of Passive and Active Measurement Conf 2016. Madrid: IMDEA Networks, 2016: 276288［9］Karaarslan E, Adiguzel E. Blockchain based DNS and PKI solutions［J］. IEEE Communications Standards Magazine, 2018, 2(3): 5257［10］延志伟, 耿光刚, 李洪涛, 等. DNS根服务体系的发展研究［J］. 网络与信息安全学报, 2017, 3(3): 112［11］Cox R, Muthitacharoen A, Morris R T. Serving DNS using a peertopeer lookup service［C］ Proc of the 1st Int Workshop on PeertoPeer Systems. Berlin: Springer. 2002: 155165［12］Park K S, Pai V S, Peterson L L, et al. CoDNS: Improving DNS performance and reliability via cooperative lookups［C］  Proc of the 6th Symp on Operating Systems Design and Implementation. Berkeley, CA: USENIX Association, 2004: 116［13］Ramasubramanian V, Sirer E G. The design and implementation of a next generation name service for the internet［J］. ACM SIGCOMM Computer Communication Review, 2004, 34(4): 331342［14］Freedman M J, Freudenthal E, Mazieres D. Democratizing content publication with coral［C］ Proc of the 1st Symp on Networked Systems Design and Implementation. Berkeley, CA: USENIX Association, 2004: 115［15］Wachs M, Schanzenbach M, Grothoff C. On the feasibility of a censorship resistant decentralized name system［C］ Proc of the 6th Int Symp on Foundations and Practice of Security. New York: ACM, 2013: 1930［16］AlMashhadi S, Manickam S. A brief review of blockchainbased DNS systems［J］. International Journal of Internet Technology and Secured Transactions, 2020, 10(4): 420432［17］张宇, 夏重达, 方滨兴, 等. 一个自主开放的互联网根域名解析体系［J］. 信息安全学报, 2017, 2(4): 5769［18］He G, Su W, Gao S, et al. TDRoot: A trustworthy decentralized DNS root management architecture based on permissioned blockchain［J］. Future Generation Computer Systems, 2020, 102: 912924［19］Wang X, Li K, Li H, et al. ConsortiumDNS: A distributed domain name service based on consortium chain［C］ Proc of the 19th IEEE Int Conf on High Performance Computing and Communications. Piscataway, NJ: IEEE, 2017: 617620［20］Ali M, Nelson J, Shea R, et al. Blockstack: A global naming and storage system secured by blockchains［C］ Proc of the 2016 USENIX Annual Technical Conf. Berkeley, CA: USENIX Association, 2016: 181194［21］Chang T H, Svetinovic D. Data analysis of digital currency networks: Namecoin case study［C］ Proc of the 21st Int Conf on Engineering of Complex Computer Systems. Piscataway, NJ: IEEE, 2016: 122125［22］Liu Y, Zhang Y, Zhu S, et al. A comparative study of blockchainbased DNS design［C］ Proc of the 2nd Int Conf on Blockchain Technology and Applications. New York: ACM, 2019: 8692［23］Rajendran B, Palaniappan G, Dijesh R, et al. A universal domain name resolution serviceneed and challengesstudy on blockchain based naming services［C］ Proc of the 2022 IEEE Region 10 Symp. Piscataway, NJ: IEEE, 2022: 16［24］雷凯, 束方兴, 黄磊, 等. 面向跨域可信的泛中心化区块链DNS架构研究［J］. 网络与信息安全学报, 2020, 6(2): 1934［25］Li Z, Gao S, Peng Z, et al. BDNS: A secure and efficient DNS based on the blockchain technology［J］. IEEE Trans on Network Science and Engineering, 2021, 8(2): 16741686［26］邓锦禧, 韩毅, 苏申, 等. 一种基于联盟管理的高效分布式域名系统［J］. 信息安全学报, 2024, 9(1): 95110

[1]	. Research on Security Risks and Protection of Container Images [J]. Journal of Information Security Reserach, 2023, 9(8): 792-.
[2]	. Research on Browser Security and Trusted Architecture Under Xinchuang System [J]. Journal of Information Security Reserach, 2021, 7(4): 328-334.
[3]	. Fast-flux Botnet Domain Detection Method Base On Network Traffic [J]. Journal of Information Security Research, 2020, 6(5): 388-395.
[4]	. The Chanllenges of IPv6 Development and Network Security in China [J]. Journal of Information Security Research, 2019, 5(3): 261-272.
[5]	. Evidence Extraction of USB Storage Device Accessing Traces under the Windows 7 System [J]. Journal of Information Security Research, 2016, 2(4): 333-338.

A DNS Root Zone Management Architecture Based on Consortium Blockchain

基于联盟式区块链的域名系统根区管理体系

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 5

Recommended Articles

Metrics