| With the rapid development of the Internet and the continuous expansion of the network size,the network attacks of DNS taking advantage of its vulnerability have brought huge damage to the state,enterprises and individuals.The security of DNS is being challenged,and the preferable way to eliminate these secure problems is deployed DNSSEC in DNS.At present,DNSSEC is deployed in DNS server to provide data authentication interface.However,the security problem of DNS has not been straight effectively resolved in respect that the lack of support for DNSSEC in resolver of clients.This paper mainly discusses the DNSSEC protocol based on trust chain mechanism and public key authentication mechanism.Refer to the latest development trends of DNSSEC at home and abroad,a thorough study of DNSSEC architecture and DNS security protection is done.The existing DNSSEC architecture is improved and a safe and practical DNS security system is designed.The main contents are as follows:Firstly,the security architecture of DNS based on end-to-end trust mechanism is proposed.In order to protect the DNS data security of the whole communication links that client to the server,this architecture extends the DNSSEC protocol to the client,and realizes the end-to-end trust in DNS query.Ultimately put an end to the DNS cache poisoning and Man-in-the-Middle attack and so on.Second,design and implementation of the end-to-end trust DNS security system.This system not only can provide the verification of client DNS data,but also can provide DNS and DNSSEC visualization configuration and data maintenance to the server based on Web.It greatly simplifies the DNS data management and DNSSEC key distribution process,and has brought great convenience to the management of DNS. |
PDF Full Text Request