CN111107179A - Decentralized domain name service method, data acquisition method and system - Google Patents
Decentralized domain name service method, data acquisition method and system Download PDFInfo
- Publication number
- CN111107179A CN111107179A CN201911388608.5A CN201911388608A CN111107179A CN 111107179 A CN111107179 A CN 111107179A CN 201911388608 A CN201911388608 A CN 201911388608A CN 111107179 A CN111107179 A CN 111107179A
- Authority
- CN
- China
- Prior art keywords
- domain name
- administrative entity
- data
- root
- root domain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/30—Decision processes by autonomous network management units using voting and bidding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The invention provides a decentralized domain name service method, a data acquisition method and a system, which solve the technical problem that the existing domain name resolution has potential harm on service reliability and data reliability. The system comprises: the administrative entity root domain name servers are used for providing domain name resolution service for home and abroad, establishing and determining the collected data connection between the administrative entity root domain name servers and the existing root domain name servers through consensus judgment, collecting the domain name data in the existing domain name service system through the collected data connection and sharing the domain name data among the administrative entity root domain name servers; the administrative entity root domain name servers are built in the administrative entity, and backbone areas are formed among the administrative entity root domain name servers. The reliability of the data is enhanced, no centralized node exists, the independent control system of the Domain Name Server (DNS) by the empowerment country is avoided, the existing DNS system is compatible, the domain name data is public to all the nodes, and the independent controllable DNS analysis system is realized.
Description
Technical Field
The invention relates to the technical field of domain name systems, in particular to a decentralized domain name service method, a data acquisition method and a data acquisition system.
Background
In the prior art, most dns (domain Name system) domain Name servers, such as a lower authority domain Name server and a higher top level domain Name server, need to access a root domain Name server. Once the root domain name server stops service, issues false information, falsifies access redirection or shields a specified domain name, the address cannot be resolved normally, and a large number of Internet users cannot access the domain name normally. The regional root domain name mirror server for improving the domain name resolution efficiency can transmit resolution details to the root domain name server, so that privacy leakage risks exist in information privacy of users. Since the conventional root domain name server (ICANN) cannot get rid of the control of a single country through centralized management by ICANN (the Internet Corporation for Assigned Names and numbers), it is far more safe and effective to use a new decentralized domain name resolution service system to integrate domain name services around the world.
In the prior art, a credible decentralized equal infrastructure model formed based on a block chain technology provides certain technical support for a network world realizing equal interconnection.
Disclosure of Invention
In view of the above problems, embodiments of the present invention provide a decentralized domain name service method, a data acquisition method, and a system, which solve the technical problem that the existing domain name resolution has potential hazards in service reliability and data reliability.
The decentralized domain name service system of the embodiment of the invention comprises:
the administrative entity root domain name servers are used for providing domain name resolution service at home and abroad, establishing and determining the collected data connection between the administrative entity root domain name servers and the existing root domain name servers through consensus judgment, collecting domain name data in the existing domain name service system through collected data connection and sharing the domain name data among the administrative entity root domain name servers;
the administrative entity root domain name servers are built in the administrative entity, and backbone areas are formed among the administrative entity root domain name servers.
The decentralized domain name service method of the embodiment of the invention comprises the following steps:
forming an administrative entity root domain name server, establishing a domain name block data structure on the administrative entity root domain name server, and forming consensus confirmation among the administrative entity root domain name servers;
performing domain name resolution with the existing domain name service system through the administrative entity root domain name server;
selecting the administrative entity root domain name server through consensus judgment to perform traversal caching on domain name data of the existing domain name service system;
and forming a domain name block by the domain name data through a domain name block data structure and sharing the domain name data among the root domain name servers of the administrative entity.
In an embodiment of the present invention, the forming of the consensus confirmation between the administrative entity root domain name servers includes:
when determining that the administrative entity root domain name server key changes and applies for, other administrative entity root domain name servers make a majority of priority resolution on legal change information;
when the majority of the priority resolution shows acceptance, performing key change on the root domain name server of the determined administrative entity, and forming a changed key into changed certificate data of the root domain name server of the administrative entity by the root domain name server of the determined administrative entity;
and storing the changed certificate data in a domain name block data structure to form a block to complete consensus confirmation, and sharing the block between the administrative entity root domain name servers.
In an embodiment of the present invention, the forming of the consensus confirmation between the administrative entity root domain name servers includes:
when determining that the administrative entity root domain name server applies for change, other administrative entity root domain name servers make a majority of priority resolution on legal change information;
said determining that an administrative entity root domain name server changes when said majority resolution indicates acceptance;
and storing the change information data and the plurality of priority resolution data in a domain name block data structure to form block completion consensus confirmation, and sharing the block completion consensus confirmation among the root domain name servers of the administrative entity.
The decentralized domain name data acquisition method provided by the embodiment of the invention comprises the following steps:
forming an administrative entity root domain name server, establishing a domain name block data structure on the administrative entity root domain name server, and forming consensus confirmation among the administrative entity root domain name servers;
selecting the administrative entity root domain name server through consensus judgment to perform traversal caching on domain name data of the existing domain name service system;
and forming a domain name block by the domain name data through a domain name block data structure and sharing the domain name data among the root domain name servers of the administrative entity.
In an embodiment of the present invention, the traversing and caching the domain name data of the existing domain name service system by selecting the administrative entity root domain name server through consensus judgment includes:
and establishing an Access Out data structure to store the information of the administrative entity root domain name server which fails to establish domain name resolution connection with the existing root domain name server.
And when determining that the administrative entity root domain name server cannot be connected with the existing root domain name server to establish domain name resolution, storing the failure node information for determining the administrative entity root domain name server in the AccessOut data structure.
And eliminating an administrative entity root domain name server as a candidate node according to the failure node information of the AccessOut data structure.
In an embodiment of the present invention, the traversing and caching the domain name data of the existing domain name service system by selecting the administrative entity root domain name server through consensus judgment includes:
and periodically initiating voting among the alternative nodes to form a majority priority resolution, determining a current DNS record updating node, storing majority priority resolution data and the current DNS record updating node data in a domain name block data structure to form a block to finish consensus judgment, and sharing among the root domain name servers of the administrative entity.
And establishing domain name resolution connection with the existing root domain name server by using the current DNS record updating node, traversing the top-level domain name under the existing root domain name server to obtain and cache all DNS records under the existing root domain name server.
And when the period count expires, voting is initiated among the alternative nodes to form a majority priority resolution, and the next different current DNS record updating node is determined.
In an embodiment of the present invention, the traversing and caching the domain name data of the existing domain name service system by selecting the administrative entity root domain name server through consensus judgment includes:
the DNS record updating node compares all DNS records with local DNS records to form updated DNS records and makes DNS record update requests.
And broadcasting the DNS record updating request to other administrative entity root domain name servers to accept the validity and integrity verification of the DNS record updating request.
And when the majority of the priority resolution approves that the DNS record updating request has validity and integrity and finishes consensus judgment, storing the updated DNS record in a domain name block data structure to form a block, and sharing the block among the root domain name servers of the administrative entity.
In one embodiment of the invention, after the domain name block is formed, a global unique identifier, domain name data and public key data of a transaction information data structure in the domain name block are obtained in the process of synchronizing a root domain name server of an administrative entity by an intelligent contract; and positioning a corresponding leaf node position in the domain name storage structure through the global unique identifier, and storing the public key data and the domain name data in the leaf node.
The decentralized domain name service system of the embodiment of the invention comprises:
the domain name service supporting device is used for forming an administrative entity root domain name server, establishing a domain name block data structure on the administrative entity root domain name server and forming consensus confirmation among the administrative entity root domain name servers;
the domain name data acquisition device is used for selecting the administrative entity root domain name server through consensus judgment to perform traversal caching on domain name data under the existing root domain name server;
and the domain name data sharing device is used for sharing the domain name data forming a domain name block among the administrative entity root domain name servers through a domain name block data structure.
The decentralized domain name service method, the data acquisition method and the system provided by the embodiment of the invention have the following technical effects:
1, the data can not be tampered, and the reliability of the data is enhanced.
2 due to the use of distributed accounting and storage, there are no centralized nodes, and the data blocks in the system are commonly maintained by the nodes with maintenance function in the whole system.
And 3, the system is open and transparent, and domain name data in the block chain is disclosed for all nodes in the block chain.
4 the stability and reliability of the system are high. Once the information is validated and added to the blockchain, it is stored, and unless more than 51% of the nodes can be controlled simultaneously, the modifications to the database at a single node are invalid.
The data exchange between the 5 service nodes operates following a fixed intelligent contract.
6, the exclusive control of DNS by empowerment countries is avoided, an equally interconnected network world is constructed, and the existence of intercommunication among countries is greatly promoted.
And 7, an autonomously controllable DNS resolution system is realized.
8, the existing DNS system is compatible, and in the present system, as long as another node can normally access the existing DNS system, other nodes in the federation formed by the nodes can make access requests through the node. At the same time, existing DNS records will also be synchronized into the federation.
Drawings
Fig. 1 is a schematic structural diagram of a decentralized domain name service system according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating a method for decentralized domain name service according to an embodiment of the present invention.
Fig. 3 is a schematic diagram illustrating an architecture of a decentralized domain name service system according to an embodiment of the present invention.
Fig. 4 is a first flowchart illustrating a decentralized domain name service according to an embodiment of the present invention.
Fig. 5 is a flowchart illustrating a second process of decentralized domain name service according to an embodiment of the present invention.
Fig. 6 is a third flowchart illustrating a decentralized domain name service according to an embodiment of the present invention.
Fig. 7 is a fourth flowchart illustrating a decentralized domain name service according to an embodiment of the present invention.
Fig. 8 is a fifth flowchart illustrating a decentralized domain name service according to an embodiment of the present invention.
Fig. 9 is a block diagram illustrating centralized domain name service data interaction according to an embodiment of the invention.
Fig. 10 is a schematic diagram illustrating a domain name storage structure in a centralized domain name service data interaction according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer and more obvious, the present invention is further described below with reference to the accompanying drawings and the detailed description. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A decentralized domain name service system according to an embodiment of the present invention is shown. In the figure, the present embodiment includes:
the administrative entity root domain name servers are used for providing domain name resolution service for home and abroad, the administrative entity root domain name servers establish data acquisition connection between the administrative entity root domain name servers and the existing root domain name servers through consensus judgment, and acquire domain name data in the existing domain name service system through the data acquisition connection and share the domain name data among the administrative entity root domain name servers.
The method comprises the steps that an administrative entity root domain name server is built in an administrative entity, backbone areas are formed among the administrative entity root domain name servers, a top-level domain name server 2 is built under an administrative entity root domain name server 1 in the administrative entity, an authority domain name server 3 is built under the top-level domain name server 2, and non-backbone areas under the administrative entity root domain name server are formed.
The administrative entity is a kind of alliance formed between the administrative entity root domain name servers in a country, and each country participating in the alliance has at least one administrative entity root domain name server. The administrative entity root domain name server 1 includes all domain name resolution functions of the existing root domain name server 4 under the ICANN system.
The method for providing the domain name resolution service for home and abroad comprises the steps of providing the domain name resolution service of a home domain name for a domain name resolution request in a country, providing the domain name resolution service of a foreign domain name for the domain name resolution request in the country and providing the domain name resolution service of a home domain name for the domain name resolution request in other countries.
Those skilled in the art will appreciate that various types and levels of domain name servers under the root domain name server 1 of the administrative entity, such as the top level domain name server 2 and the authority domain name server 3, participate in all or part of the domain name resolution service.
And traversing and collecting the domain name data in the existing domain name service system where the existing root domain name server is located only through collecting data connection, wherein the domain name data comprises but is not limited to data of a root domain name, a top-level domain name and an authority domain name.
The decentralized domain name service system of the embodiment of the invention forms a alliance architecture of a top-level domain name resolution server for providing domain name resolution for each country by taking an administrative entity as a boundary, and forms a complete domain name resolution architecture of the top-level domain name resolution server and a bottom-level domain name resolution server in the administrative entity. The alliance architecture adopts a block chain technology to form a consensus process to realize trust relationship and data sharing, so that domain name resolution can get rid of potential harm of network ownership, and reliable acquisition and sharing of domain name data can be realized.
Fig. 2 shows a method for decentralized domain name service according to an embodiment of the present invention. In fig. 2, the present embodiment includes:
step 100: and forming a root domain name server of the administrative entity, establishing a domain name block data structure on the root domain name server of the administrative entity, and forming consensus confirmation among the root domain name servers of the administrative entity.
As those skilled in the art can understand the structure and function of the root domain name server, the administrative entity root domain name server is different from the existing root domain name server mainly in that it is provided in a country as a certain administrative entity, corresponding to a country. An administrative entity includes at least an administrative root domain name server, and a country may also include an existing root domain name server. Those skilled in the art can understand that the blockchain technology forms distributed storage of data and consensus judgment of data operation, block synchronization can be completed through an intelligent contract technology means, and establishing a domain name block data structure is to perform block storage of domain name data on a root domain name server of an administrative entity. Public key distribution can be carried out between the administrative entity root domain name servers by using an asymmetric encryption technical means of a block chain technology to form identity confirmation, consensus is established through (most) confirmation formed between the administrative entity root domain name servers, and an identity trust relationship is established to form consensus confirmation.
Step 200: and performing domain name resolution with the existing domain name service system through the administrative entity root domain name server.
The administrative entity root domain name server corresponds to a country division, and the existing root domain name server does not correspond to the country division. The administrative entity root domain name server can provide domain name resolution service for the lower domain name servers below the administrative entity root domain name server, such as the top-level domain name server and the authority domain name server. The administrative entity root domain name server performs domain name resolution and domain name registration for domain name resolution requests and management in the country.
Step 300: and traversing and caching domain name data of the existing domain name service system by selecting a root domain name server of the administrative entity through consensus judgment.
Those skilled in the art will understand that domain name resolution requests can be made among root domain name servers following the same domain name resolution rule, and domain name data of domain name servers under the existing domain name service system, such as DNS records, which may include information such as an a record, an NS record, an SOA record, an MX record, a Cname record, an SRV record, and a PTR record, can be obtained. In an embodiment of the present invention, domain name data under an existing root domain name server is traversed and stored, where the domain name data is mainly for a top-level domain name.
Step 400: and forming a domain name block by the domain name data through a domain name block data structure and sharing the domain name data among the root domain name servers of the administrative entity.
The storage of the domain name data has time sequence, and the data structure of the domain name block can form structured storage of domain name data updating, so that domain name blocks are synchronized among root domain name servers of each administrative entity.
The decentralized domain name service method of the embodiment of the invention realizes domain name resolution and decentralized within the whole network range by optimizing the structure of the root domain name server and the synchronous distribution process of domain name data acquisition and sharing, forms an administrative entity root domain name server independently from the existing root domain name server, forms identity consensus confirmation among the administrative entity root domain name servers, ensures the equal status, the management authority and the authentication authenticity among the administrative entity root domain name servers, and forms reasonable distribution, reliable storage and effective sharing of domain name data by using a block chain synchronization means. The method is characterized in that the traditional domain name resolution is completed through the protocol compatibility of the existing root domain name server and the administrative entity root domain name server, and meanwhile, the domain name information under the existing root domain name server is collected, so that the seamless connection and the stable transition of domain name resolution service from centralized management to decentralized management are realized. Specifically, the method comprises the following steps:
1, the data can not be tampered, and the reliability of the data is enhanced.
2 due to the use of distributed accounting and storage, there are no centralized nodes, and the data blocks in the system are commonly maintained by the nodes with maintenance function in the whole system.
And 3, the system is open and transparent, and domain name data in the block chain is disclosed for all nodes in the block chain.
4 the stability and reliability of the system are high. Once the information is validated and added to the blockchain, it is stored, and unless more than 51% of the nodes can be controlled simultaneously, the modifications to the database at a single node are invalid.
The data exchange between the 5 service nodes operates following a fixed intelligent contract.
6, the exclusive control of DNS by empowerment countries is avoided, an equally interconnected network world is constructed, and the existence of intercommunication among countries is greatly promoted.
And 7, an autonomously controllable DNS resolution system is realized.
8, the existing DNS system is compatible, and in the present system, as long as another node can normally access the existing DNS system, other nodes in the federation formed by the nodes can make access requests through the node. At the same time, existing DNS records will also be synchronized into the federation.
The decentralized domain name service system formed by the administrative entity root domain name server of the embodiment of the invention can realize the acquisition of domain name data in the existing domain name service from the existing domain name service system and form the effective redundancy and the effective complementation of the domain name service in different domain name service systems. The decentralized domain name data acquisition method based on the technical purpose comprises the following steps:
step 100: and forming a root domain name server of the administrative entity, establishing a domain name block data structure on the root domain name server of the administrative entity, and forming consensus confirmation among the root domain name servers of the administrative entity.
Step 300: and traversing and caching domain name data of the existing domain name service system by selecting a root domain name server of the administrative entity through consensus judgment.
Step 400: and forming a domain name block by the domain name data through a domain name block data structure and sharing the domain name data among the root domain name servers of the administrative entity.
As shown in fig. 2, in an embodiment of the present invention, step 100 includes:
step 111: forming certificate data of the administrative entity root domain name server according to an initial public key of the administrative entity root domain name server;
step 112: and storing the certificate data in a domain name block data structure to form a block to complete consensus confirmation, wherein the block is shared among the root domain name servers of the administrative entity.
The decentralized domain name service method provided by the embodiment of the invention provides initial establishment of the administrative entity root domain name server with consensus confirmation and data sharing by using a block chain technology, and ensures the reliability and synchronism of data when the server is initialized to form a coalition.
As shown in fig. 2, in an embodiment of the present invention, step 100 includes:
step 121: when determining that the administrative entity root domain name server key changes and applies for, other administrative entity root domain name servers make a majority of priority resolution on legal change information; the majority vote is a priority vote based on the tendency of the votes to vote for the majority vote.
Step 122: when the majority of the priority resolution shows acceptance, determining the key change of the administrative entity root domain name server, and determining that the administrative entity root domain name server forms the changed key into changed certificate data of the administrative entity root domain name server;
step 123: and storing the changed certificate data in a domain name block data structure to form a block to complete consensus confirmation, and sharing the block between the administrative entity root domain name servers.
The decentralized domain name service method provided by the embodiment of the invention utilizes the block chain technology to form consensus confirmation and data sharing in the key change process, so that the data reliability and synchronism of the server certificate are ensured when the server certificate changes.
As shown in fig. 2, in an embodiment of the present invention, step 100 includes:
step 131: when determining that the administrative entity root domain name server applies for change (applies for or cancels), other administrative entity root domain name servers make a majority priority resolution on legal change information;
step 132: when the majority of the priority resolution shows acceptance, determining that the administrative entity root domain name server is changed;
step 133: and storing the change information data and the plurality of priority resolution data in a domain name block data structure to form a block to complete consensus confirmation, and sharing the block between the root domain name servers of the administrative entity.
The decentralized domain name service method provided by the embodiment of the invention forms consensus confirmation and data sharing of the increase and decrease process of the administrative entity root domain name server by using a block chain technology, and ensures the reliability and synchronism of data when the number of servers changes.
As shown in fig. 2, in an embodiment of the present invention, step 100 includes:
step 141: when a top-level domain name applies for change (modification or addition), the administrative entity root domain name server of the country where the top-level domain name belongs verifies whether the top-level domain name is legal or not, and other administrative entity root domain name servers make most of priority decisions about receiving or not receiving legal change information;
step 142: when the majority of the priority resolution indicates acceptance, the administrative entity root domain name server of the country of the top-level domain name is changed;
step 143: and storing the change information data and the plurality of priority resolution data in a domain name block data structure to form a block to complete consensus confirmation, and sharing the block between the root domain name servers of the administrative entity.
The decentralized domain name service method provided by the embodiment of the invention forms consensus confirmation and data sharing in the top-level domain name increase and decrease modification process by using a block chain technology, and ensures the reliability and the synchronism of the domain name and data when the data change is analyzed.
As shown in fig. 2, in an embodiment of the present invention, step 300 includes:
step 310: and establishing an Access Out data structure to store the information of the administrative entity root domain name server which fails to establish domain name resolution connection with the existing root domain name server.
Step 320: and when determining that the root domain name server of the administrative entity cannot be connected with the existing root domain name server to establish domain name resolution, storing the failure node information for determining the root domain name server of the administrative entity in an AccessOut data structure.
Step 330: and eliminating the administrative entity root domain name server as the alternative node according to the failure node information of the AccessOut data structure.
The decentralized domain name service method of the embodiment of the invention forms effective records of the failure nodes and forms pre-optimization of DNS record updating nodes according to the effective records, thereby ensuring the traversal success rate and quality of the top-level domain name under the existing root domain name server.
As shown in fig. 2, in an embodiment of the present invention, step 300 further includes:
step 340: and periodically voting among the alternative nodes to form a majority priority resolution, determining a current DNS record updating node, storing majority priority resolution data and current DNS record updating node data in a domain name block data structure to form a block to finish consensus judgment, and sharing among the root domain name servers of the administrative entity.
Step 350: and establishing domain name resolution connection with the existing root domain name server by using the current DNS record updating node, traversing the top-level domain name under the existing root domain name server to obtain all DNS records under the existing root domain name server, and caching.
Step 360: when the period count expires, voting is initiated among the alternative nodes to form a majority priority resolution, and the next different current DNS record updating node is determined.
The decentralized domain name service method of the embodiment of the invention forms consensus judgment of the DNS record updating node, and ensures the maximum safety reliability and node stability of the DNS record updating node.
As shown in fig. 2, in an embodiment of the present invention, step 300 further includes:
step 370: the DNS record updating node compares all DNS records with local DNS records to form updated DNS records and makes DNS record update requests.
Step 380: and broadcasting the DNS record update request to other administrative entity root domain name servers to accept the validity and integrity verification of the DNS record update request.
Step 390: when the majority of the prior resolution approves that the DNS record updating request has validity and integrity and finishes consensus judgment, the updated DNS record is stored in a domain name block data structure to form a block and is shared among the root domain name servers of the administrative entity.
As shown in fig. 2, in an embodiment of the present invention, step 300 further includes:
step 395: and when the majority of priority resolution rejects that the DNS record updating request has validity and integrity, the consensus judgment is completed, and the current DNS record updating node is moved into the loss-of-credit list.
The decentralized domain name service method of the embodiment of the invention forms consensus judgment of the updated DNS record, and ensures the maximum safety reliability and data integrity of the updated DNS record.
A centralized domain name service system according to an embodiment of the present invention is shown in fig. 3. In fig. 3, the present embodiment includes:
a domain name service support device 1000, configured to form an administrative entity root domain name server, establish a domain name block data structure on the administrative entity root domain name server, and form consensus among the administrative entity root domain name servers;
a domain name resolution interactive device 2000, configured to perform domain name resolution with an existing root name server through an administrative entity root name server;
the domain name data acquisition device 3000 is used for traversing and caching domain name data under the existing root domain name server by selecting an administrative entity root domain name server through consensus judgment;
the domain name data sharing device 4000 is configured to form domain name blocks from domain name data through a domain name block data structure and share the domain name data among the root domain name servers of the administrative entity.
The centralized domain name service system according to an embodiment of the present invention is described with reference to fig. 3. The method comprises the following steps:
a domain name service support device 1000, configured to form an administrative entity root domain name server, establish a domain name block data structure on the administrative entity root domain name server, and form consensus among the administrative entity root domain name servers;
the domain name data acquisition device 3000 is used for traversing and caching domain name data under the existing root domain name server by selecting an administrative entity root domain name server through consensus judgment;
the domain name data sharing device 4000 is configured to form domain name blocks from domain name data through a domain name block data structure and share the domain name data among the root domain name servers of the administrative entity.
As shown in fig. 3, in an embodiment of the present invention, a domain name service supporting apparatus 1000 includes:
an initial public key module 1011, configured to form certificate data of the administrative entity root domain name server according to an initial public key of the administrative entity root domain name server;
the public key sharing module 1012 is configured to store the certificate data in a domain name block data structure to form a block, which is shared between root domain name servers of the administrative entity, to complete consensus confirmation.
As shown in fig. 3, in an embodiment of the present invention, the domain name service supporting apparatus 1000 further includes:
a key resolution module 1021, configured to make a majority of priority resolution on legal change information by other administrative entity root domain name servers when determining an administrative entity root domain name server key change application;
a public key updating module 1022, configured to determine that the key of the administrative entity root domain name server is changed when the majority of priority resolution shows acceptance, and determine that the administrative entity root domain name server forms the changed key into changed certificate data of the administrative entity root domain name server;
and an update sharing module 1023, configured to store the change certificate data in the domain name block data structure to form a block completion consensus confirmation, and share the block completion consensus confirmation among the root domain name servers of the administrative entity.
As shown in fig. 3, in an embodiment of the present invention, the domain name service supporting apparatus 1000 further includes:
an entity resolution module 1031, configured to, when determining that the administrative entity root domain name server applies for change (applies for or cancels), make a majority of priority resolution on legal change information by other administrative entity root domain name servers;
an entity change module 1032 for determining that the administrative entity root domain name server is changed when the majority of priority resolution indicates acceptance;
the change sharing module 1033 is configured to store the change information data and the plurality of priority resolution data in the domain name block data structure to form a block to complete consensus confirmation, and share the block between the root domain name servers of the administrative entity.
As shown in fig. 3, in an embodiment of the present invention, the domain name service supporting apparatus 1000 further includes:
a domain name resolution module 1041, configured to verify whether a root domain name server of an administrative entity in a country where a top-level domain name belongs is legal or not when a top-level domain name applies for change (modification or addition), and make most of priority resolutions of receiving or not receiving legal change information by root domain name servers of other administrative entities;
a domain name changing module 1042 for changing the administrative entity root domain name server of the country of the top-level domain name when the majority resolution indicates acceptance;
and a domain name sharing module 1043, configured to store the change information data and the plurality of priority resolution data in a domain name block data structure to form a block, and perform consensus confirmation, so as to share the change information data and the plurality of priority resolution data among the root domain name servers of the administrative entity.
As shown in fig. 3, in an embodiment of the present invention, a domain name data collecting apparatus 3000 includes:
the lost connection node module 3010 is configured to establish an AccessOut data structure to store information of a root domain name server of an administrative entity that fails to establish domain name resolution connection with an existing root domain name server;
the lost connection storage module 3020 is configured to, when it is determined that the administrative entity root domain name server cannot be connected to the existing root domain name server to establish domain name resolution, store the information of the failed node that determines the administrative entity root domain name server in the AccessOut data structure;
and an alternative node module 3030, configured to exclude, according to the failure node information of the AccessOut data structure, an administrative entity root domain name server as an alternative node.
As shown in fig. 3, in an embodiment of the present invention, the domain name data collecting device 3000 further includes:
an update voting module 3040, configured to periodically initiate voting between the candidate nodes to form a majority priority resolution, determine a current DNS record update node, store the majority priority resolution data and the current DNS record update node data in a domain name block data structure to form a block, complete consensus judgment, and share the block and the block with a root domain name server of the administrative entity;
the record caching module 3050 is configured to establish a domain name resolution connection with the existing root domain name server by using the current DNS record update node, traverse the top-level domain name under the existing root domain name server to obtain all DNS records under the existing root domain name server, and cache the DNS records;
a period update module 3060, configured to initiate a vote between alternative nodes when the period count expires to form a majority priority resolution, and determine a next different current DNS record update node.
As shown in fig. 3, in an embodiment of the present invention, the domain name data collecting device 3000 further includes:
a record comparison module 3070, configured to compare the DNS record update node with all DNS records and the local DNS record to form an update DNS record and provide a DNS record update request;
the record verification module 3080 is configured to broadcast a DNS record update request to other administrative entity root domain name servers to receive validity and integrity verification of the DNS record update request;
the record sharing module 3090 is configured to, when the consensus judgment is completed when the majority of the resolution approval DNS record update requests are legal and complete, store the updated DNS record in the domain name block data structure to form a block, and share the updated DNS record among the root domain name servers of the administrative entity.
As shown in fig. 3, in an embodiment of the present invention, the domain name data collecting device 3000 further includes:
a loss message recording module 3095 for completing the consensus judgment when the DNS record updating request is judged to be legal and complete by a plurality of priority solutions and moving the current DNS record updating node into the loss message list
Fig. 4 shows a method for forming a root server key change by using a decentralized domain name service system according to an embodiment of the present invention. In fig. 4, the processing procedure of this embodiment includes:
in the root domain name server of the administrative entity needing to be changed: a key change application; performing a new key change based on the pass resolution; broadcasting the new key to other administrative entity root domain name servers forming the federation;
other administrative entity root domain name servers forming the federation: making a resolution to the application; and recording the new key to form a block.
Fig. 5 shows a method for forming a top-level domain name change by a decentralized domain name service system according to an embodiment of the present invention. In fig. 5, the processing procedure of this embodiment includes:
a client: initiating a top-level domain name change request; receiving confirmation of a server;
the root domain name server of the administrative entity where the client is located: checking the range of the client; verifying the request validity; forming block records of legal domain name data;
other administrative entity root domain name servers: the legitimacy is verified through consensus; legal request data is written into the block chain structure.
Fig. 6 shows a method for forming a domain name verification by a decentralized domain name service system according to an embodiment of the present invention. In fig. 6, the processing procedure of this embodiment includes:
a client: initiating a domain name verification request; receiving a verification result;
the method comprises the following steps that a domain name server cluster where a client is located: inquiring domain name feedback data of a corresponding request of a target domain name server cluster; requesting to query the signature of the domain name feedback data; verifying the domain name feedback data by using the signature to form a verification result;
the root domain name server of the administrative entity where the client is located: feeding back a corresponding domain name signature to a domain name server cluster where the client is located;
target domain name server cluster: the corresponding authentication request forms domain name feedback data.
Fig. 7 shows a method for forming a secondary domain name application by a decentralized domain name service system according to an embodiment of the present invention. In fig. 7, the processing procedure of this embodiment includes:
a client: initiating a universal domain name application; allocating a universal domain name address; requesting domain name resolution processing by using a universal domain name address; receiving successful domain name resolution data;
the root domain name server of the administrative entity where the client is located: resolving the universal domain name application; returning a general domain name address;
a general domain name server cluster: a domain name resolution request is processed.
An embodiment of a decentralized domain name service system forming domain name resolution is shown in fig. 8. In fig. 8, the processing procedure of this embodiment includes:
a client: initiating an analysis request; receiving domain name resolution data of a domain name server cluster where the domain name server cluster is located or domain name resolution data of a domain name server cluster where a target domain name is located;
the method comprises the following steps that a domain name server cluster where a client is located: recursively resolving the request; directly returning domain name resolution data or submitting a resolution request to a root domain name server of the administrative entity where the domain name resolution data is located; receiving target location data; an analysis request is put forward to a target position; receiving domain name resolution data of a domain name server cluster where a target domain name is located and forwarding the domain name resolution data to a client;
the root domain name server of the administrative entity where the client is located: returning a target position address according to the analysis request;
the cluster of the domain name server where the target domain name is located: the resolution request forms domain name resolution data.
Fig. 9 shows a block structure of centralized domain name service data interaction according to an embodiment of the present invention. In fig. 9, each administrative entity root domain name server stores domain name block data by using a domain name block data structure, where a domain name block includes transaction information data structures Transactions, a transaction input data structure TxInput, and a transaction output data structure TxOutput, where:
the transaction information data structure comprises an ID field for storing domain name data block serial numbers;
the transaction output data structure TxOutput comprises a 'DDNC _ ID' field which is used for storing the global unique identification of the domain name node;
the transaction input data structure TxInput and the transaction output data structure TxOutput comprise a 'PubKey' field which is used for storing a domain name public key of a domain name node;
the transaction input data structure TxInput and the transaction output data structure TxOutput include a "DNSINFO" field for storing domain name data for the domain name node.
The block structure enables each domain name node to complete the synchronization of the complete domain name data block in an intelligent contract transaction mode;
the global unique identifier of the DDNC _ ID field adopts a hierarchical identifier structure to adapt to the number of users;
the uniqueness of the domain name node, the integrity and the authenticity of the domain name data can be determined through the 'DDNC _ ID' field, the 'DNSINFO' field and the 'PubKey' field.
Fig. 10 shows a structure of storing domain names in a centralized domain name service data interaction according to an embodiment of the present invention. In fig. 10, each domain name node, such as the administrative entity root domain name server, includes a domain name storage structure that is maintained locally at the domain name node and updated according to the block data. The domain name storage structure adopts a radix permutation tree structure structAdixTree, and the radix permutation tree structure can be realized by ending a database. The root of the base permutation tree structure stores a top-level domain name, each level of nodes in the direction from the root to a leaf node stores a secondary domain name keyword, the leaf node stores 'DNSINFO' field data and 'PubKey' field data of a globally unique identifier of a 'DDNC _ ID' field corresponding to the domain name, a complete branch of the base permutation tree structure forms a complete domain name of the globally unique identifier correspondingly, and the corresponding leaf node provides the domain name data.
The decentralized domain name data acquisition method of the embodiment of the invention comprises the following steps:
after a domain name block is formed, in the process of synchronizing a root domain name server of a administrative entity by an intelligent contract, acquiring a globally unique identifier in a 'DDNC _ ID' field of a transaction information data structure in the domain name block, domain name data in the 'DNSINFO' field and public key data in the 'PubKey' field;
and positioning the corresponding leaf node position in the domain name storage structure through the global unique identifier, and storing the public key data and the domain name data in the leaf node.
The decentralized domain name data acquisition method provided by the embodiment of the invention utilizes the characteristic of non-bolt insertion and the time sequence of the block to extract the domain name and the corresponding public key in the block synchronization process of the administrative entity root domain name server and is used for high-speed domain name retrieval and data updating, thereby effectively improving the retrieval efficiency of domain name resolution data in the massive domain name resolution process and providing effective sharing efficiency for local management and response of domain name acquisition data.
The centralized domain name service system of an embodiment of the present invention includes an administrative entity root name server, which includes:
the memory is used for storing corresponding program codes of the processing processes in the centralized domain name service method and the centralized domain name data acquisition method of the embodiment;
and the processor is used for operating corresponding program codes of the processing processes in the centralized domain name service method and the centralized domain name data acquisition method of the embodiment.
The processor may be a dsp (digital Signal processing) digital Signal processor, an FPGA (Field-Programmable Gate Array), an mcu (microcontroller unit) system board, an soc (system on a chip) system board, or a plc (Programmable Logic controller) minimal system including I/O or a server.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A decentralized domain name service system, comprising:
the administrative entity root domain name servers are used for providing domain name resolution service at home and abroad, establishing and determining the collected data connection between the administrative entity root domain name servers and the existing root domain name servers through consensus judgment, collecting domain name data in the existing domain name service system through collected data connection and sharing the domain name data among the administrative entity root domain name servers;
the administrative entity root domain name servers are built in the administrative entity, and backbone areas are formed among the administrative entity root domain name servers.
2. A method for decentralized domain name service, comprising:
forming an administrative entity root domain name server, establishing a domain name block data structure on the administrative entity root domain name server, and forming consensus confirmation among the administrative entity root domain name servers;
performing domain name resolution with the existing domain name service system through the administrative entity root domain name server;
selecting the administrative entity root domain name server through consensus judgment to perform traversal caching on domain name data of the existing domain name service system;
and forming a domain name block by the domain name data through a domain name block data structure and sharing the domain name data among the root domain name servers of the administrative entity.
3. The decentralized domain name service method according to claim 2, wherein said forming a consensus confirmation between said administrative entity root domain name servers comprises:
when determining that the administrative entity root domain name server key changes and applies for, other administrative entity root domain name servers make a majority of priority resolution on legal change information;
when the majority of the priority resolution shows acceptance, performing key change on the root domain name server of the determined administrative entity, and forming a changed key into changed certificate data of the root domain name server of the administrative entity by the root domain name server of the determined administrative entity;
and storing the changed certificate data in a domain name block data structure to form a block to complete consensus confirmation, and sharing the block between the administrative entity root domain name servers.
4. The decentralized domain name service method according to claim 2, wherein said forming a consensus confirmation between said administrative entity root domain name servers comprises:
when determining that the administrative entity root domain name server applies for change, other administrative entity root domain name servers make a majority of priority resolution on legal change information;
said determining that an administrative entity root domain name server changes when said majority resolution indicates acceptance;
and storing the change information data and the plurality of priority resolution data in a domain name block data structure to form block completion consensus confirmation, and sharing the block completion consensus confirmation among the root domain name servers of the administrative entity.
5. A decentralized domain name data acquisition method is characterized by comprising the following steps:
forming an administrative entity root domain name server, establishing a domain name block data structure on the administrative entity root domain name server, and forming consensus confirmation among the administrative entity root domain name servers;
selecting the administrative entity root domain name server through consensus judgment to perform traversal caching on domain name data of the existing domain name service system;
and forming a domain name block by the domain name data through a domain name block data structure and sharing the domain name data among the root domain name servers of the administrative entity.
6. The decentralized domain name data collection method according to claim 5, wherein said selecting said administrative entity root domain name server to traverse cache domain name data of said existing domain name service system by consensus judgment comprises:
establishing an Access Out data structure to store the information of the administrative entity root domain name server which fails to establish domain name resolution connection with the existing root domain name server;
when determining that the administrative entity root domain name server cannot be connected with the existing root domain name server to establish domain name resolution, storing failure node information for determining the administrative entity root domain name server in the AccessOut data structure;
and eliminating an administrative entity root domain name server as a candidate node according to the failure node information of the AccessOut data structure.
7. The decentralized domain name data collection method according to claim 5, wherein said selecting said administrative entity root domain name server to traverse cache domain name data of said existing domain name service system by consensus judgment comprises:
periodically initiating voting among the alternative nodes to form a majority priority resolution, determining a current DNS record updating node, storing majority priority resolution data and the current DNS record updating node data in a domain name block data structure to form a block to finish consensus judgment, and sharing among the root domain name servers of the administrative entity;
establishing domain name resolution connection with the existing root domain name server by using a current DNS record updating node, traversing the top-level domain name under the existing root domain name server to obtain and cache all DNS records under the existing root domain name server;
and when the period count expires, voting is initiated among the alternative nodes to form a majority priority resolution, and the next different current DNS record updating node is determined.
8. The decentralized domain name data collection method according to claim 5, wherein said selecting said administrative entity root domain name server to traverse cache domain name data of said existing domain name service system by consensus judgment comprises:
the DNS record updating node compares all DNS records with local DNS records to form updated DNS records and provides a DNS record updating request;
broadcasting the DNS record updating request to other administrative entity root domain name servers to accept the validity and integrity verification of the DNS record updating request;
and when the majority of the priority resolution approves that the DNS record updating request has validity and integrity and finishes consensus judgment, storing the updated DNS record in a domain name block data structure to form a block, and sharing the block among the root domain name servers of the administrative entity.
9. The decentralized domain name data acquisition method according to claim 5, characterized in that after the domain name block is formed, in the process of synchronizing the administrative entity root domain name server by an intelligent contract, the globally unique identifier, the domain name data and the public key data of the transaction information data structure in the domain name block are acquired; and positioning a corresponding leaf node position in the domain name storage structure through the global unique identifier, and storing the public key data and the domain name data in the leaf node.
10. A decentralized domain name service system, comprising:
the domain name service supporting device is used for forming an administrative entity root domain name server, establishing a domain name block data structure on the administrative entity root domain name server and forming consensus confirmation among the administrative entity root domain name servers;
the domain name data acquisition device is used for selecting the administrative entity root domain name server through consensus judgment to perform traversal caching on domain name data under the existing root domain name server;
and the domain name data sharing device is used for sharing the domain name data forming a domain name block among the administrative entity root domain name servers through a domain name block data structure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911388608.5A CN111107179A (en) | 2019-12-30 | 2019-12-30 | Decentralized domain name service method, data acquisition method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911388608.5A CN111107179A (en) | 2019-12-30 | 2019-12-30 | Decentralized domain name service method, data acquisition method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111107179A true CN111107179A (en) | 2020-05-05 |
Family
ID=70424266
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911388608.5A Pending CN111107179A (en) | 2019-12-30 | 2019-12-30 | Decentralized domain name service method, data acquisition method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111107179A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113873053A (en) * | 2021-09-03 | 2021-12-31 | 中国银行股份有限公司 | Domain name changing method and device |
| CN114629823A (en) * | 2022-05-16 | 2022-06-14 | 鹏城实验室 | Server testing and monitoring method and device, terminal equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6880007B1 (en) * | 1999-06-07 | 2005-04-12 | Register Com, Inc. | Domain manager and method of use |
| CN101841409A (en) * | 2010-01-26 | 2010-09-22 | 中国科学院计算机网络信息中心 | Method, server and domain name system for realizing purpose of creating synchronization in DNS region |
| CN108449444A (en) * | 2018-03-29 | 2018-08-24 | 江苏省未来网络创新研究院 | Local data transport method, self-loopa domain name analysis system and method |
| CN109327562A (en) * | 2018-12-10 | 2019-02-12 | 中共中央办公厅电子科技学院 | Domain name storage system and method based on block chain |
-
2019
- 2019-12-30 CN CN201911388608.5A patent/CN111107179A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6880007B1 (en) * | 1999-06-07 | 2005-04-12 | Register Com, Inc. | Domain manager and method of use |
| CN101841409A (en) * | 2010-01-26 | 2010-09-22 | 中国科学院计算机网络信息中心 | Method, server and domain name system for realizing purpose of creating synchronization in DNS region |
| CN108449444A (en) * | 2018-03-29 | 2018-08-24 | 江苏省未来网络创新研究院 | Local data transport method, self-loopa domain name analysis system and method |
| CN109327562A (en) * | 2018-12-10 | 2019-02-12 | 中共中央办公厅电子科技学院 | Domain name storage system and method based on block chain |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113873053A (en) * | 2021-09-03 | 2021-12-31 | 中国银行股份有限公司 | Domain name changing method and device |
| CN114629823A (en) * | 2022-05-16 | 2022-06-14 | 鹏城实验室 | Server testing and monitoring method and device, terminal equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107613041B (en) | Domain name management system, domain name management method and domain name resolution method based on block chain | |
| CN108064444B (en) | Domain name resolution system based on block chain | |
| CN109729168B (en) | Data sharing exchange system and method based on block chain | |
| CN110572281B (en) | Credible log recording method and system based on block chain | |
| CN108259622B (en) | Cross-region sharing method for electronic license data | |
| US20180287997A1 (en) | Systems and methods for managing top-level domain names using consortium blockchain | |
| CN108449444B (en) | Regional data transmission method, self-circulation domain name resolution system and method | |
| CN108616613B (en) | Decentralized root domain name service method and system based on block chain | |
| CN106612246A (en) | Unified authentication method for simulation identity | |
| CN109040068B (en) | Remote authentication method, authentication server and block chain for broadband user | |
| CN109495604A (en) | A kind of method of general domain name mapping | |
| CN111107179A (en) | Decentralized domain name service method, data acquisition method and system | |
| CN110730081B (en) | Block chain network-based certificate revocation method, related equipment and medium | |
| CN113824563B (en) | Cross-domain identity authentication method based on block chain certificate | |
| CN112134967B (en) | Domain name resolution method and device based on common treatment chain | |
| FI20215009A1 (en) | Smart contract-based domain name management system | |
| US8200811B2 (en) | Automatic server administration of serial numbers in a replicated certificate authority topology | |
| CN113411376A (en) | Sensor data processing method and device based on block chain fragmentation storage | |
| US20230353394A1 (en) | Cross-blockchain transaction processing method and apparatus, computer device, computer storage medium, and computer program product | |
| JP2001265216A (en) | Method and device for publishing public key certificate | |
| CN109088954B (en) | Distributed object identification information registration and analysis method | |
| US11522995B2 (en) | Number management system, number management method, and number management device | |
| US20220182375A1 (en) | Method for hierarchical internet trust sharing | |
| CN115550067A (en) | Industrial Internet interoperation method, system and equipment based on distributed identification | |
| US20220027315A1 (en) | Method of synchronous deletion for distributed storage system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200505 |
|
| RJ01 | Rejection of invention patent application after publication |