CN110012126A - A kind of DNS system based on block chain technology - Google Patents

Abstract

A kind of DNS system based on block chain technology provided by the invention records a small amount of important information using a main chain, the cryptographic Hash of the request and subchain that are mainly responsible in storage top level domain；The a plurality of subchain for being separately connected the main chain, it can be extended, migrate and appropriate give up, all operation requests being mainly responsible under one specific TLD of storage, different subchains store the record under different TLDs, and all subchains all maintain identical block height with main chain；Node distribution is on the main chain and the subchain and allowing an only storage main chain and part subchain, guarantee the anonymity of voting process federation node using linkable ring signatures technology, node handles the operation in the subchain not stored using allograph, the handling capacity of system is improved using allocation methods, it is poor to solve safety in the prior art, limited performance, scalability is poor, the low technical problem of handling capacity, realize that safety is higher, scalability is higher, and handling capacity is higher, anonymity superior technique effect.

Description

A kind of DNS system based on block chain technology

Technical field

The present invention relates to internet areas, in particular to a kind of DNS system based on block chain technology.

Background technique

As shown in Figure 1, domain name system DNS is infrastructure important on internet.Domain name it is convenient it is appreciated that and use, IP address is then more advantageous to computer and is handled, and DNS is responsible for domain name being converted to IP address, so that more convenient people access Internet.Current DNS is a kind of distributed frame for having center, and United Dispatching and management are carried out by ICANN, and ICANN makees Centered on the tissue changed fully control the distribution of domain name, there is serious detournement de pouvoir risk and single point failure risks for this. In addition, current DNS is highly susceptible to, DDOS attack, caching pollution attack, deorienting risk, blinding risk etc. are various to be asked Topic reports that 2018 at least 77% tissues are at least by primary according to " Global DNS Threat Report 2018 " DNS attack.There is scholar to propose the DNSSEC agreement by the methods of authenticating, encrypting to solve these problems, but this does not change The foundation structure for becoming DNS, still can have that various centralizations cause.

Block chain have the characteristics that decentralization, it is safe, credible, can not distort and seem can solve above-mentioned these problems. Bit coin was proposed that subsequent people extract the Floor layer Technology of bit coin and are named as block chain by middle acute hearing in 2009.Block Chain is a kind of believable distributed data base, in chronological order storage record, and block chain agreement is in the network of decentralization Safeguard distributed database.According to its different access limit and centralization degree, block chain is divided into publicly-owned chain, connection Alliance's chain and privately owned chain, this three's decentralization degree are lower and lower.Bit coin is the representative of block chain 1.0, and ether mill is as area The representative of block chain 2.0 combines block chain 1.0 and intelligent contract, and so as to allow developer to remove deployment DAPP, this is greatly Enrich the function of block chain.Domain name coin is first domain name system based on block chain, but it is faced with serious safety Threaten, Blockstack is then first domain name system directly run on the chain of bit coin, but its performance by The limitation of bottom bit coin, similar also Nebulis and ConsortiumDNS scheme, but the scalability in these schemes The requirement of domain name service is far from satisfying with handling capacity.

Namecoin: domain name coin for the first time combines domain name service with block chain technology, directly uses bit coin Code is made an amendment, so possessing many identical functions and mechanism such as POW with bit coin, they use identical mathematical problem Mine is dug, so miner only needs to spend a power of calculating that can carry out digging mine in two systems, this may cause safety wind Danger.Domain name coin uses .bit as its top level domain, it means that at present all domain name can by plus .bit come into Row transplanting such as .com.bit .cn.bit etc..But domain name coin use POW as its know together mechanism, it means that early stage its Probably due to it is calculated power deficiency and calculates power attack by 51%.

Blockstack: being first system directly operated in bit coin system.In view of in domain name coin Domain name system is transplanted in bit coin system by safety problem, Blockstack, this calculation power that can use bit coin abundance is come It resists 51% and calculates power attack, simultaneously because technologies, the bit coin nodes such as layering and virtual chain has been used to fail to recognize that The presence of Blockstack, shortcoming are exactly the limited performance of Blockstack in the performance of bit coin.

Nebulis: it is a platform similar with Blockstack, can be understood as a global distributed directory Come substitute presently, there are domain name system, with Blockstack the difference is that it uses substitution of the IPFS as HTTP, And domain name service is provided using ether mill, but it is limited also by the performance in ether mill.

ConsortiumDNS: it proposes to carry out management domain name service using the form of alliance's chain, network node is divided into and is looked into It askes node and digs mine node, and system is designed to three-decker, i.e. block link layer, common recognition layer, accumulation layer, use external storage Layer goes to solve the storage problem of block chain itself.Meanwhile system building block accelerates the effect of domain name mapping with the index recorded Rate.Different from the public chain form that domain name coin and Blockstack use, alliance's chain form that ConsortiumDNS is used is more advantageous In carrying out rights management, this can reduce the digital crime in domain name, but ConsortiumDNS have in the structure of chain it is poor Scalability and lower throughput of system.

Wherein, Namecoin: there are serious security risks；Blockstack: limited performance is in bit coin system； Nebulis: limited performance is in ether mill system；ConsortiumDNS: scalability is poor, handling capacity is lower.

Summary of the invention

The present invention provides a kind of DNS system based on block chain technology, using a main chain, records a small amount of important letter Breath, the cryptographic Hash of the request and subchain that are mainly responsible in storage top level domain；The a plurality of subchain for being separately connected the main chain, Ke Yijin Row extension, migration and all operation requests appropriate given up, be mainly responsible under one specific TLD of storage, different subchains are deposited The record under different TLDs is stored up, all subchains all maintain identical block height with main chain；Node, including federation node and Ordinary node is distributed in the main chain and the subchain simultaneously storage section subchain, is allowed at node using allograph Manage the operation in the subchain that those are not stored；The federation node is distributed on the main chain, can be to the request on TLD Carry out rights management；The ordinary node is distributed in the subchain, can participate in the various operation requests under TLD, is solved existing There is safety in technology poor, limited performance, scalability is poor, the low technical problem of handling capacity.

This DNS system based on block chain technology that the present invention provides to solve above-mentioned technical problem, including,

Main chain, only one, record a small amount of important information, the Kazakhstan of the request and subchain that are mainly responsible in storage top level domain Uncommon value,；

Subchain, there are a plurality of and be separately connected the main chain, can be extended, migrate and it is appropriate give up, it is main negative All operation requests under one specific TLD of duty storage, different subchains store the record under different TLDs, all subchains All identical block height is maintained with main chain；

Node, including federation node and ordinary node are distributed in the main chain and the subchain simultaneously storage unit molecule Chain allows the operation in those subchains for not storing of node processing using allograph；

The federation node is distributed on the main chain, can carry out rights management to the request on TLD；

The ordinary node is distributed in the subchain, can participate in the various operation requests under TLD.

Further, the block structure of the main chain includes,

Main chain block head, including main chain identifier, block height, the cryptographic Hash of previous block, entire block body Merkle root information；

Main chain block body, there are two parts altogether, and first part is the various operations to top level domain, and second part is same The cryptographic Hash of all requests in one period each subchain.

Further, the block structure of the subchain includes,

Subchain block head, including .com subchain identifier, timestamp, block height, the cryptographic Hash of previous block, block Merkle root, version number and the other some important informations of body；

Subchain block body records all operation requests under top level domain .com.

Further, a full connection is established between the federation node, forms a committee, alliance to manage main chain, when When some organizes to want application for registration .com top level domain, choose whether it is allowed to register in a vote by the federation node, Guarantee the fairness of voting process and the anonymity of ballot node by linkable ring signatures LRS.

Further, the linkable ring signatures LRS includes,

Init: assuming that have n user inside the committee, alliance,

The list of public keys of group members are as follows: PK=PK1, PK2 ..., PKn },

Private key list are as follows: SK={ SK1, SK2 ..., SKn },

Message m ∈ { 0, the 1 } * being signed,

The public private key pair of anonymity signature person are as follows: { PKi, SKi } (1≤i≤n)；

Sign: using the public key PK of all group members, the private key Ski of signer, message m as input, output one can chain The ring signatures LRS value σ connect；

Verify: whether effectively corresponding according to it using the public key PK of all group members, message m, signature value σ as input Output 1 or 0；

Link: it is invalid then without output if there is signature value using two signature value σ and σ ' as input, it is no Whether the corresponding output 1 or 0 of link property is then had according to it,

When Verify and Link then claims the linkable ring signatures LRS to be to all PK, SK, i, when m, m' are set up Correctly, it may be assumed that

Verify (PK, m, Sign (PK, Ski, m))=1

Link (Sign (PK, Ski, m), Sign (PK, Ski, m'))=1.

Further, the ordinary node connects the ordinary node in the same fragment by slotted protocol entirely, A common committee is formed to verify the validity of each request.

Further, the slotted protocol be by all node divisions be in one cycle the smaller committee, each The committee possess N number of member and can independent processing a part operation,.

Further, the committee, alliance is responsible for collecting and verifying the common recognition of all common committees as a result, and in committee member Meeting internal operation Byzantine failure tolerance algorithm forms a final common recognition result and is broadcasted, remaining ordinary node receives Final common recognition result is verified, and adds block on main chain and corresponding subchain.

Further, the allograph,

Assuming that two users A and B, they respectively possess public key: (PKA, SKA) and private key: (PKB, SKB), A are a tops The owner of grade domain name, B is the owner of a subdomain, if following condition meets:

A calculates σ using its private key SKA, and σ is sent to B in confidence；

B generates a new key: σ A → B using σ and its private key SKB；

B represents A using newly generated key and signs to message m: s=Sign (σ A → B, m)；

There are the algorithms that a disclosure can verify that: VerA → B:PK × S × M → { True, False }, for any m and S meets: VerA → B (PKA, s, m)=True <=> s=Sign (σ A → B, m)

Claim TLD (A) to issue its part number signature power to give subdomain (B), A is original signer, and B is allograph Person, σ are proxy signature key, and σ A → B is proxy signature key, and s is allograph.

It further, further include key-value database, the key-value database indexes in chain external storage and improves domain The efficiency of name parsing.

The utility model has the advantages that this DNS system based on block chain technology provided by the invention, safety possessed by of the invention It is higher；Scalability is with height；Handling capacity is higher；Anonymity is more preferable；Amount of storage is lower.

Detailed description of the invention

Fig. 1 is prior art domain name mapping flow chart.

Fig. 2 is the DNS system construction drawing of the present invention based on block chain technology.

Specific embodiment

In conjunction with above-mentioned Detailed description of the invention specific embodiments of the present invention.

As shown in Fig. 2, the present invention provides a kind of DNS system based on block chain technology, including

Main chain, only one, record a small amount of important information, the Kazakhstan of the request and subchain that are mainly responsible in storage top level domain Uncommon value,；

Subchain, there are a plurality of and be separately connected the main chain, can be extended, migrate and it is appropriate give up, it is main negative All operation requests under one specific TLD of duty storage, different subchains store the record under different TLDs, all subchains All identical block height is maintained with main chain；

Node, including federation node and ordinary node are distributed in the main chain and the subchain simultaneously storage unit molecule Chain allows the operation in those subchains for not storing of node processing using allograph；

The federation node is distributed on the main chain, can carry out rights management to the request on TLD；

The ordinary node is distributed in the subchain, can participate in the various operation requests under TLD.

This system architecture provided by the invention is a main chain and a plurality of subchain, and main chain is mainly responsible in storage top level domain Request and subchain cryptographic Hash, subchain is mainly responsible for all operation requests under one specific TLD of storage, and the TLD includes Com, org, all subchains all maintain identical block height with main chain.It is now assumed that each country safeguards alliance's section Point establishes a full connection in the world, forms a committee, alliance to manage main chain between the node of All Countries maintenance.

Since main chain and subchain play the part of different roles, their respective block structures are also different,

Further, the block structure of the main chain includes, such as following table,

Main chain block head, including main chain identifier, block height, the cryptographic Hash of previous block, entire block body Merkle root information；

Main chain block body, there are two parts altogether, and first part is the various operations to top level domain, and second part is same The cryptographic Hash of all requests in one period each subchain.

Further, the block structure of the subchain includes, such as following table,

Subchain block head, including .com subchain identifier, timestamp, block height, the cryptographic Hash of previous block, block Merkle root, version number and the other some important informations of body；

Subchain block body records all operation requests under top level domain .com.

Further, a full connection is established between the federation node, forms a committee, alliance to manage main chain, when When some organizes to want application for registration .com top level domain, choose whether it is allowed to register in a vote by the federation node, Guarantee the fairness of voting process and the anonymity of ballot node by linkable ring signatures LRS.

When a tissue wants to apply for the registration of a top level domain, registration request, agency are initiated to federation node first Federation node the committee, alliance is issued into request, federation node initiates ballot after auditing to request, only works as vote of assent Quantity reach specifically to register after certain proportion and can just be allowed to, then organizing ability possesses the subchain of oneself.

Further, the linkable ring signatures LRS includes,

Init: assuming that have n user inside the committee, alliance,

The list of public keys of group members are as follows: PK=PK1, PK2 ..., PKn },

Private key list are as follows: SK={ SK1, SK2 ..., SKn },

Message m ∈ { 0, the 1 } * being signed,

The public private key pair of anonymity signature person are as follows: { PKi, SKi } (1≤i≤n)；

Sign: using the public key PK of all group members, the private key Ski of signer, message m as input, output one can chain The ring signatures LRS value σ connect；

Verify: whether effectively corresponding according to it using the public key PK of all group members, message m, signature value σ as input Output 1 or 0；

Link: it is invalid then without output if there is signature value using two signature value σ and σ ' as input, it is no Whether the corresponding output 1 or 0 of link property is then had according to it,

When Verify and Link then claims the linkable ring signatures LRS to be to all PK, SK, i, when m, m' are set up Correctly, it may be assumed that

Verify (PK, m, Sign (PK, Ski, m))=1

Link (Sign (PK, Ski, m), Sign (PK, Ski, m'))=1.

The linkable ring signatures LRS has property below:

Unforgeable: it is computationally difficult that a signature is forged for the other users in addition to legitimate user 's；

Anonymity: under the premise of signer does not stick one's chin out identity, anyone wants to know real signer identity Probability will not be over the probability purely guessed；

Link property: anyone can detect whether two signatures are to be signed by the same group members.

The linkable ring signatures LRS, which is able to achieve, to vote anonymously, but block chain be not but it is anonymous, block even in Address is only merely assumed name, and especially all nodes both know about the address of federation node, will when node issues voting results Exposure voter.So issuing voting results using a common account in the present invention, as shown in the table, federation node is acted on behalf of It is disclosed afterwards with the public private key pair (pk, sk) of the public key encryption common account of all federation nodes, then all federation node energy The public private key pair that corresponding decryption obtains common account is carried out using the private key of oneself.

Further, the ordinary node connects the ordinary node in the same fragment by slotted protocol entirely, A common committee is formed to verify the validity of each request, if the desired application for registration .com domain name of someone, at this moment committee member It may require that and verify whether the request was signed by the owner of com top level domain.

Further, the slotted protocol be by all node divisions be in one cycle the smaller committee, Each committee possess N number of member and can independent processing a part operation, slotted protocol can allow the gulping down of whole system The calculation power of the amount of spitting and whole network linearly increases, while can tolerate a certain proportion of Byzantium's node, the core of slotted protocol Thought thinks to be exactly to be evenly dividing calculation power, wherein introducing the concept in period.

In each period, the workflow of the node including the following steps:

S1. node collected the operation requests in a upper period；

S2. node establishes the identity of oneself: each ordinary node using a upper period by federation node generate it is public with Randomness of the machine character string as epicycle POW, using IP | | PK | | Randomness | | POW Solution as their identity, The solution of POW can permit other nodes also to verify and receive its identity, while can also be to avoid Sybil attack；

S3. node forms the committee: node will be assigned to the different committees according to its identity established, for example save Either there are the 2k committees for remainder after putting the cryptographic Hash Mo Shang committee quantity for establishing identity, then according to k- thereafter Bit is divided；

S4. the node of node and the same committee establishes connection: federation node is randomly from having solved the problems, such as the two of POW The catalogue committee is selected in grade domain name node and is broadcasted, and the identity that oneself is established is sent to catalogue committee member by other nodes Meeting, the validity of the independent verifying identity of each catalogue committee node simultaneously collects N number of member, then in the catalogue committee Portion does union and picks out the highest N number of member of the frequency of occurrences, and list is broadcasted, then ordinary node can with it is affiliated same The node of one committee establishes point-to-point connection, and this method can be with without establishing the catalogue committee compared to direct broadcast Message complexity is reduced to 0 (Nn) by 0 (n2)；

S5. committee's internal consensus: bifurcated is avoided using deterministic common recognition algorithm such as PBFT inside each committee With tolerance Byzantium's node, if having 3f+1 node in a committee, then f Byzantium's node of PBFT most tolerables； Each fragment reaches common understanding to final result: R1, R2 ..., RN, and then committeeman's representative broadcasts its result and gives alliance committee member Meeting；

S6. alliance committee member will form final common recognition result: the result of each fragment processing and progress are collected by the committee, alliance Verifying, obtains result of finally knowing together: R={ R2 ..., RN } in internal operation PBFT, it is assumed that R1 is verified as in vain, last alliance R is broadcast to other ordinary nodes by node；

S7. the common recognition result in this period of nodes records: all nodes receive final result and verify its validity, Then record is added on the main chain of oneself deployment and subchain, it is notable that main chain does not store all operation notes, And the possible storage section subchain of ordinary node, R2 can be added to com- subchain and then ignored in other subchains by they As a result；

S8. the committee, alliance generates the random number in next period: federation node runs a distributed commit-xor Scheme will be used in the public random string of next period POW to generate.

Further, the committee, alliance is responsible for collecting and verifying the common recognition of all common committees as a result, and in committee member Meeting internal operation Byzantine failure tolerance algorithm forms a final common recognition result and is broadcasted, remaining ordinary node receives Final common recognition result is verified, and adds block on main chain and corresponding subchain.

Further, the allograph is,

Assuming that two users A and B, they respectively possess public key: (PKA, SKA) and private key: (PKB, SKB), A are a tops The owner of grade domain name, B is the owner of a subdomain, if following condition meets:

A calculates σ using its private key SKA, and σ is sent to B in confidence；

B generates a new key: σ A → B using σ and its private key SKB；

B represents A using newly generated key and signs to message m: s=Sign (σ A → B, m)；

There are the algorithms that a disclosure can verify that: VerA → B:PK × S × M → { True, False }, for any m and S meets: VerA → B (PKA, s, m)=True <=> s=Sign (σ A → B, m)

Claim TLD (A) to issue its part number signature power to give subdomain (B), A is original signer, and B is allograph Person, σ are proxy signature key, and σ A → B is proxy signature key, and s is allograph.

Over time, block catenary system will become more and more huger, and famous bit coin system is so far Already close to 200GB.Huge memory capacity will improve the standard of node addition, this does not meet using block chain technology and weighs The original intention of structure DNS, more nodes can preferably provide domain name service, can also accomplish load balancing.In order to reduce depositing for node Storage burden, this DNS system based on block chain technology provided by the invention allow " light node " only to store main chain and part institute The subchain needed, is employed herein slotted protocol, and node will be assigned in a fragment by random, so using agency Signature technology allows the operation in those subchains for not storing of node processing.From another perspective, current domain name Space is a kind of tree-shaped data structure, and there may be many a subdomain names under a TLD, allograph can also be TLD's Administration authority is handed down to subdomain, reduces the administrative burden of TLD, and subdomain is allowed to possess the right of the subdomain of management oneself.

In the present invention, it is assumed that original signer is the mechanism for possessing top level domain com, proxy signers are to possess subdomain The company of xxxx.com, if someone wants registered domain name mail.xxxx.com, xxxx.com company first judges that it whether may be used With registration, allograph just is carried out to it if any, other nodes only need to verify the label using the public key of com mechanism Whether name is legal.In addition, allograph has properties: it is by original that such as other nodes, which can easily distinguish signature, What beginning signer or proxy signers were signed, and proxy signers cannot forge the signature of original signer.

It further, further include key-value database, the key-value database indexes in chain external storage and improves domain The efficiency of name parsing.

This DNS system based on block chain technology provided by the invention is a kind of safe, expansible, high performance domain Name system.Most important in domain name system is exactly top level domain TLD, and there are three types of classification by TLD: general top level domain gTLD, for example, com and org；National top level domain ccTLD, such as cn and us；Infrastructure top level domain arpa.In order to reduce system centralization degree and TLD is preferably managed, present invention employs the forms of alliance's chain, it is assumed that each country is a federation node, all states Family forms an alliance to manage this chain, needs to be chosen in a vote by alliance to the various operations of top level domain, make in the present invention Ensured to vote with linkable ring signatures technology the anonymity of node and the fairness of voting process.It can in order to enhance system Scalability uses the structure of multichain, i.e. a main chain and a plurality of subchain in this programme, and main chain is responsible for recording the request on TLD, Subchain is then responsible for the operation requests under TLD, this also complies with the hierarchical structure of current DNS.In order to enhance the handling capacity of system and keep away Exempt from subchain participate in node it is very little caused by centralization problem, present invention uses slotted protocols uniformly random node to be divided into The smaller committee, the request in each committee one subchain of independent processing, slotted protocol can allow the handling capacity of system As the computing capability of network increases and increase.In order to reduce the lower deployment cost of system, the present invention allows node only to store main chain Entire slotted protocol can be participated in while with part subchain and carries out rapid requests verifying, wherein having used the skill of allograph Art.

This DNS system based on block chain technology provided by the invention compared to current domain name analysis system,

In terms of safety, DNS cache pollution: requestor can initiate analysis request to the node of multiple connections, this will Increase the cost of doing evil of attacker, furthermore requestor and data cached node can dispose " light chain " comprising main chain, request Response results can be verified in its local if person is if desired, so that it is guaranteed that the result is that believable；DDOS attack: connection Alliance's node only be responsible for TLD on registration, de-registration request, and these request must be by applicant chain extroversion act on behalf of alliance section Point initiates application, and then by acting on behalf of federation node publication, furthermore all ordinary nodes can also provide domain name resolution service, All present invention can resist DDOS attack well；51% calculation power attack: Sybil attack is prevented using POW, uses determination The common recognition algorithm PBFT of property is as main common recognition mechanism, so all decisions are all by alliance committee member there is no bifurcated Can vote generation, one ticket of a state, so the present invention can attack to avoid power is calculated；Deorienting risk: important TLD is recorded in master On chain, and only it just can be carried out registration and deletion when the vote of assent of country is more than certain proportion, as subdomain, owner It is managed, is only just considered effective by request that the private key signature of owner is crossed, so the present invention can be to avoid Deorienting risk；Blinding risk: being not present blinding risk, can possess if all nodes are if desired complete Domain-name information, and even if node do not have complete domain-name information its can also to multiple nodes initiate analysis request.

In terms of scalability, the structure in the present invention is a main chain and a plurality of subchain, and main chain only needs to store all sons The cryptographic Hash of data on chain, as long as application is ballot that is legal and having passed through the committee, alliance, subchain in theory Quantity can be with infinite extension, over time, more and more domain names at different TLD needs are handled by system, this When system can be expanded by accessing more subchains to main chain, in addition, certain strip chained record is at some fixation TLD Domain name registration and deletion, if many useless letters can be stored on chain there are excessive registration-deletion pair in this subchain Breath, node can apply for reopening the subchain of a same TLD to the committee, alliance at this time, abandon after useful information is transplanted That subchain before, this can purify whole system.

In terms of high-throughput, slotted protocol is employed herein to realize high-throughput, equably by network node It is divided into the smaller committee, and each committee can request in independent processing in a fragment, so processing is parallel Change, it is almost in a linear relationship that the handling capacity of system with it calculates power.

In terms of anonymity, linkable ring signatures technology is employed herein, there is very applicable property in the present invention, For example its validity for allowing group members to verify ballot does not know exact voter but, while public ballot account can solve The problem of assumed name, such design may insure identity anonymous and the ballot of reduction relationship.

In terms of storage, the multichained construction in the present invention allows the limited node of memory capacity only to store main chain and part use The higher subchain of frequency, and node can participate in all processes, and this can be reduced the addition standard of node, more participate in node Domain name resolution service can be preferably provided, this is also beneficial to the load balancing of whole system.

The above content is a further detailed description of the present invention in conjunction with specific preferred embodiments, and it cannot be said that Present invention specific implementation is only limited to these instructions, for those of ordinary skill in the art to which the present invention belongs, not Under the premise of being detached from present inventive concept, a number of simple deductions or replacements can also be made, all shall be regarded as belonging to the protection of invention Range.

Claims (10)

1. a kind of DNS system based on block chain technology, it is characterised in that: including,

Main chain, only one, record a small amount of important information, the Hash of the request and subchain that are mainly responsible in storage top level domain Value；

Subchain, there are a plurality of and be separately connected the main chain, can be extended, migrate and it is appropriate give up, be mainly responsible for and deposit Store up all operation requests under a specific TLD, different subchains stores the record under different TLDs, all subchains all and Main chain maintains identical block height；

Node, including federation node and ordinary node are distributed in the main chain and the subchain simultaneously storage section subchain, benefit Allow the operation in those subchains for not storing of node processing with allograph；

The federation node is distributed on the main chain, can carry out rights management to the request on TLD；

The ordinary node is distributed in the subchain, can participate in the various operation requests under TLD.

2. the DNS system according to claim 1 based on block chain technology, it is characterised in that: the block knot of the main chain Structure includes,

Main chain block head, including main chain identifier, block height, the cryptographic Hash of previous block, entire block body Merkle Root information；

Main chain block body, there are two parts altogether, and first part is the various operations to top level domain, and second part is in same week The cryptographic Hash of all requests in phase each subchain.

3. the DNS system according to claim 1 based on block chain technology, it is characterised in that: the block knot of the subchain Structure includes,

Subchain block head, including .com subchain identifier, timestamp, block height, the cryptographic Hash of previous block, block body Merkle root, version number and other some important informations；

Subchain block body records all operation requests under top level domain .com.

4. the DNS system according to claim 1 based on block chain technology, it is characterised in that: between the federation node A full connection is established, forms a committee, alliance to manage main chain, when some organizes to want application for registration .com top level domain It when name, chooses whether it is allowed to register in a vote by the federation node, was voted by linkable ring signatures LRS guarantee The fairness of journey and the anonymity of ballot node.

5. the DNS system according to claim 4 based on block chain technology, it is characterised in that: the linkable ring label Name LRS include,

Init: assuming that have n user inside the committee, alliance,

The list of public keys of group members are as follows: PK=PK1, PK2 ..., PKn },

Private key list are as follows: SK={ SK1, SK2 ..., SKn },

Message m ∈ { 0, the 1 } * being signed,

The public private key pair of anonymity signature person are as follows: { PKi, SKi } (1≤i≤n)；

Sign: using the public key PK of all group members, the private key Ski of signer, message m as input, output one is linkable Ring signatures LRS value σ；

Verify: using the public key PK of all group members, message m, signature value σ as input, according to its whether effectively corresponding output 1 Or 0；

Link: invalid then without output, otherwise root if there is signature value using two signature value σ and σ ' as input Whether there is the corresponding output 1 or 0 of link property according to it,

When Verify and Link then claims the linkable ring signatures LRS to be correct to all PK, SK, i, when m, m' are set up , it may be assumed that

Verify (PK, m, Sign (PK, Ski, m))=1

Link (Sign (PK, Ski, m), Sign (PK, Ski, m'))=1.

6. the DNS system according to claim 5 based on block chain technology, it is characterised in that: the ordinary node passes through Slotted protocol connects the ordinary node in the same fragment entirely, forms a common committee to verify each request Validity.

7. the DNS system according to claim 6 based on block chain technology, it is characterised in that: the slotted protocol be It by all node divisions is the smaller committee in a cycle, each committee possesses N number of member and can be independent Processing a part operation,.

8. the DNS system according to claim 6 based on block chain technology, it is characterised in that: the committee, alliance is negative The common recognition of all common committees is collected and verified to duty as a result, and forming one in committee's internal operation Byzantine failure tolerance algorithm Final common recognition result is simultaneously broadcasted, remaining ordinary node receives final common recognition result and verified, and in main chain Block is added in corresponding subchain.

9. the DNS system according to claim 1 based on block chain technology, it is characterised in that: the allograph,

Assuming that two users A and B, they respectively possess public key: (PKA, SKA) and private key: (PKB, SKB), A are a top level domain The owner of name, B is the owner of a subdomain, if following condition meets:

A calculates σ using its private key SKA, and σ is sent to B in confidence；

B generates a new key: σ A → B using σ and its private key SKB；

B represents A using newly generated key and signs to message m: s=Sign (σ A → B, m)；

There are the algorithms that a disclosure can verify that: VerA → B:PK × S × M → { True, False }, full for any m and s Foot: VerA → B (PKA, s_,M)=True <=> s=Sign (σ A → B, m)

Claim TLD (A) to issue its part number signature power to give subdomain (B), A is original signer, and B is proxy signers, and σ is Proxy signature key, σ A → B are proxy signature keys, and s is allograph.

10. the DNS system according to claim 1 based on block chain technology, it is characterised in that: further include key-value Database, the key-value database index the efficiency for improving domain name mapping in chain external storage.