Method and system for improving safety and performance of domain name system (DNS)

Abstract

The invention relates to a method and a system for improving safety and performance of a domain name system (DNS). The system is characterized by comprising an IP address showing one DNS externally, a load equalizer and a peer-to-peer workgroup, wherein the load equalizer is used for distributing DNS resolution requests from the Internet to each node, and each node shares the overall flow; and the peer-to-peer workgroup comprises a group of members: node 1, node 2......node k, and the processes of electing communication coordinators, updating DNS records and arbitrating consistency are mainlycarried out in the workgroup.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and system for improving the security and performance of the domain name system. Background technique [0002] Every day, hundreds of millions of users access the content and applications on the Internet, and at the same time, massive amounts of data are transmitted on the Internet. All of these require the server support provided by the Domain Name System (DNS). [0003] For each user, a meaningful domain name (or host name), such as www.example.com It is easy to remember and easy to use, and it is also necessary for them to access the Internet; on the other hand, for computers on the Internet, an IP address is actually used for communication, such as 208.77.188.166. [0004] On the Internet, it is the domain name system (DNS) that completes the conversion from domain name to IP address; the DNS server will maintain a record of the mapping relationship between...

AI Technical Summary

Problems solved by technology

[0008] In the prior art, the common method for DDoS attack is to filter traffic; its limitation is: how to distinguish which traffic is normal and which is illegal (attack purpose) is a very difficult thing

For example, due to the lack of IP addresses (IPv4) on the Internet, many users connect to the Internet through Network Address Translation (NAT), so the traffic generated by these users is from the same IP address from the outside. Source IP address; therefore, it is impossible to distinguish between normal traffic and abnormal traffic simply by judging the source IP address of the traffic; on the other hand, distributed denial of service attacks are closer to traffic generated by normal users from the perspective of source IP Therefore, at present, it can only be dealt with by behavior analysis and other methods, which are highly complex and poor in accuracy. For domain name hijacking, in addition to measures such as strengthening supervision manually by administrators, there is a lack of effective prevention technology

Moreover, these manual interventions are often done after the fact. They are usually discovered and dealt with when a large number of users complain that the service is unavailable. At that time, serious harm has already occurred, losses have been caused and are increasing, and recovery and remediation will also cost more. the price of

[0009] It can be seen from historical data that in recent years, attacks against DNS have been increasing, and the existing technology lacks effective means of DNS system security.

Images