The Design & Research Of DNSSEC Based On Multi-trust Model

Nowadays, the DNS protocol is one of the services which are widely used in the Internet. But, at the beginning of developing the DNS protocol, its security was not considered at all. As the service is widely used, many aspects, such as performances and applications about the Internet are more influenced by the security from the DNS protocol. In order to solve entirely the security which is faced by the protocol, a scheme which is synthesized from many authentication mechanisms is provided for the implementing the DNSSEC procotols in this paper.The thesis first analyse the principle of the DNS procotol and study the DNSSEC protocols in details, based on the principle and security of DNS protocol, and according to the still anylysises to the researchs about DNSSEC protocols. According to the research of the DNSSEC protocols based on the tust chain mechanism and public key cryptography mechanism, a method managing the key, datagram ,and many fields such as and resource record, are designed in details. Based on the analysis of trust chain mechanism and public key cryptography, a scheme about DNSSEC is provided and its procedure is analysed completely, and according to the detailed analysis and research about many different trust menchnaism, a comprehensive scheme is provided based on the sysmmetric key cryptography, PKI and empowering authentication for satisfying the efficiency for secure name search and the difference of many zones;.According to the secheme provided in this paper, the process which the DNSSEC protocols run is modeled, many datas are tested in the different environments, and then the analysis is done about the effierency and feasibility and security in details. The performance is compared about the three trust mechnasim, and the suitable advices are provided, such as using the different trust mechanism in the different circurmstances.The design and research of DNSSEC under multi-trust model is improved on the DNSSEC approach only based public key.It makes great efforts to satisfy the requirement of multiplicity demands in broad area and advance efficiency of the security domain name acquirements.