CN109922165A - A kind of more root DNSs of common grid - Google Patents
A kind of more root DNSs of common grid Download PDFInfo
- Publication number
- CN109922165A CN109922165A CN201910320239.XA CN201910320239A CN109922165A CN 109922165 A CN109922165 A CN 109922165A CN 201910320239 A CN201910320239 A CN 201910320239A CN 109922165 A CN109922165 A CN 109922165A
- Authority
- CN
- China
- Prior art keywords
- root
- address
- name server
- common grid
- domain name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a kind of more root DNSs of common grid, wherein specifically disclose common grid domain name system (Univernet Domain Name System, abbreviation UDNS), and address UP (Univernet Protocol), existing Internet and its domain name system DNS and IP address will be replaced.A root name server is respectively set under each member in UDNS for the new domain name system of multiple member's corporate managements, and is equality between the root name server of each member, no master-slave.Each member has the network sovereignty of independent flat etc..Multiple members manage UDNS jointly, and the clearly respective rights and duties in the form of pact, can effectively avoid network hegemony phenomenon.
Description
Technical field
The present invention relates to network communication technology field, in particular to a kind of more root DNSs of common grid.
Background technique
The institutional framework of the domain name system (Domain Name System, abbreviation DNS) of current internet Internet is
Tree-like.Rhizosphere name corresponds to the root of tree, and domain names at different levels respectively correspond a node for tree.Tree has unique root, appoints in tree
Two brotghers of node of anticipating have different labels.It, will be to other realities if there is single entities control the root node and its auxiliary root node
Body generates the deterrence of hegemony grade, i.e., can disconnect the internet and its domain name analysis system of other certain entities at any time.
The centralized architecture of DNS at present is where resulting in the root that most of problem generates.It is a three-decker
System.ICANN (The Internet Corporation for Assigned Names and Numbers internet name
With numeric address distributor gear) all are controlled, centrality.What it is in the second layer is domain name registration unit, such as
Verisign, they control top level domain (TLDs), such as .com.That occupy the bottom is domain name registration company, Ta Menzhi
Curstomer-oriented is connect, the retail service of domain name registration is provided, they are the terminal agent of different domain name registration unit in fact.If
DNS breaks down, and user will be difficult to access Web content.And root server is then responsible for .cn, these top level domain of .com .net
Parsing, once break down, it is meant that entire internet is possible at a standstill.
Therefore, how to provide a kind of decentralization and the common grid of domain name mapping process more rhizosphere names system can be simplified
System is those skilled in the art's technical problem urgently to be resolved.
Summary of the invention
The present invention the studies above status and there are aiming at the problem that, in order to avoid network hegemony, the present invention proposes common grid
It (Univernet) and its domain name system (Univernet Domain Name System, abbreviation UDNS) and the address UP, will
Replace existing Internet and its domain name system DNS and IP address.For the new domain name system of multiple member's corporate managements
System, in UDNS, is respectively set a root name server, and be equality between the root name server of each member under each member
, no master-slave.Each member has the network sovereignty of independent flat etc..Multiple members manage UDNS jointly, and in the form of pact
Specify respective rights and duties.
The more root DNSs of a kind of common grid provided by the invention, comprising: several root name servers, the rhizosphere name clothes
Business device saves domain name, and the common fidonetFido with domain name mapping, i.e. UP;It is administered according to the root name server
Its cyberspace of geographical region definition is the rhizosphere of the root name server;The root name server is inversely set using multilayer
Structure elucidation tree carries out domain name supervising and parsing;Root name server is first order name server downwards, the first order domain
The particular number of name server is determined by the parsing task amount of actual burden;It is second level domain under first order name server
Name server, unlimited type, quantity;Wherein, the domain name resolution process of root name server includes:
The first order name server domain name mapping tree according to locating for the UP adress analysis user equipment of user equipment first:
When the domain name managed domain name analytic tree in first order name server rhizosphere carries out analysis request, directly offer service;It is right
When the domain name that domain name mapping tree in other root name server rhizospheres is managed carries out analysis request, the rhizosphere of pre-stored is compared
Name server name list provides parsing if the network user that the request is common grid member issues;It establishes in analytic tree
Trust chain, top-level domain server, secondary domain servers trusting relationship derived from and trust by unified root name server
Starting point.
Preferably, the root name server is also stored with the title of each root name server, public key, letter in common grid
Ren Du, and timestamp for guaranteeing authenticity and use cryptographic Hash made of own private key signature;
Preferably, the coded sequence of domain name are as follows: domain name label rank is successively decreased from left to right.
Preferably, preceding 16m of the address UP are the mark of root name server geographic location, wherein enough when m=1
Current Earth All Countries use, and when m >=2, m ∈ N* can be compatible with other all following planetary networks such as the solar system, milky way galaxy;
UP gives each root name server distribution region code, and each root name server is to each administrative region in oneself compass of competency
Area code is distributed, and distributes the number section of different purposes to different operators.
Preferably, the address UP is used to identify geographical location, network type and the host number where a certain address UP, packet
Include three parts: first 16m is membership location's mark, and it is finally 2 that intermediate 16, which are reserved address position,n+4The address label of byte
Know, wherein n=1~3.
Preferably, the compatible two kinds of address of the root name server carries out network communication, and the means of communication include two
The communication of protocol stack: compatible address is defined, the address IPv4 and IPv6 is embedded in, i.e., fills 0 before the address IPv4 or IPv6.
Preferably, the classification of the address UP includes:
Unicast, unicast address are for the address UP of one interface of unique identification, and host is carried out a little using unicast address
Communication to point;
Multicast, in UP multicast ring, the destination address of data packet identifies a group interface, forms group address;All information
Recipient is added in a group, and once after addition, and the data for flowing to group address immediately begin to transmit to recipient,
All members in group receive data packet;
Anycast, anycast address are the addresses retained in UP agreement, are assigned to the network that one group belongs to different physical nodes and connect
Mouthful;The data message for being sent to anycast address is transmitted to an interface nearest apart from source node in this group interface.
Preferably, it applies for the registration of the step of entering common grid are as follows:
Establish rhizosphere analytic tree;
Root name server title, certificate, public key are provided;There is provided its rhizosphere analytic tree top-level domain onserver-class and
Establish quantity;The specifying information of respective certificate issuing organization, for verifying, auditing;
To respective certificate issuing organization application digital certificate, public private key pair is obtained, record public key and properly saves private key.
Preferably, the step of application change common grid root name server are as follows:
Submit the lists of documents of changed content;
Root name server title, certificate, public key after submitting before changing;The top-level domain clothes of its rhizosphere analytic tree are provided
Business device type and establish quantity;The specifying information of respective certificate issuing organization, for verifying, auditing;
After common grid ballot management software notify and organizes to approve after examination root name server addition common grid under line, jointly
Net ballot management software notice common grid whole member updates the root name server information after changing in root name server.
Preferably, common grid fulfils obligations ability decision degree of belief just according to each root name server;Degree of belief is low
It will remove, then be removed from common grid according to all root name server voting mechanisms in the root name server of preset value
User in root name server rhizosphere can not carry out domain name mapping in common grid.
Compared with the prior art the present invention has the advantages that
The first, domain name mapping tree is managed by common grid member subregion.Safeguard the cyberspace sovereignty of each member, it is real
Now go the domain name mapping at center.Member can neatly adjust the analytic tree knot in its rhizosphere according to its actual conditions according to specification
Structure greatly improves analyzing efficiency.
The second, the use of trust chain and public and private key can effectively resist the malicious attack outside common grid, voting mechanism
Can find in time and handle inside common grid there are the problem of.Under the guarantee of above-mentioned mechanism, the common grid moment can
Efficient operation ensure that the sustainability of robustness and development.The formulation of pact specifies the rights and duties of member, further
It ensure that the safety of common grid and the non-repudiation of domain name resolution process.
Third, the domain name mapping strategy for directly finding first order name server simplify domain name mapping process, from essence
On improve the domain name resolution efficiency of common grid, to significantly reduce the operating pressure of name servers at different levels.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described.It should be evident that the accompanying drawings in the following description is only this
The embodiment of invention for those of ordinary skill in the art without creative efforts, can also basis
The attached drawing of offer obtains other attached drawings.
Fig. 1 is the more rhizosphere name analytic tree structural schematic diagrams of common grid of the present invention;
Fig. 2 is domain name request source of the present invention decision flow chart;
Fig. 3 is the product process figure of cryptographic Hash of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Common grid domain name system (Univernet Domain Name System, abbreviation UDNS) will replace existing domain name system
Unite DNS, is the new domain name system of multiple member's corporate managements.In UDNS, a root domain name service is respectively set under each member
Device, and be equality between the root name server of each member, no master-slave.Each member has the network master of independent flat etc.
Power.Multiple members manage UDNS jointly, and the clearly respective rights and duties in the form of pact.
UDNS common grid administration committee is set up to build, managing common grid jointly.UDNS common grid administration committee is
One common grid ballot management software, the software and all members, that is, correspond to root name server and establish communication.When there is member Shen
When please register into common grid, all members of the software notification vote to it according to its material provided, and tie in ballot
The ballot situation of all members is counted after beam.After voting through, geographical region definition that the committee is administered according to the member
Its cyberspace is the rhizosphere of the member.Each member is responsible for domain name supervising and parsing in its rhizosphere using analytic tree form.When
When member changes common grid root name server, all members of the software notification vote to it according to its material provided,
And the ballot situation of all members is counted after poll closing, and notify whether all members carry out rhizosphere name according to voting results
The update of server info.If it is other to occur maliciously refusal domain name mapping, active attack in the analytic tree that certain member is responsible for
Situations such as resolution server, is then removed it by member's voting mechanism from common grid.The work such as addition, removal pass through member
Between line under agreement complete.The collective interests of maintenance UDNS is the absolute duty of each member.
Domain name in common grid identifies resource address using character string forms, is directly read to avoid remembering by machine
Common address fidonetFido (Univernet Protocal, abbreviation UP) accesses common grid resource convenient for user.Domain in common grid
Name is designed as the label composition separated by a string ", ", for identifying a certain computer when data transmission or calculating the net of unit
Network position.UDNS is a kernel service of common grid.
1.1 common grid Domain Name Form registering sites specifications
In UDNS, domain name is made of a string of labels, and the label in domain name is all by English alphabet, number and hyphen (-)
Composition, each label is no more than 63 characters, and does not distinguish alphabet size and write.Separated between domain name label with ", ".Meanwhile table
Show that highest-ranking domain name label writes on Far Left, the minimum domain name label of rank writes on rightmost.It is made of multiple labels
Fully-Qualified Domain Name is no more than 255 characters in total.
The label of each member according to ISO 3166-1 dibit encoding format writing.Top level domain label in each member's rhizosphere
According to this paper specification writing.
The domain name of UDNS takes written form from left to right, by high-level domain name label to low-level domain name label, i.e.,
Member's label, top level domain label ... form.
Such as the sina company of China, write as cn, com, sina
Such as the Tsinghua University of China, write as cn, edu, tsinghua
1.2 common grid UP address format specifications
Domain name and the address UP correspond in common grid.Due to the member's label and member geographic location phase in domain name
Connection, preceding 16m of the address UP are also defined as the mark of member geographic location.Wherein enough current Earths are all when m=1
Country uses, this mark can compare existing country code table;Other institutes such as the solar system, milky way galaxy can be compatible with when m >=2, m ∈ N*
There are the following planetary networks.
UP gives each member's distribution region code.Each member oneself distributes area code to each administrative region, and to difference
The number section of the different purposes of operator.
The equipment of each networking is required to the address UP.UP maximum feature is to divide network class according to Web vector graphic main body
Type.The address UP can provide the actual informations such as the affiliated industry of user, the country in which it is located, so that address itself has practical significance.
The address UP provides a kind of network address format.The address UP is that the digital body of the routing addressing of common grid host is special
Sign mark.It is one logical address of each network and each host assignment on common grid, is distinguished physically with this
The difference of location.
The definition of the address UP and version
UP coding is a network address code set, and length defines the network address that this is variable length, to avoid the occurrence of ground
Location digit increases continuously and causes address pool huge, and the problem of format confusion, length is typically expressed as 16m+16+2n+4bits(m
=, 1,2...n=, 1,2...).The enough earth All Countries in the address UP use when m >=1, m ∈ N*, m=1, and when m >=2 can be real
Existing following all interspace networkings;N >=1, n ∈ N*, n is UP version of code number, when n=1, referred to as UP v1;When n=2, referred to as UP
V2 etc..It increases continuously to avoid the occurrence of address size and causes address pool huge, it is proposed that length is appropriate.
UP coding can guarantee efficient domain name mapping.The address UP includes 3 parts.
(1) 16m are membership location's marks.Each member's root name server is divided according to the administrative area of itself, work needs
Flexible allocation is sought, according to service condition, a member can apply for multiple marks;Enough current Earth All Countries make when m=1
With the numerical value of m can be increased, to be compatible with the solar system, the milky way galaxy, other galaxies etc. to be compatible with the following interspace networking.Because of m=1
When enough current Earth All Countries use, therefore the following situation that m=1 is only discussed.(2) 16 (3,4 byte) reservations.Each member
Root name server can network classification, work requirements flexible allocation according to itself.Root name server is practical according to itself
After allocation identification symbol and region identifier, the control list of binary string and corresponding practical significance is formed, is read for ginseng.
(3)2n+4The address of byte indicates
General type is expressed as follows:
16mbits member and its administrative area | 16bits retains | 2n+4Bits number |
When n=1, the address of compatible IPv4 is indicated:
00000000 | 00000000 | 00000000 | 00000000 | The address 32bits IPv4 |
When n=3, the address of compatible IPv6 is indicated:
00000000 | 00000000 | 00000000 | 00000000 | The address 128bits IPv6 |
UP encodes geographical location and network type where using a certain address UP of part bit identification, can pass through the address UP
Determine informed source, the security mechanisms such as firewall, access control also can be according to the efficiently and accurately filtering threat of this coding, it is ensured that
Authenticity, improves the flexibility that safety also ensures address distribution.Common grid member is according to rule progress UP
Location distribution.
UP addresses form
UP writes the numeric expression (-, hyphen) that company of taking divides " _ " 16 system.Such as, UPv1 be 8 bytes, 64 two into
System is expressed as 1234_5678_90AB_CDEF, and UP v2 is 12 bytes, and 96 binary systems are expressed as 1234_5678_90AB_
CDEF_1234_5678。
2.2.3 the handoff technique of IP and UP
IPv4 is that most popular network address encodes at present, it is encoded in such a way that network number adds host number,
Network number essence is concept in logic.The length of IPv4 is 32, has had already appeared resource allocation under existing network environment
Nervous problem.
The implementation of IPv6 aims to solve the problem that the problem of IPv4 resource allocation anxiety, uses the data-link layer address (MAC of interface
Address) interface identifier is directly derived, the mark is globally unique.
Multi-protocol stack technology just refers on one device while enabling IP protocol stack (comprising IPv4 and IPv6 protocol stack)
With UP coding protocol stack.
One equipment can be compatible with two kinds of address simultaneously and carry out network communication.If this equipment is a routing
Device can connect two or more types then two or more addresses have been respectively configured on the distinct interface of this router
Network.If this equipment is a computer, it will possess two or more addresses simultaneously, have while handle this
The function of multiple agreements.
The communication of two protocol stacks: a kind of compatible address is defined, is embedded in the address IPv4 and IPv6, i.e., in IPv4 or IPv6
0 is filled before location.Specific address representation is as follows:
The address of compatible IP v4 indicates:
00000000 | 00000000 | 00000000 | 00000000 | The address 32bits IPv4 |
The address of compatible IP v6 indicates:
00000000 | 00000000 | 00000000 | 00000000 | The address 128bits IPv6 |
The address IPv4 or IPv6 can be distinguished by the version number of the fixed stem of data packet.Other than two stack technologies, I
Address support tunneling technique also to be compatible with IPv4 or IPv6.
Country code table
Member and administrative region mark are parsed, by the geographical location of the character string of binary form and member and administrative region
Informational linkage is got up.
In UP encoding scheme, preceding sixteen bit is member and administrative region mark, can be obtained by compareing country code table
Take the geographical location of current IP address.Country code is one group of expression country and the overseas geographic code in territory, existing most mature
Country code standard be ISO3166-1.
Country code table is stored in the database of server.When user end to server sends inquiry request, clothes
Business device removes inquiry database by the address UP, corresponding geographical location information is then extracted from database, and information is fed back
To client.
The classification of UP addresses
First 32 are regular length position, wherein first 8 are member identities position, and intermediate 8 identify for member administrative region
Position;Next 8 are mark ID, and taking the 8th as the flag bit for distinguishing mobile UP indicates current UP when flag bit is 1
Belong to mobile UP.The the 6th, 7 is taken as the difference for distinguishing version, the i.e. value of n and corresponds to 00 when n is 1;It is right when n is 2
Answer 01;When n is 3, corresponding 10, and so on.Remaining 5 and remaining 8 are used as reservation.Following table will by taking n=1 as an example
Address is divided.
As n=1, it is described as follows by taking IPv4 as an example:
A class address:
8bits | 8bits | 8bits | 8bits | 32bits |
Country | Area | Identification number | Network number | Host number |
B class address:
C class address:
When n=1, the address of compatible IPv4 is indicated:
00000000 | 00000000 | 00000000 | 00000000 | The address 32bits IPv4 |
When n=3, the address of compatible IPv6 is indicated:
00000000 | 00000000 | 00000000 | 00000000 | The address 128bits IPv6 |
The address classes of UP
(1) unicast.Unicast address is for the address UP of one interface of unique identification, and host is carried out using unicast address
Point-to-point communication.In above-mentioned addressing classification chart example, A, B, C three classes address belong to unicast address.
(2) multicast.In UP multicast ring, the destination address of data packet identifies a group interface, forms group address.All letters
Breath recipient is added in a group, and once after addition, and the data for flowing to group address immediately begin to pass to recipient
Defeated, all members in group can receive data packet.In above-mentioned addressing classification chart example, D class address is with belonging to multicast
Location.
(3) anycast.Anycast address is the address retained in UP agreement, and different physical nodes may be belonged to by being assigned to one group
Network interface.The data message for being sent to anycast address is transmitted in this group interface apart from source node recently (according to what is used
Routing Protocol is measured) an interface.
It further include the address UP with particular meaning, as shown in the table:
Network UD | Host UD | Particular meaning and description |
Network UD | Full 0 | 0 mark of such End Of Address indicates a complete network |
Full 0 | Host UD | Indicate the address of a host on default network or current network |
Full 0 | Full 0 | Equipment indicates own when not knowing the IP address of oneself, by it |
Network UD | Complete 1 | For the broadcast to All hosts on local network |
Complete 1 | Complete 1 | All hosts on the network |
And reserved, the dedicated, address loopback UP
(1) address is reserved
Reserved address refers to all addresses for special addressing.There is such address block quilt in five kinds of address classes
It assigns for reserving, wherein the reserved address of A, B, C three classes is located at beginning and the end of each classification.In addition, working as
Host has used DHCP function to automatically obtain the address UP, then when your Dynamic Host Configuration Protocol server break down or the response time too
It grows beyond the time as defined in system, windows system can distribute such a address.Such as: 169.254.*.*
In addition to this address is public network address, and the whole world is unique, is generally all used for server.
(2) specific address
When n is arbitrary value, range of three bytes as the specific address for dividing coding after all defaulting.
☆ is in case where the compatible IPV4 of n=1:
1. binary representation:
XXXXXXXX.XXXXXXXX.01111111.00000000.00000000.00000000~
XXXXXXXX.XXXXXXXX.01111111.11111111.11111111.11111111
2. decimal representation: X.X.127.0.0.0~X.X.127.255.255.255
Note: first eight bits are member identities, and secondary eight identify for administrative region, and each administrative region of each member is owned by
The private address range of oneself.
1.3 common grid rhizosphere name space specification
In UDNS, each member manages alone the root name server of this rhizosphere, and is responsible for domain name at different levels in this rhizosphere
Management and parsing.
The name space of each member's rhizosphere is reverse tree construction, and the level of tree is up to 127 layers.With brother's section under node
Point must use different labels.
For top level domain under each member's rhizosphere by it according to uniform rules self-defining, number is no more than fixed ceiling, it is proposed that
No more than 128.
1.4 common grid rhizosphere domain name mapping trees specification
The domain name mapping tree of each member's rhizosphere is multilayer tree, as shown in Figure of description 1.Member's root domain name service
Device is first order name server downwards, it is proposed that its specific type is as follows: each member can be according to the parsing task amount of actual burden
To determine the particular number of every class first order name server.It is second level name server under first order name server,
Its unlimited type, quantity, each member design according to actual needs, safeguard.Greenwich Mean Time is name server at different levels
And its standard time of ancillary equipment.(" UP coding " is shown in specific classification)
Due to the address UP it has been specified that the type of first order name server, when needing to certain domain name server admin
Domain name when being parsed, the first order name server transmission that user can directly correspond to type into the domain name mapping tree is asked
It asks.
Domain name mapping tree of the first order name server first according to the UP adress analysis of user locating for it: in this rhizosphere
When the domain name that domain name mapping tree is managed carries out analysis request, directly offer service;To the domain name mapping in other member's rhizospheres
When setting managed domain name progress analysis request, the root name server name list of its storage is compared, if the request is total
The network user with net member issues, then provides parsing.It, can be using agency's clothes if the request comes from except common grid member
It is engaged in (IPv4 and IPv6 of backward compatible internet).
2 common grid member management specifications
UDNS common grid administration committee provides common grid member rights and obligation, and registration including member is modified and moved back
Out and discharge from.
Common grid member management has fully considered the demand of network security, and trust chain is introduced in domain name resolution process
Way to manage, and derived from by member's root name server and trust starting point.
The type of top-level domain server is divided by established rule.Establish the trust chain in analytic tree, level-one, second level domain
The trusting relationship of server must be derived from by unified trust starting point (by the application of member's root name server to unique certificate send
It is raw).
3.1 common grid member registrations specification
Applying for the registration of, which becomes common grid member, to have the following conditions:
Applying for the registration of, which becomes common grid member, to establish safe and reliable rhizosphere analytic tree according to specification.
Applying for the registration of, which becomes common grid member, provides its root name server title, certificate, public key;The parsing of its rhizosphere is provided
The top-level domain onserver-class of tree and establish quantity;The specifying information of respective certificate issuing organization, for verifying, auditing.
Applying for the registration of becomes any certification authority application digital certificate that common grid member trusts to it, obtains public and private
Key pair records public key and properly saves private key.
After approving newcomer's addition common grid under line after examination, management system adds into the root server of common grid whole member
Newcomer is added to declare information.
This new resource record include the title of newcomer's root name server, public key, degree of belief (set initial value as
d).Whole resource records in existing member's root name server are added into newcomer's root name server simultaneously, i.e., except new
Except member itself, the essential information of whole root name servers in common grid.Timestamp and cryptographic Hash automatically generate.Each member
The name information stored in analytic tree top-level domain server in rhizosphere automatically synchronized update.
3.2 common grid members change specification
Application change, which becomes common grid member, to provide the following conditions:
Application change common grid member should submit the lists of documents of changed content.
Apply for its root name server title, certificate, public key after change common grid member should submit before changing;It is provided
The top-level domain onserver-class of rhizosphere analytic tree and establish quantity;The specifying information of respective certificate issuing organization, for testing
Card, audit.
Approved after examination under line newcomer be added common grid after, management system into the root server of common grid whole member more
Change rear information about firms.
3.3 common grid members exit specification
Common grid member fulfils obligations ability decision degree of belief just according to its root name server.Degree of belief it is too low at
Member will remove from common grid according to member's voting mechanism, then the user in member's rhizosphere will be unable to carry out domain name using UDNS
Parsing.
Top-level domain server is to the analyses and comparison process of the address requestor UP, and the confirmation process in request source.By
It is requested in directly having rejected the domain name mapping except common grid, therefore such request will not cause excessive loads to system.Meanwhile
Due to that can determine the geographical location of requestor according to the address UP of requestor, it is thus possible to be easily positioned the request
Source.Secondary domain servers are parsed by top-level domain server, and the two maintains trusting relationship by trust chain.Rhizosphere name clothes
Business device responds packet to the domain name mapping provided with its private key and is encrypted (signature), is attached to domain name mapping and responds in packet, together
It issues.Top-level domain server receive response packet after, using public key disclosed in root name server to respond packet in signature into
Row decryption.If successful decryption, i.e., result is identical as clear portion in domain name mapping response packet, then illustrates the packet really by rhizosphere
Name server issues, and demonstrates reliability, while also illustrating that data are not distorted in transmission process, demonstrate integrality.Together
Reason when top-level domain server response analysis request, also there is a process for signature.After secondary domain servers receive response packet,
There is the process of a sign test.In this manner, the trust chain between root name server to secondary domain servers is established, and
Trust starting point to be derived from by root name server.
Any one common grid member has a responsibility for managing the network user of itself, has a responsibility for the net in other member's rhizospheres
Network user services.
In the method that maintenance degree of belief is equality.The responsibility that be to oneself be also to common grid, is safeguarded in certain member's rhizosphere
Examining analytic tree in other member's rhizospheres while analytic tree closely whether there is problem.
First name server is found the problem in resolving, the rhizosphere of analytic tree where corresponding requests source is informed
Name server (being set as Ct).These problems are the most important objects of statistics of Ct.Using time T as measurement period, according to problematic amount
And severity determines quasi- reduction numerical value d, the automatic degree of belief for reducing corresponding source.After degree of belief reduces, Ct will be reduced and be operated
Referent and specific value inform Cy (y=1,2 ... t-1, t+1, i).When Cy has found that itself belonging to Ct reduces degree of belief
Object, when Ct reduces the degree of belief of Cy, the degree of belief of Ct is reduced.It is operated after reducing degree of belief, is not needed wide by this
Broadcast informing.
When the degree of belief of Ct discovery Cy is lower than a (a < x), it is believed that Cy has broken one's promise, by the information of Cy from resource record
It deletes and this situation is informed into Cz (z ≠ t and z ≠ y).When the degree of belief of Cz discovery Cy is lower than b (a <b < d), it is believed that Cy is
It breaks one's promise, the information of Cy is deleted from resource record and the conclusion that Ct breaks one's promise feeds back to Ct;If it find that the degree of belief of Cy is not
It lower than b, then not will be deleted Cy, the conclusion for trusting Cy fed back into Ct.Ct count feedback result, when break one's promise/trust > m when, notice
Still trust the server deletion record of Cy;Conversely, notice has deleted the server recovery record of Cy record.
Above-mentioned message transmission is using public and private key protection data integrity and authenticity.General cipher mode are as follows:
E debit's public key { originating party title+E originating party private key (message content) }
The degree of belief of root name server can slowly increase (recovery) as time go on, and T time restores v until reaching d.
It can be seen that the groundwork that the root name server of common grid member is responsible for is exactly degree of belief statistics, and wherein
The update of the essential information of storage in practical situations is not especially frequent.Therefore, it is not necessary to worry degree of belief and voting mechanism meeting
Influence domain name resolution efficiency.
4 common grid member's obligatory norms
It is respected each other between member, member has the obligation for safeguarding and ensuring that analytic tree operates normally in its rhizosphere, comprising:
(1) ensure that trust chain is derived from by unified trust starting point, the identity of all name servers can lead in analytic tree
Cross trust chain certification;
(2) under normal circumstances, all name servers in system can normally provide service.Forbid malice refusal occur
The case where service.Burning issue is encountered, after losing domain name mapping function, should be restored in time;
(3) ensure analytic tree stable structure, it is ensured that the type of top-level domain server meets specification and various types of level-one
It is the load balancing of name server, in stable condition;
(4) its is forbidden actively to carry out using the name server in its rhizosphere to the name server in other member's rhizospheres
Attack;It takes precautions against the name server in its rhizosphere and is passively used in and the name server in other member's rhizospheres is attacked.
5 common grid committee management mechanism
UDNS is substantially a distributed data base.To build the operating environment of equality and establishing efficient voting mechanism,
The resource record stored in member's root name server is redefined.
For the UDNS with i member, the resource record of member Cj schematically as follows:
The root name server of certain member is stored with the title of the root name server of other members, public key, letter in UDNS
Ren Du, and timestamp for guaranteeing authenticity and use Hash (Hash) value made of own private key signature.
Each root name server defines one group of essential information (title, public key, degree of belief), in addition a timestamp and one
A hash value is a resource record, generates timestamp according to Greenwich Mean Time.Whenever essential information addition, modification, all
It needs to carry out Hash operation to new data immediately, to ensure its integrality and authenticity.Increased based on existing hash algorithm
Function increases the function of addition timestamp, indicates the generation time of hash value, represent essential information indirectly before signing
Modification time.Then it uses private key, and essential information and timestamp are signed together.Finally enclose a special resource note
Record, description use private key, or the private key of the new key pair in addition generated, to the signature result of above-mentioned all hash values.Whenever appoint
When the hash value of general resource record of anticipating changes, the record is updated immediately.
After essential information in resource record in relation to Ck changes, the product process of hash value such as 3 institute of Figure of description
Show
The root domain name service that top-level domain server needs whole members is stored in domain name mapping tree in each member's rhizosphere
Device title, to compare the rhizosphere analytic tree in its source when responding user's domain name mapping demand.
6 safety issues
The safety problem of UP mainly prevents data integrity to be destroyed, which can be used the solution of UPSec agreement, should
Agreement is mainly made of authentication header (AH), package safety load (ESP) and security association (SA).AH provides for UP datagram without even
Connect data integrity, message authentication and anti-replay-attack protection;ESP provides confidentiality, data source authentication, connectionless complete
Property, anti-replay and limited transport stream (traffic-flow) confidentiality;SA provides algorithm and data packet, provides AH, ESP operation
Required parameter.
A kind of more root DNSs of common grid provided by the present invention are described in detail above, it is used herein
A specific example illustrates the principle and implementation of the invention, and the above embodiments are only used to help understand originally
The method and its core concept of invention;At the same time, for those skilled in the art, according to the thought of the present invention, specific
There will be changes in embodiment and application range, in conclusion the content of the present specification should not be construed as to of the invention
Limitation.
Herein, relational terms such as first and second and the like be used merely to by an entity or operation with it is another
One entity or operation distinguish, and without necessarily requiring or implying between these entities or operation, there are any this reality
Relationship or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to the packet of nonexcludability
Contain, so that the process, method, article or equipment for including a series of elements not only includes those elements, but also including
Other elements that are not explicitly listed, or further include for elements inherent to such a process, method, article, or device.
In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including the element
Process, method, article or equipment in there is also other identical elements.
Claims (10)
1. a kind of more root DNSs of common grid, it is characterised in that: including several root name servers, the root name server
Save domain name, and the common fidonetFido with domain name mapping, i.e. UP;The geography administered according to the root name server
Region defines the rhizosphere that its cyberspace is the root name server;The root name server uses the reverse tree construction of multilayer
Analytic tree carries out domain name supervising and parsing;Root name server is first order name server downwards, the first order domain name clothes
The particular number of business device is determined by the parsing task amount of actual burden;It is taken under first order name server for second level domain name
Business device, unlimited type, quantity;Wherein, the domain name resolution process of root name server includes:
The first order name server domain name mapping tree according to locating for the UP adress analysis user equipment of user equipment first: to
When the domain name that domain name analytic tree is managed in top-level domain server rhizosphere carries out analysis request, directly offer service;To other
When the domain name that domain name mapping tree in root name server rhizosphere is managed carries out analysis request, the rhizosphere name clothes of pre-stored are compared
Device name list of being engaged in provides parsing if the network user that the request is common grid member issues;Establish the letter in analytic tree
Appoint chain, top-level domain server, secondary domain servers trusting relationship derived from by unified root name server and trust starting point.
2. the more root DNSs of a kind of common grid according to claim 1, which is characterized in that the root name server is also
Be stored with the title of each root name server, public key, degree of belief in common grid, and the timestamp for guaranteeing authenticity and
Cryptographic Hash made of being signed using own private key.
3. the more root DNSs of a kind of common grid according to claim 1, which is characterized in that the coded sequence of domain name
Are as follows: domain name label rank is successively decreased from left to right.
4. the more root DNSs of a kind of common grid according to claim 1, which is characterized in that preceding 16m of the address UP are
The mark of root name server geographic location, wherein m >=1;UP gives each root name server distribution region code, each
Root name server distributes area code to administrative region each in oneself compass of competency, and distributes different purposes to different operators
Number section.
5. the more root DNSs of a kind of common grid according to claim 1 or 4, which is characterized in that the address UP is used for
Identify geographical location, network type and the host number where a certain address UP, including three parts: first 16m is membership location
Mark, it is finally 2 that intermediate 16, which are reserved address position,n+4The address of byte identifies, wherein n=1~3.
6. the more root DNSs of a kind of common grid according to claim 1, which is characterized in that the root name server is simultaneous
Hold two kinds of address and carry out network communication, communication means includes the communication of two protocol stacks: defining compatible address, insertion
The address IPv4 and IPv6 fills 0 before the address IPv4 or IPv6.
7. the more root DNSs of a kind of common grid according to claim 1, which is characterized in that the classification packet of the address UP
It includes:
Unicast, unicast address are for the address UP of one interface of unique identification, and host is carried out point-to-point using unicast address
Communication;
Multicast, in UP multicast ring, the destination address of data packet identifies a group interface, forms group address;All information receives
Person is added in a group, and once after addition, and the data for flowing to group address immediately begin to transmit to recipient, in group
All members receive data packet;
Anycast, anycast address are the addresses retained in UP agreement, are assigned to one group of network interface for belonging to different physical nodes;Hair
The data message for being sent to anycast address is transmitted to an interface nearest apart from source node in this group interface.
8. the more root DNSs of a kind of common grid according to claim 1, which is characterized in that apply for the registration of and enter common grid
The step of are as follows:
Establish rhizosphere analytic tree;
Root name server title, certificate, public key are provided;The top-level domain onserver-class of its rhizosphere analytic tree is provided and is proposed
Vertical quantity;The specifying information of respective certificate issuing organization, for verifying, auditing;
To respective certificate issuing organization application digital certificate, public private key pair is obtained, record public key and properly saves private key.
9. the more root DNSs of a kind of common grid according to claim 1, which is characterized in that application change common grid rhizosphere
The step of name server are as follows:
Submit the lists of documents of changed content;
Root name server title, certificate, public key after submitting before changing;The top-level domain server of its rhizosphere analytic tree is provided
Type and establish quantity;The specifying information of respective certificate issuing organization, for verifying, auditing;
Common grid ballot management software notifies and organizes after approving root name server addition common grid under line after examination that common grid is thrown
Ticket management software notifies common grid whole member to update the root name server information after changing in root name server.
10. the more root DNSs of a kind of common grid according to claim 1, which is characterized in that common grid is according to each
Name server fulfils obligations ability decision degree of belief just;Degree of belief will be according to all lower than the root name server of preset value
Root name server voting mechanism is removed from common grid, then the user in root name server rhizosphere being removed can not be altogether
With progress domain name mapping in net.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910320239.XA CN109922165B (en) | 2019-04-19 | 2019-04-19 | Multi-domain name system of common network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910320239.XA CN109922165B (en) | 2019-04-19 | 2019-04-19 | Multi-domain name system of common network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109922165A true CN109922165A (en) | 2019-06-21 |
CN109922165B CN109922165B (en) | 2021-10-15 |
Family
ID=66977965
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910320239.XA Expired - Fee Related CN109922165B (en) | 2019-04-19 | 2019-04-19 | Multi-domain name system of common network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109922165B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020258694A1 (en) * | 2019-06-25 | 2020-12-30 | 苏州梦嘉信息技术有限公司 | Domain name management method and system |
WO2021036707A1 (en) * | 2019-08-29 | 2021-03-04 | 北京大学深圳研究生院 | Post ip sovereign network architecture |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102045413A (en) * | 2011-01-24 | 2011-05-04 | 北京邮电大学 | DHT expanded DNS mapping system and method for realizing DNS security |
CN107613041A (en) * | 2017-09-22 | 2018-01-19 | 中国互联网络信息中心 | DNS management system, domain name management method and domain name analytic method based on block chain |
CN108064444A (en) * | 2017-04-19 | 2018-05-22 | 北京大学深圳研究生院 | A kind of domain name analysis system based on block chain |
CN108768853A (en) * | 2018-04-23 | 2018-11-06 | 上海海事大学 | Distributed mixing domain name system and method based on domain name router |
CN109327562A (en) * | 2018-12-10 | 2019-02-12 | 中共中央办公厅电子科技学院 | Domain name storage system and method based on block chain |
CN109347996A (en) * | 2018-12-10 | 2019-02-15 | 中共中央办公厅电子科技学院 | A kind of DNS domain name acquisition system and method |
-
2019
- 2019-04-19 CN CN201910320239.XA patent/CN109922165B/en not_active Expired - Fee Related
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102045413A (en) * | 2011-01-24 | 2011-05-04 | 北京邮电大学 | DHT expanded DNS mapping system and method for realizing DNS security |
CN108064444A (en) * | 2017-04-19 | 2018-05-22 | 北京大学深圳研究生院 | A kind of domain name analysis system based on block chain |
CN107613041A (en) * | 2017-09-22 | 2018-01-19 | 中国互联网络信息中心 | DNS management system, domain name management method and domain name analytic method based on block chain |
CN108768853A (en) * | 2018-04-23 | 2018-11-06 | 上海海事大学 | Distributed mixing domain name system and method based on domain name router |
CN109327562A (en) * | 2018-12-10 | 2019-02-12 | 中共中央办公厅电子科技学院 | Domain name storage system and method based on block chain |
CN109347996A (en) * | 2018-12-10 | 2019-02-15 | 中共中央办公厅电子科技学院 | A kind of DNS domain name acquisition system and method |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020258694A1 (en) * | 2019-06-25 | 2020-12-30 | 苏州梦嘉信息技术有限公司 | Domain name management method and system |
WO2021036707A1 (en) * | 2019-08-29 | 2021-03-04 | 北京大学深圳研究生院 | Post ip sovereign network architecture |
Also Published As
Publication number | Publication date |
---|---|
CN109922165B (en) | 2021-10-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10474795B2 (en) | Enhancement to volume license keys | |
US8281377B1 (en) | Remote access manager for virtual computing services | |
US9497159B2 (en) | System and method for IP network semantic label storage and management | |
CN102045413B (en) | DHT expanded DNS mapping system and method for realizing DNS security | |
CN101924801B (en) | IP (Internet Protocol) address management method and system as well as DHCP (Dynamic Host Configuration Protocol) server | |
KR101085638B1 (en) | Secure hierarchical namespaces in peer-to-peer networks | |
CN110012119B (en) | A kind of IP address prefix authorization and management method | |
US11368450B2 (en) | Method for bidirectional authorization of blockchain-based resource public key infrastructure | |
US10341286B2 (en) | Methods and systems for updating domain name service (DNS) resource records | |
CN109688243A (en) | Sensing node IPv6 address distribution method based on trusted identity mark | |
CN109922165A (en) | A kind of more root DNSs of common grid | |
CN103051643B (en) | Fictitious host computer secure connection dynamic establishing method and system under cloud computing environment | |
CN110868446A (en) | Back IP main power network system architecture | |
CN105245625A (en) | Tracing system across multiple management domains | |
US7779093B1 (en) | Proxy for network address allocation | |
US8615655B2 (en) | Methods and devices for packet tagging using IP indexing via dynamic-length prefix code | |
CN106470248A (en) | The hot spare method of DNSSEC Digital signature service and system | |
CN116432239B (en) | Personal information service system based on block chain | |
CN113315764B (en) | ARP attack-preventing data packet sending method and device, router and storage medium | |
Farrer | RFC 9243: A YANG Data Model for DHCPv6 Configuration | |
Zhang et al. | Research and Implementation of Future Network IPV9 | |
KR20030052452A (en) | SECURE AUTOMATIC CONFIGURATION METHOD OF MULTICAST ADDRESSES IN IPv6-BASED NODES IN NETWORK LAYER | |
CN101888372A (en) | Method and device for generating host identity protocol package | |
Li et al. | Research of Subnetting Based on Huffman Coding | |
Chong et al. | Research on the Address Structure of Decimal Network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20211015 |