域名服务器(DNS)镜像技术是提升DNS 系统安全性、稳定性和解析性能的重要方法。以CN 镜像服务器的实测数据为例, 采用主动测量法, 主动向被探测的网络或者对象发送特定的数据包, 根据响应时间和应答数据包分析研究对象的网络特征, 以此评估CN 权威服务器的选址效果。结果显示, 镜像技术使全球各地都能提供较好的CN 解析服务, 虽然服务效果存在地理上的差异性, 但与CN 节点的部署实际情况相符。该效果评估方法能够为节点部署提供可靠的决策依据, 有助于DNS 节点高效有序的规划建设。
DNS(domain name server)is one of the most important basic facilities of Internet. The technique of DNS mirror is a key solution to improvinge DNS system's security, stability and analyticity. In this article, we develop a new solution to evaluation and optimization of the global CN DNS mirror distribution. We send a certain data package to the target server and calculate the response time for analysis of the scanned server's behavior. User's experiences that CN DNS servers' performances vary due to geographic differences are considered in our study. The solution can provide reliable suggestion to DNS distribution for a more efficient and orderly plan.
[1] Mopetckaris P. Request for coments 1034: Domain names- concepts and facilities[S]. Washington DC: The Internet Engineering Task Force, 1987.
[2] Hardie T. Request for coments 3258: Distributing authoritative name servers via shared uni-cast addresses[S]. Washington DC: The Internet Engineering Task Force, 2002.
[3] 王伟, 李晓东, 孙国念. 域名镜像服务器部署分析[J]. 计算机工程与应 用, 2008, 44(7): 161-163. Wang Wei, Li Xiaodong, Sun Guonian. Analysis of DNS mirror server [J]. Computer Engineering and Application, 2008, 44(7): 161-163.
[4] Sarat S, Pappas V, Terzis A. On the use of anycast in DNS[C]// Proceedings of 15th International Conference on Computer Communications and Networks. Arlington Virginia: IEEE Xplore, 2006: 71-78.
[5] 邓光青, 孔宁, 王胜开, 等. 一种基于网络测量的DNS节点选址方法: 中国, 103491202A[P]. 2015-03-23. Deng Guangqing, Kong Ning, Wang Shengkai, et al. A solution of DNS node selection based on network detection: CN, 103491202A[P]. 2015- 03-23.
[6] Liang J J, Jiang J, Duan H X, et al. Measuring query latency of top level DNS servers [C]//Proceedings of 14th Passive and Active Measurement Conference. Hong Kong: Lecture Notes in Computer Science, 2013, 7799: 145-154.
[7] 王垚, 胡铭曾, 云晓春, 等. DNS权威名字服务器性能与安全性的研究 [J]. 通信学报, 2006, 27(2): 147-152. Wang Yao, Hu Mingzeng, Yun Xiaochun, et al. Research on DNS authoritative server's performance and security[J]. Journal on Commuication, 2006, 27(2): 147-152.
[8] 胡鹏. DNS 服务质量评价模型研究[D]. 哈尔滨: 哈尔滨工业大学, 2012. Hu Peng. Research on the evaluation model of the service quality of DNS[D]. Harbin: Harbin Institute of Technology, 2012.
[9] 杜跃进, 张兆心, 王克, 等. 基于用户感知的DNS解析网络性能测量 技术[J]. 南京航空航天大学学报, 2013, 45(1): 110-115. Du Yuejin, Zhang Zhaoxin, Wang Ke, et al. Performance measurement technology of DNS resolution network based on user perception[J]. Journal of Nanjing University of Aeronautics & Astronautics, 2013, 45 (1): 110-115.
[10] Georgios Kambourakis, Tassos Moschos, Dimitris Geneiatakis, et al. Etecting DNS amplification attacks[C]// Proceedings of Critical Information Infrastructures Security, CRITIS 2007. Málaga, Spain: Lecture Notes in Computer Science, 2008, 5141: 185-196.
[11] Peter Eckersley, Jesse Burns. An observatory for the SSLiverse[R/OL].[2010-07-10]. https://www.eff.org/files/defconssliverse.pdf
