Detection system and method for realizing DNS service defense

Abstract

The invention discloses a detection system and method for realizing DNS (Domain Name System) service defense, and the system comprises a plurality of heterogeneous DNS recursive analysis servers, and the DNS recursive analysis servers form an equivalent server pool of a heterogeneous executor; the executor can be used as a recursive server or an authorization server and is used for providing domain name resolution of the local or public internet; the DNS distribution decision server is used for receiving the analysis request transmitted from the analysis acceleration server and distributing the analysis request to each executor; an analysis result of the dynamically selected heterogeneous executor is collected, and a most correct result is selected through a preset algorithm and returned to the analysis acceleration server; and the analysis acceleration server is used for transmitting the analysis request, receiving a result transmitted by the DNS distribution decision server and storing a result returned by the distribution decision, and can directly request a user to return the analysis result, so that the calculation pressure of the distribution decision is reduced.

Description

technical field [0001] The invention belongs to the field of computers, in particular to a detection system and method for realizing DNS service defense. Background technique [0002] With the continuous development of my country's basic communications, DNS, as the core basic service software of the Internet, has also seen a rapid growth in its business volume. The domain name service system is used to realize the translation of network domain names to IP addresses. It is the portal for users to enter the Internet. It has the characteristics of open protocol, scattered deployment, huge data, and wide use. It has always been one of the main targets of attacks on the Internet. In recent years, there have been frequent network attacks targeting DNS protocol security vulnerabilities, resulting in huge losses and seriously affecting the security and stability of national network development. [0003] In addition to common DNS DOS attacks on the Internet, hijacking and tampering ...

AI Technical Summary

Problems solved by technology

[0005] (1) There are security loopholes in the DNS protocol itself. Most mainstream DNS analysis software is open source, and the defects in the code are easily exposed;

[0006] (2) Due to the scattered deployment, if any DNS server has a domain name security problem, some users will be directly affected;

[0007] (3) Due to the complexity of management and high requirements for network bandwidth, the DNS security expansion protocol has certain difficulties in the actual deployment process, and it is easy to introduce problems such as amplification attacks;

[0008] (4) Conventional domain name monitoring methods can carry out comparative analysis of domain name resolution results before and after changes, but they are mostly used for key domain names, and it is difficult to dynamically implement within the scope of the entire domain name

Images