The Research Of DNS Security Detection Technology

Domain Name System is a multilevel, distributed database, TCP/IP based application. It provides the mapping between domain names and IP addresses, and is the base of communication between clients and servers. Also, it is the base of various Internet applications, such as Email, www, FTP and so on.In recent years, along with the increase of the Internet application and business, network attacking is becoming more and more frequent, DNS system also suffered a list of attacks. Many security problems appear, for example, the mapping relation between domain name and IP address altered, hosts under spoofing attacks, DNS Server cache poisoning, zone information leaking. As the critical and fundamental Internet service, once DNS going wrong, the running of most Internet business will be affected. So DNS security issues get more attention.In this paper, we first introduce the development history and fundamental principles of DNS, and then discuss the security vulnerabilities in detail from three aspects: protocol, realization, and configuration. The work contains the cause of the emergence of the vulnerability, the adverse effect, and the attack process and characteristic, utilizing the specific vulnerability. Next, we propose a DNS security detection system. The system consists of two parts: the passive monitor module and the active detection module. Passive monitor module is that we monitor the data getting in and out of the server, in the server side. And so we can analysis the abnormal network traffic, check out the IP addresses which may start the attack, that provides the basis for the server configuration for safety. Active detection is that we can sends special messages to the DNS server detected in a casual host connected to Internet, according to the analysis of the response from the DNS server, we gain the background information, confirm the realization vulnerabilities and the possibility of the existing of the configuration errors. At last, we implement and check the system. The result shows that the system can run steadily, and detect partial DNS system vulnerabilities and possible attacks.It really has practical and operational significance.