CN110880966A - Domain name resolution system building and domain name query method - Google Patents
Domain name resolution system building and domain name query method Download PDFInfo
- Publication number
- CN110880966A CN110880966A CN201911162111.1A CN201911162111A CN110880966A CN 110880966 A CN110880966 A CN 110880966A CN 201911162111 A CN201911162111 A CN 201911162111A CN 110880966 A CN110880966 A CN 110880966A
- Authority
- CN
- China
- Prior art keywords
- domain name
- ipfs
- building
- quintuple
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
Abstract
A domain name resolution system building and domain name query method based on IPFS and Hyperhedger Fabric relates to a domain name resolution system building and domain name query method, and belongs to the field of domain name resolution software development. The invention aims to verify the authenticity of the file stored by the IPFS node. The method comprises the following steps: building an IPFS cluster for storing domain name resolution resource record files based on the IPFS; building a block chain super account book for storing domain name signature quintuple based on HyperLegger Fabric; and performing domain name query by using the built IPFS cluster and Hyperridge Fabric blockchain hyper-book. The invention solves the problem of storing domain name resource records and digital signatures based on IPFS and Hyperridge Fabric. The invention uses the characteristics of IPFS distributed storage to store the resource record files required by domain name resolution.
Description
Technical Field
The invention relates to a domain name resolution system building and domain name query method, and belongs to the field of domain name resolution software development.
Background
The domain name resolution system is a system for returning an IP corresponding to a domain name according to an inquired domain name, the domain name resource record needs to be stored to realize the domain name resolution system, and meanwhile, in order to ensure the authenticity of the resource record, a digital signature technology needs to be used for ensuring the authenticity of a storage resource record file. IPFS (the Inter Planetary File System) is a peer-to-peer distributed File system that provides a high-throughput content-addressing-based block storage model, as well as content-addressing hyperlinks. Is a network transport protocol aimed at creating persistent and distributed storage and shared files. The nodes in the IPFS network will constitute a distributed file system.
Hyperridge Fabric is a alliance type open source block chain development platform, the block chain technology is a distributed account book formed by adding blocks confirmed by consensus in sequence through a cryptographic technology, and transactions through a node consensus mechanism are recorded in the account book. Transaction information is grouped into blocks in order, each block bound to a hash value of a previous block, all transactions being maintained in common by peers in the chain of blocks. The prior art with the reference number CN110012126A discloses a DNS system based on the blockchain technique, and does not mention the authenticity verification requirement for the files stored by the IPFS node. The prior art does not provide relevant technical means for the authenticity verification requirement of the file stored by the IPFS node.
Disclosure of Invention
The invention provides a domain name resolution system building and domain name query method based on IPFS and Hyperhedger Fabric in order to verify the authenticity of a file stored in an IPFS node and the domain name resolution function.
The technical scheme adopted by the invention for solving the technical problems is as follows:
a domain name resolution system building and domain name query method based on IPFS and Hyperridge Fabric comprises the following steps:
and step 3, performing domain name query by the IPFS cluster in the step one and the Hyperhedger Fabric block chain hyper-book combination in the step two.
Further, the IPFS cluster building in the step 1 is according to the steps of: and building a plurality of foreign cloud server IPFS nodes, interconnecting the IPFS nodes, testing connectivity of the IPFS nodes, uploading domain name files and recording domain name hash fingerprints.
Further, the hyper-ledger Fabric block chain hyper-ledger building in the step 2 is according to the steps of: and (2) establishing four Hyperhedge Fabric network nodes of orderer, peer, chaincode and client, loading an intelligent contract, generating a public and private key pair by the client node for signature, generating a five-tuple, and storing the five-tuple in the super account book.
Further, the domain name query in step 3 is according to the steps of: querying a quintuple corresponding to the domain name, verifying a signature in the quintuple, acquiring a domain name file, acquiring a specific resource record, and returning a domain name query result.
Further, the IPFS cluster is used to store a domain name resolution resource record file domain file, and the IPFS cluster building step includes:
1.1 building IPFS nodes based on a cloud server with independent public network IP addresses, wherein the building process of each IPFS node comprises network configuration, IPFS loading, IPFS initialization and IPFS address acquisition;
1.2, interconnecting each IPFS node set up in 1.1, forming an initial IPFS cluster after interconnecting the IPFS nodes, wherein each IPFS node can upload a resource record file Domain File containing domain name data;
1.3, testing the interconnection of IPFS nodes, and testing the interconnection condition among all IPFS nodes to ensure the intercommunication of the whole IPFS cluster network;
1.4 uploading a domain name file, wherein the domain name file is a resource file of domain name data and comprises a quintuple of domain name resource records needing to be uploaded, and the resource file is uploaded to an IPFS network through an IPFS node;
1.5, recording the domain name hash fingerprint DomainHash, and recording the hash fingerprint DomainHash corresponding to each uploaded DomainFile.
Further, the hyper ledger book is used for storing a five-tuple of the domain name signature, and the hyper hedger Fabric block chain hyper ledger book building step comprises the following steps:
2.1, setting up four HyperLegger Fabric network nodes, wherein the four nodes are respectively: sequencing nodes orderer, peer nodes Peer, chain code nodes chaincode and user nodes client, starting and loading intelligent contracts;
2.2 generate signature and store quintuple to super book, including steps:
(1) the client node determines an encryption algorithm and the key length and generates a root public and private key pair;
(2) acquiring all domain names DomainName and domain name hash fingerprints DomainHash from an IPFS network, and generating a public and private key pair of the DomainName, wherein the public key is DomainPubkey; executing signature operation on each item, signing the domain name and the domain public key DomainPubskey to obtain a signature result Pubsign, signing the domain name and the domain hash fingerprint DomainHash to obtain a signature result HashSign, and finally obtaining a quintuple (Domainname, DomainHash, DomainPubskey, Pubsign, HashSign);
(3) converting each quintuple (DomainName, DomainHash, DomainPubkey, PubkeySign, HashSign) obtained in the step (2) into a (key, value) pair, wherein the key value is DomainName, and the value of the value is quintuple;
(4) and (3) writing each key, value pair obtained in the step (3) into the block by using the HyperLegger Fabric node constructed in the step 2.1.
Further, the domain name query step is as follows:
3.1 inquiring quintuple corresponding to the domain name: extracting a top-level domain name from the query domain name, taking the top-level domain name as a key, querying a quintuple corresponding to the key in a hyper-tree Fabric block super book built before, generating a query operation set by an intelligent contract, submitting the query operation set to a peer node, and returning a query result quintuple by the peer node;
3.2 verify the signature in the quintuple: verifying the signature PubkeySign in the quintuple by using a root public key acquired from the client node, and verifying the signature HashSign by using DomainPubkey in the quintuple;
3.3 obtaining domain name file Domain file: obtaining a domain name hash fingerprint DomainHash from a quintuple with successful signature verification, obtaining a domain name file DomainFile from the IPFS network which is set up before by using the DomainHash,
3.4 after obtaining the specific resource record to obtain the Domain File, taking out all resource records containing the query term from the Domain File according to the query term, and extracting all IP addresses from the resource records;
and 3.5, returning a domain name query result, and returning an IP address list obtained by query, namely the domain name query result.
The invention has the following beneficial technical effects:
in order to meet the authenticity verification requirement of the file stored by the IPFS node, the invention adopts Hyperhedger Fabric to construct a block chain super ledger book for storing a domain name signature quintuple. The main content of the invention comprises: building an IPFS cluster for storing domain name resolution resource record files based on the IPFS; building a block chain super account book for storing domain name signature quintuple based on HyperLegger Fabric; and performing domain name query by using the built IPFS cluster and Hyperridge Fabric blockchain hyper-book. The invention solves the problem of storing domain name resource records and digital signatures based on IPFS and Hyperridge Fabric. The invention uses the characteristics of IPFS distributed storage to store the resource record files required by domain name resolution.
Drawings
FIG. 1 is a block diagram of the structure of the method of the present invention; FIG. 2 is a graph showing a cumulative profile of a file read from an IPFS, in which a comparison of a time of reading an IPFS network with a total time of domain name interpretation is shown in (a) and (b) of FIG. 2; FIG. 3 is a graph of cumulative profiles of a single read of a Fabric hyper book, wherein (a) and (b) in FIG. 3 show the comparison of the time of the single read of the Fabric hyper book to the time of domain name resolution based on the Fabric; FIG. 4 is a graph comparing the percentage of time that the Fabric protocol and IPFS protocol affect factors.
Detailed description of the preferred embodiments
The invention provides a domain name resolution system building and domain name query method based on IPFS and Hyperhedger Fabric, as shown in FIG. 1, wherein the label 1 is IPFS cluster building, the label 2 is Hyperhedger Fabric block chain hyper account book building, the label 3 is domain name query, and the main contents comprise:
an IPFS cluster building method. The IPFS cluster is used for storing a domain name resolution resource record file Domain File, and the IPFS cluster building step comprises the following steps:
1.1 building IPFS nodes based on a cloud server with independent public network IP addresses, wherein the building process of each IPFS node comprises network configuration, IPFS loading, IPFS initialization and IPFS address acquisition.
1.2 interconnect each IPFS node built in 1.1. After the IPFS nodes are interconnected, an initial IPFS cluster can be formed, and each IPFS node can upload a resource record file Domain File containing domain name data.
1.3 testing IPFS node interconnect. And testing the interconnection condition among all IPFS nodes to ensure the intercommunication of the whole IPFS cluster network.
1.4 uploading domain name file Domain File. The Domain file is a resource file of domain name data, and comprises a quintuple of domain name resource records needing to be uploaded, and the resource file is uploaded to an IPFS network through an IPFS node.
1.5 record domain name hash fingerprint DomainHash. And recording the hash fingerprint DomainHash corresponding to each uploaded DomainFilter.
A hyper ledger construction method of HyperLegger Fabric block chains. The super account book is used for storing a five-tuple of domain name signatures, and comprises the following steps:
2.1, setting up four HyperLegger Fabric network nodes, wherein the four nodes are respectively: orderer, peer, chaincode, client, launch and load intelligent contracts.
2.2 generate signature and store quintuple to super book, including steps:
(1) and the client node determines an encryption algorithm and the key length and generates a root public and private key pair.
(2) And acquiring all domain names DomainName and domain name hash fingerprints DomainHash from the IPFS network to generate a public and private key pair of the DomainName, wherein the public key is DomainPubkey. And executing signature operation on each item, signing the domain name and the domain public key DomainPubskey to obtain a signature result Pubsign, signing the domain name and the domain hash fingerprint DomainHash to obtain a signature result HashSign, and finally obtaining a quintuple (Domainname, DomainHash, DomainPubskey, Pubsign, HashSign).
(3) Converting each quintuple (DomainName, DomainHash, DomainPubkey, PubkeySign, HashSign) obtained in (2) into a (key, value) pair, wherein the key has a value of DomainName and the value of quintuple.
(4) And (3) writing each key, value pair obtained in the step (3) into the block by using the HyperLegger Fabric node constructed in the step 2.1.
3. A domain name query method. The specific domain name query steps are as follows:
3.1 inquiring the quintuple corresponding to the domain name. Extracting a top-level domain name from the query domain name, taking the top-level domain name as a key, querying a quintuple corresponding to the key in the previously-built HyperLegendr Fabric block hyper book, generating a query operation set by an intelligent contract, submitting the query operation set to a peer node, and returning a query result quintuple by the peer node.
3.2 verify the signature in the quintuple. And verifying the signature PubkeySign in the quintuple by using the root public key acquired from the client node, and verifying the signature HashSign by using the DomainPubkey in the quintuple.
3.3 obtaining domain name file Domain file. Obtaining a domain name hash fingerprint DomainHash from a quintuple with successful signature verification, obtaining a domain name file DomainFile from the IPFS network which is set up before by using the DomainHash,
and 3.4, after the specific resource records are obtained to obtain the Domain File, all the resource records containing the query items are taken out from the Domain File according to the query items, and all the IP addresses are extracted from the resource records.
3.5 return the domain name query result. And returning the IP address list obtained by query, namely the domain name query result.
Example (b):
the following is divided into three parts by combining specific examples: 1. building an IPFS cluster for storing domain name resource record files; 2, storing HyperLegger Fabric block chain hyper-account book building of the signature quintuple; 3. the present invention is described in detail in the context of domain name queries.
An IPFS cluster building method. The IPFS cluster is used for storing a domain name resolution resource record file Domain File, and specifically comprises the following building steps:
1.1, building a plurality of foreign cloud server IPFS nodes. The construction method of each IPFS node is as follows:
(1) the network is configured. And configuring an IP (Internet protocol) of a foreign independent external network, testing the network intercommunication conditions among all nodes and with the IPFS public network, ensuring the intercommunication of all the nodes and accessing the IPFS public network.
(2) And loading the IPFS. And loading the latest version of go-IPFS from IPFS. io, and configuring environment variables of the node so that an IPFS command is globally available.
(3) The IPFS is initialized. An initialization operation init is performed at the IPFS node, ensuring that the old IPFS configuration is deleted, a new IPFS configuration is generated, and a new IPFS id is assigned.
(4) The IPFS address is obtained. And executing an IPFS id obtaining operation on the IPFS nodes, wherein the obtained IPFS node attributes are shown in a table 1-1, and recording the public network ipv4 Address < addrs > of each IPFS node to obtain a List Address List of public network ipv4 addresses of all IPFS nodes.
TABLE 1-1 IPFS node Attribute
1.2 interconnect each IPFS node built in 1.1. For each IPFS node in 1.1, all IPFS nodes ipv4 addresses < addrs > except for the IPFS node are taken out from the Address List in 1.1, and the IPFS swarmconnect < addrs > is executed, so that the two nodes become P2P nodes.
1.3 testing IPFS node interconnect. And (3) for each IPFS node ipv4 Address of the Address List in the 1.1, mutually executing an IPFS ping operation, and if the IPFS ping returns a failure, re-executing the interconnection operation in the 1.2 to ensure that every two IPFS nodes are interconnected.
1.4 uploading domain name file Domain File. And acquiring domain name resource records from Alexa to form the Domain name file. On the IPFS nodes built in 1.1, the Domain files are uploaded in parallel through the IPFS add, the top-level domain name files uploaded by each IPFS node are shown in tables 1-2, and the content formats of the Domain files are shown in tables 1-3.
TABLE 1-2 IPFS node Attribute
Table 1-3 content formats for domain files
1.5 record domain name hash fingerprint DomainHash. After uploading the DomainFile in 1.4, the IPFS returns the domain name hash fingerprint DomainHash corresponding to the DomainName, and records all the domainhashes in the root _ file according to the format shown in tables 1-4.
Table 1-4 root _ file formats
A hyper ledger construction method of HyperLegger Fabric block chains. The super account book is used for storing a five-tuple of a domain name signature, and specifically comprises the following construction steps:
2.1, building four HyperLegger Fabric network nodes, wherein the building command is shown in a table 2-1, and the concrete steps are as follows:
(1) and generating configuration files of four Hyperhedge Fabric nodes of orderer, peer, chalncode and client, and constructing a docker network comprising the four nodes.
(2) And constructing and starting the intelligent contract at the chaincode node.
(3) And loading the intelligent contract at the client node.
TABLE 2-1 HyperLegger Fabric network build Command
2.2 the client node generates a signature to generate a quintuple, and the quintuple is stored in the super ledger, and the method specifically comprises the following steps:
(1) the client node determines that an encryption algorithm is RSASHA256, the key length keylen is 2048, and a root public and private key pair is generated, wherein a root public key is root.
(2) All the DomainName and domain name hash fingerprints DomainHash are obtained from the IPFS, and a signature operation is performed on each item to obtain a five-tuple (DomainName, DomainHash, DomainPubkey, PubkeySign, HashSign). (wherein, DomainName is a domain name; DomainHash is a Hash fingerprint of a resource record file corresponding to the domain name in an IPFS system; DomainPubkey is a public key of the domain name; PubkeySign is a signature generated by root for guaranteeing the authenticity of the public key of the domain name; and HashSign is a signature generated by the domain name for guaranteeing the authenticity of the Hash fingerprint.) the five-element group is obtained by the following steps:
And 2, signing the domain name DomainName and the domain name public key DomainPubkey by using the private key root.pri of the root obtained in the step 1 to obtain a signature result PubkeySign.
And 3, signing the domain name DomainName and the domain hash fingerprint DomainHash by using the domain name private key DomainPrikey obtained in the step 1 to obtain a signature result HashSign.
(3) Converting each quintuple (DomainName, DomainHash, DomainPubkey, PubkeySign, HashSign) obtained in (2) into a (key, value) pair, wherein key is a domain name DomainName, and value is a data structure consisting of the quintuples, and the data structure of the value is shown in table 2-2.
TABLE 2-2 value data Structure
(4) And (3) writing each key, value pair in the block by using the HyperLegger Fabric node set up in 2.1, wherein the writing steps are as follows:
And step 3, the peer node returns a proposal result (containing a write set) to the client node.
And 4, submitting the transaction to the orderer node by the client node, wherein the transaction content comprises a write set from a proposal result.
And step 5, the orderer node packages the transaction after the sorting into the block and sends the block to the peer node.
And 6, the peer node checks the transaction in the orderer submitting block, after checking, the block is added into a block chain on a memory or a file system, a write set is executed, the super account book is updated, and a key (value) is added into the super account book.
3. A domain name query method. Com > is taken as an example, the specific domain name query steps are as follows:
3.1 inquiring the quintuple corresponding to the domain name. Com > extracts a top-level domain name < com > from the query domain name < twitter, takes the top-level domain name < com > as a key, and queries a quintuple corresponding to the domain name < com > in a previously established Hyperhedger Fabric block chain network, wherein the query method comprises the following steps:
(1) the client node creates a transaction proposal (chaincode function query and query value key) and sends the transaction proposal to the peer node.
(2) The peer node executes the chaincode, the query function generates a query operation GetState (key) based on the query value key, and the value corresponding to the key in the super account book is queried.
(3) The peer node returns a query result value to the client node, and a quintuple (DomainName, DomainHash, DomainPubkey, PubKeySign, HashSign) can be obtained from the value.
3.2 verify the signature in the quintuple. And verifying whether the input of each signature function is (public key, message and signature) and the output is the signature verification success. Obtaining a quintuple from 3.1, obtaining a public key root of root from a client node set up in 2.1, verifying two signatures PubkeySign and HashSign in the quintuple, wherein the signature verification method comprises the following steps:
(1) pub of the root public key is used as a public key, and the DomainName and the DomainPubkey in the quintuple obtained through query are used as messages, the signature PubkeySign is verified, if the verification is successful, the next step is carried out, if the verification is failed, the signature is wrong.
(2) And (3) using the DomainPubkey successfully verified in the step (1) as a public key and the DomainName and the DomainHash in the quintuple obtained by query as messages, verifying the signature HashSign, finishing the verification if the verification is successful, and carrying out an error signature if the verification is failed.
3.3 obtaining domain name file Domain file. Obtaining a domain name hash fingerprint DomainHash from the quintuple successfully signed and verified in 3.2, and obtaining a domain name file DomainFile from an IPFS node by using the DomainHash, wherein the specific method comprises the following steps:
(1) and inquiring the data storage structure of the local IPFS by the IPFS node, if a DomainHash record exists, returning a file DomainFile corresponding to the DomainHash, and otherwise, carrying out next inquiry.
(2) And after the IPFS node does not inquire a result locally, inquiring the nearest distributed hash route, searching the nearest IPFS node storing the DomainHash, returning the data content DomainFile after the nearest IPFS node is found, and caching a part of the DomainFile in a local data storage structure.
3.4 get the concrete resource record. After obtaining the domain file from 3.3, all resource records containing the query term < twitter.com > as shown in table 3-1 are fetched from the domain file according to the query term < twitter.com >, from which all IP address lists are extracted [59.24.3.173,93.46.8.89,243.185.187.39 ].
TABLE 3-1 resource records
3.5 return the domain name query result. The obtained IP address list [59.24.3.173,93.46.8.89,243.185.187.39] in the returned 3.4 is the result of the domain name query.
The technical effects of the invention are verified as follows:
fig. 2 to 4 are effect diagrams for verifying the technical effect of the present invention.
The comparison of the time to read the IPFS network once against the total time for domain name interpretation is shown in fig. 2(a) and 2 (b). As can be seen from fig. 2(a), the time for reading the document once is about 0.087 seconds, and the fluctuation range is about 0.01 seconds. The method shows that the IPFS network fluctuates, the files in the IPFS need to be read twice when domain name resolution is carried out, the fluctuation of the domain name resolution based on the IPFS is in a normal range, and the fluctuation reason is the network influence. For domain name resolution with signature verification mechanism, the reason for the fluctuation is mainly caused by signature verification. Fig. 2(b) shows that the time curve of reading the IPFS file once is relatively steep compared with the whole system, which shows that the time fluctuation of reading the IPFS file is small.
The Fabric network is tested separately, and the time for reading the super book is tested once from the Fabric client, as shown in fig. 3(a) and 3 (b). 3(a), 3(b) show the comparison of the time for reading the Fabric hyper book once and the time for the Fabric-based domain name resolution. As can be seen, the time taken to read the one-time hyper book is about 0.53 seconds, and the fluctuation range is about 0.04 seconds. The result shows that the time required for the Fabric network to read the super ledger data once is long, and the Fabric network can provide a safe mechanism of a trusted third party, but the time is used as the cost. And the fluctuation of the time for reading the super book from the Fabric is smaller than that of the whole system, but the fluctuation of the Fabric network is larger than that of IPFS. This indicates that the fluctuation effect of the Fabric network is larger than that of the IPFS network, and the IPFS network is more stable.
The time required for domain name resolution based on the IPFS web signature verification mechanism and the time delay factor required for domain name resolution based on Fabric and IPFS are represented as stacked bar graphs, as shown in fig. 4. As can be seen, the time spent checking accounts for 67% in the domain name resolution scheme based on Fabric and IPFS, and 28% in reading the hyper ledger from Fabric. The time for signature verification is higher than that of a domain name resolution scheme with a signature verification mechanism based on the IPFS network, namely 86%, and the time for reading the root zone file in the IPFS network is only 5%. This illustrates that the security afforded by the signature mechanism comes at the cost of a significant amount of time, and that the security of the secured data in Fabric comes at the cost of time.
Claims (7)
1. A domain name resolution system building and domain name query method based on IPFS and Hyperridge Fabric is characterized by comprising the following steps:
step 1, building an IPFS cluster for storing a domain name resolution resource record file;
step 2, building a hyper account book of a HyperLegger Fabric block chain for storing a domain name signature quintuple;
and step 3, performing domain name query by the IPFS cluster in the step one and the Hyperhedger Fabric block chain hyper-book combination in the step two.
2. The method for building and querying a domain name resolution system based on IPFS and Hyperhedger Fabric according to claim 1, wherein the IPFS cluster building in step 1 is performed according to the following steps: and building a plurality of foreign cloud server IPFS nodes, interconnecting the IPFS nodes, testing connectivity of the IPFS nodes, uploading domain name files and recording domain name hash fingerprints.
3. The method for building and querying a domain name resolution system based on IPFS and HyperLegend Fabric as claimed in claim 1, wherein the HyperLegend Fabric block chain hyper-ledger building in step 2 is according to the steps of: and (2) establishing four Hyperhedge Fabric network nodes of orderer, peer, chaincode and client, loading an intelligent contract, generating a public and private key pair by the client node for signature, generating a five-tuple, and storing the five-tuple in the super account book.
4. The method for building and querying a domain name resolution system based on IPFS and Hyperhedger Fabric according to claim 1, wherein the domain name query in step 3 is according to the steps of: querying a quintuple corresponding to the domain name, verifying a signature in the quintuple, acquiring a domain name file, acquiring a specific resource record, and returning a domain name query result.
5. The domain name resolution system building and domain name query method based on IPFS and Hyperhedger Fabric as claimed in claim 2,
the IPFS cluster is used for storing a domain name resolution resource record file Domain File, and the IPFS cluster building step comprises the following steps:
1.1 building IPFS nodes based on a cloud server with independent public network IP addresses, wherein the building process of each IPFS node comprises network configuration, IPFS loading, IPFS initialization and IPFS address acquisition;
1.2, interconnecting each IPFS node set up in 1.1, forming an initial IPFS cluster after interconnecting the IPFS nodes, wherein each IPFS node can upload a resource record file Domain File containing domain name data;
1.3, testing the interconnection of IPFS nodes, and testing the interconnection condition among all IPFS nodes to ensure the intercommunication of the whole IPFS cluster network;
1.4 uploading a domain name file, wherein the domain name file is a resource file of domain name data and comprises a quintuple of domain name resource records needing to be uploaded, and the resource file is uploaded to an IPFS network through an IPFS node;
1.5, recording the domain name hash fingerprint DomainHash, and recording the hash fingerprint DomainHash corresponding to each uploaded DomainFile.
6. The domain name resolution system building and domain name query method based on IPFS and Hyperhedger Fabric as claimed in claim 3,
the hyper-ledger book is used for storing a five-tuple of domain name signatures, and the hyper-ledger Fabric block chain hyper-ledger book building step comprises the following steps:
2.1, setting up four HyperLegger Fabric network nodes, wherein the four nodes are respectively: sequencing nodes orderer, peer nodes Peer, chain code nodes chaincode and user nodes client, starting and loading intelligent contracts;
2.2 generate signature and store quintuple to super book, including steps:
(1) the client node determines an encryption algorithm and the key length and generates a root public and private key pair;
(2) acquiring all domain names DomainName and domain name hash fingerprints DomainHash from an IPFS network, and generating a public and private key pair of the DomainName, wherein the public key is DomainPubkey; executing signature operation on each item, signing the domain name and the domain public key DomainPubskey to obtain a signature result Pubsign, signing the domain name and the domain hash fingerprint DomainHash to obtain a signature result HashSign, and finally obtaining a quintuple (Domainname, DomainHash, DomainPubskey, Pubsign, HashSign);
(3) converting each quintuple (DomainName, DomainHash, DomainPubkey, PubkeySign, HashSign) obtained in the step (2) into a (key, value) pair, wherein the key value is DomainName, and the value of the value is quintuple;
(4) and (3) writing each key, value pair obtained in the step (3) into the block by using the HyperLegger Fabric node constructed in the step 2.1.
7. The domain name resolution system building and domain name querying method based on IPFS and Hyperhedger Fabric as claimed in claim 4, wherein the domain name querying step is as follows:
3.1 inquiring quintuple corresponding to the domain name: extracting a top-level domain name from the query domain name, taking the top-level domain name as a key, querying a quintuple corresponding to the key in a hyper-tree Fabric block super book built before, generating a query operation set by an intelligent contract, submitting the query operation set to a peer node, and returning a query result quintuple by the peer node;
3.2 verify the signature in the quintuple: verifying the signature PubkeySign in the quintuple by using a root public key acquired from the client node, and verifying the signature HashSign by using DomainPubkey in the quintuple;
3.3 obtaining domain name file Domain file: obtaining a domain name hash fingerprint DomainHash from a quintuple with successful signature verification, obtaining a domain name file DomainFile from the IPFS network which is set up before by using the DomainHash,
3.4 after obtaining the specific resource record to obtain the Domain File, taking out all resource records containing the query term from the Domain File according to the query term, and extracting all IP addresses from the resource records;
and 3.5, returning a domain name query result, and returning an IP address list obtained by query, namely the domain name query result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911162111.1A CN110880966B (en) | 2019-11-22 | 2019-11-22 | Domain name resolution system building and domain name query method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911162111.1A CN110880966B (en) | 2019-11-22 | 2019-11-22 | Domain name resolution system building and domain name query method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110880966A true CN110880966A (en) | 2020-03-13 |
| CN110880966B CN110880966B (en) | 2022-05-06 |
Family
ID=69730791
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911162111.1A Active CN110880966B (en) | 2019-11-22 | 2019-11-22 | Domain name resolution system building and domain name query method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110880966B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111967057A (en) * | 2020-07-22 | 2020-11-20 | 复旦大学 | Material assistance traceability system based on Fabric |
| CN112269829A (en) * | 2020-09-15 | 2021-01-26 | 众立拓软件科技有限公司 | Block chain data management method based on resource recovery system platform |
| CN113067836A (en) * | 2021-04-20 | 2021-07-02 | 哈尔滨工业大学 | Intelligent contract system based on decentralized DNS root zone management |
| CN113132384A (en) * | 2021-04-20 | 2021-07-16 | 哈尔滨工业大学 | Decentralized DNS root zone management system |
| WO2021151314A1 (en) * | 2020-08-07 | 2021-08-05 | 平安科技(深圳)有限公司 | Dns automatic performance test method, apparatus, device, and readable storage medium |
| CN113422767A (en) * | 2021-06-21 | 2021-09-21 | 哈尔滨工业大学 | Domain name registration management method and system based on block chain |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108429765A (en) * | 2018-05-28 | 2018-08-21 | 北京奇虎科技有限公司 | A kind of method, server and system for realizing domain name mapping based on block chain |
| CN109087104A (en) * | 2018-08-29 | 2018-12-25 | 北京京东尚科信息技术有限公司 | Block chain intelligence contract administration method and system, computer readable storage medium |
| CN109325359A (en) * | 2018-09-03 | 2019-02-12 | 平安科技(深圳)有限公司 | System of account setting method, system, computer equipment and storage medium |
| US20190158481A1 (en) * | 2016-02-29 | 2019-05-23 | Securekey Technologies Inc. | Systems and methods for distributed identity verification |
| CN109858908A (en) * | 2019-01-09 | 2019-06-07 | 暨南大学 | Alliance's chain building method, method of commerce and distributed supply chain system |
| CN109902075A (en) * | 2019-01-24 | 2019-06-18 | 深圳市步云科技有限公司 | A kind of distributed cloud storage management platform system based on IPFS and block chain |
| CN109951521A (en) * | 2019-01-24 | 2019-06-28 | 深圳市步云科技有限公司 | A kind of Online Video management based on IPFS system and use system |
| CN110008746A (en) * | 2019-04-01 | 2019-07-12 | 大连理工大学 | Medical records storage, shared and safety Claims Resolution model and method based on block chain |
| CN110061838A (en) * | 2019-04-28 | 2019-07-26 | 广州大学 | A kind of the decentralization storage system and its realization, information retrieval method of DNS resource record |
| CN110071810A (en) * | 2019-04-25 | 2019-07-30 | 哈尔滨工业大学 | One card root implementation method certainly based on open source DNS software |
| US20190305957A1 (en) * | 2018-04-02 | 2019-10-03 | Ca, Inc. | Execution smart contracts configured to establish trustworthiness of code before execution |
-
2019
- 2019-11-22 CN CN201911162111.1A patent/CN110880966B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190158481A1 (en) * | 2016-02-29 | 2019-05-23 | Securekey Technologies Inc. | Systems and methods for distributed identity verification |
| US20190305957A1 (en) * | 2018-04-02 | 2019-10-03 | Ca, Inc. | Execution smart contracts configured to establish trustworthiness of code before execution |
| CN108429765A (en) * | 2018-05-28 | 2018-08-21 | 北京奇虎科技有限公司 | A kind of method, server and system for realizing domain name mapping based on block chain |
| CN109087104A (en) * | 2018-08-29 | 2018-12-25 | 北京京东尚科信息技术有限公司 | Block chain intelligence contract administration method and system, computer readable storage medium |
| CN109325359A (en) * | 2018-09-03 | 2019-02-12 | 平安科技(深圳)有限公司 | System of account setting method, system, computer equipment and storage medium |
| CN109858908A (en) * | 2019-01-09 | 2019-06-07 | 暨南大学 | Alliance's chain building method, method of commerce and distributed supply chain system |
| CN109902075A (en) * | 2019-01-24 | 2019-06-18 | 深圳市步云科技有限公司 | A kind of distributed cloud storage management platform system based on IPFS and block chain |
| CN109951521A (en) * | 2019-01-24 | 2019-06-28 | 深圳市步云科技有限公司 | A kind of Online Video management based on IPFS system and use system |
| CN110008746A (en) * | 2019-04-01 | 2019-07-12 | 大连理工大学 | Medical records storage, shared and safety Claims Resolution model and method based on block chain |
| CN110071810A (en) * | 2019-04-25 | 2019-07-30 | 哈尔滨工业大学 | One card root implementation method certainly based on open source DNS software |
| CN110061838A (en) * | 2019-04-28 | 2019-07-26 | 广州大学 | A kind of the decentralization storage system and its realization, information retrieval method of DNS resource record |
Non-Patent Citations (4)
| Title |
|---|
| SHIVANI BHALERAO ECT.: "Supply Chain Management using Blockchain", 《INTERNATIONAL CONFERENCE ON INTELLIGENT SUSTAINABLE SYSTEMS (ICISS 2019)》 * |
| 殷 龙,王宏伟: "基于IPFS的分布式数据共享系统的研究", 《物联网技术》 * |
| 贺海武,延安,陈泽华: "基于区块链的智能合约技术与应用综述", 《计算机研究与发展》 * |
| 赵国锋等: "基于区块链的数字版权登记技术", 《信息技术与网络安全》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111967057A (en) * | 2020-07-22 | 2020-11-20 | 复旦大学 | Material assistance traceability system based on Fabric |
| WO2021151314A1 (en) * | 2020-08-07 | 2021-08-05 | 平安科技(深圳)有限公司 | Dns automatic performance test method, apparatus, device, and readable storage medium |
| CN112269829A (en) * | 2020-09-15 | 2021-01-26 | 众立拓软件科技有限公司 | Block chain data management method based on resource recovery system platform |
| CN112269829B (en) * | 2020-09-15 | 2023-10-27 | 众立拓软件科技有限公司 | Block chain data management method based on resource recovery system platform |
| CN113067836A (en) * | 2021-04-20 | 2021-07-02 | 哈尔滨工业大学 | Intelligent contract system based on decentralized DNS root zone management |
| CN113132384A (en) * | 2021-04-20 | 2021-07-16 | 哈尔滨工业大学 | Decentralized DNS root zone management system |
| CN113132384B (en) * | 2021-04-20 | 2022-04-19 | 哈尔滨工业大学 | Decentralized DNS root zone management system |
| CN113067836B (en) * | 2021-04-20 | 2022-04-19 | 哈尔滨工业大学 | Intelligent contract system based on decentralized DNS root zone management |
| CN113422767A (en) * | 2021-06-21 | 2021-09-21 | 哈尔滨工业大学 | Domain name registration management method and system based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110880966B (en) | 2022-05-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110880966B (en) | Domain name resolution system building and domain name query method | |
| JP6865851B2 (en) | Blockchain World State Markle Patricia Tri Tree Subtree Construction | |
| Zhang et al. | Towards Dependable, Scalable, and Pervasive Distributed Ledgers with Blockchains. | |
| Wu et al. | VQL: Efficient and verifiable cloud query services for blockchain systems | |
| US11526488B2 (en) | Distributed blockchain data storage under account model | |
| US11556516B2 (en) | Distributed blockchain data storage under account model | |
| US20180287997A1 (en) | Systems and methods for managing top-level domain names using consortium blockchain | |
| Vimal et al. | A new cluster P2P file sharing system based on IPFS and blockchain technology | |
| JP2020522149A (en) | Update of the WORLD STATE MARKLE PATRICIA TRIE subtree of the blockchain | |
| Peng et al. | VQL: Providing query efficiency and data authenticity in blockchain systems | |
| Fabian | Implementing secure p2p-ons | |
| WO2022134951A1 (en) | Data synchronization method and apparatus, and device and computer-readable storage medium | |
| Abe et al. | Mitigating bitcoin node storage size by DHT | |
| Härer et al. | Decentralized attestation of conceptual models using the ethereum blockchain | |
| WO2023011022A1 (en) | Blockchain-based data processing method, and device and computer-readable storage medium | |
| WO2023020242A1 (en) | Blockchain-based data processing method and apparatus, computer device, computer-readable storage medium, and computer program product | |
| EP3769230A2 (en) | Taking snapshots of blockchain data | |
| CN111400261A (en) | Method for rapidly adding or deleting folders by IPFS (Internet protocol file system) | |
| US11194792B2 (en) | Taking snapshots of blockchain data | |
| Akavipat et al. | ReDS: A framework for reputation-enhanced DHTs | |
| Roos | Identity management on the blockchain | |
| Härer et al. | Decentralized attestation and distribution of information using blockchains and multi-protocol storage | |
| Chen | Trustworthy internet based on generalized blockchain | |
| CN111563083A (en) | Report data query method, device and system | |
| Li et al. | Design and implementation of a scalable distributed DNS system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |