一个自主开放的互联网根域名解析体系

张宇; 夏重达; 方滨兴; 张宏莉

引用本文：

张宇,夏重达,方滨兴,张宏莉.一个自主开放的互联网根域名解析体系[J].信息安全学报,2017,2(4):57-69 [点击复制]
ZHANG Yu,XIA Zhongda,FANG Binxing,ZHANG Hongli.An Autonomous Open Root Resolution Architecture for Domain Name System in the Internet[J].Journal of Cyber Security,2017,2(4):57-69 [点击复制]

本文已被：浏览 6917次下载 7686次	码上扫一扫！
一个自主开放的互联网根域名解析体系
张宇¹, 夏重达¹, 方滨兴^1,2, 张宏莉¹
0 字体:加大+\|默认\|缩小-
(1.哈尔滨工业大学计算机科学与技术学院计算机网络与信息安全技术研究中心, 哈尔滨中国 150001;2.东莞电子科技大学电子信息工程研究院, 东莞中国 523808)

摘要:

域名系统（Domain Name System，DNS）的中心化根解析体系蕴含着权力滥用风险，对互联网的开放与平等形成威胁。本文提出了一个新的自主开放根解析体系，与现有DNS兼容的同时，从结构和机制两方面对权力滥用予以威慑。首先，针对域名唯一性与去中心化之间矛盾，提出了授权与解析分离机制，在保留单一根权威的条件下，实现解析服务去中心化。接着，针对中心式结构风险，提出建立国家根与根联盟，通过自治与合作实现权力制衡。然后，分析了新体系防范风险的有效性以及在当前DNS基础之上的增量，并讨论新体系所具有的自主、开放、平等、透明性质。最后，对新体系的安全性进行分析并给出了一个原型系统。

关键词: 域名系统根去中心化互联网治理

DOI：10.19363/j.cnki.cn10-1380/tn.2017.10.005

投稿时间：2016-07-15修订日期：2017-05-22

基金项目:广东省产学研合作项目"广东省健康云安全院士工作站"（No.2016B090921001），国家重点基础研究发展计划（"973"计划）（No.2011CB302605，No.2013CB329602），国家自然科学基金（No.61202457，No.61402149）资助。

An Autonomous Open Root Resolution Architecture for Domain Name System in the Internet

ZHANG Yu¹, XIA Zhongda¹, FANG Binxing^1,2, ZHANG Hongli¹

(1.Research Center of Computer Network and Information Security Technology, Department of Computer Science and Technology, Harbin Institute of Technology, Harbin 150001, China;2.Institute of Electronic and Information Engineering in Dongguan, University of Electronic Science and Technology of China, Dongguan 523808, China)

Abstract:

The current DNS (Domain Name System) root resolution architecture has the risk of power abuse which posts threats on the openness and equality of the Internet. This paper presents a new DNS-compatible autonomous open root resolution architecture to effectively prevent the power abuse from the perspectives of structure and mechanism. First, aiming at the dilemma between the name uniqueness and decentralization, we propose the separation of delegation and resolution to decentralize resolution service while keeping a single root authority. Then, to cope with the risk in the centralized structure, we propose a structure with country roots and inter-root to provide power balancing. We analyze the effectiveness of the new architecture against the abuse threats and the changes on current DNS. We discuss the autonomy, openness, equality and transparency of the new architecture. We also analyze the security of the new architecture and implement a prototype.

Key words: Domain Name System root decentralization Internet governance