| With the fast development of the internet, people's life and work become more and more easy. However, the breaking security events warn us that the internet is far more weak than we thought. As the basic internet infrastructure, DNS (Domain Name Service) systems are irreplaceable to insure the regular service of the internet. The security state of the DNS is the base of the security and efficiency of the internet, so it's crucial to research on the security of the DNS.Because of the insufficient considering on security issues, the DNS protocol has some crisis weakness since it's designed, which leads to today's all kinds of threatens. In this article, we concisely introduced the system structure and the working principle of DNS. Then detailed analysis of existing vulnerability in DNS system was given from aspects of design, implementation and operation respectively. Attacks are also introduced according to the corresponding vulnerability.The attacks towards DNS systems are frequently reported, in which the flow attacks are most harmful, so in chapter three, we proposed or improve some detect method for DNS flow attacks in the anomaly detect aspect. After that, to augment the detect object and to consummate the detect result, i proposed a CDM (Combination Detect Modal) with the integrating of the misuse detect method, which could serve as a full security detect platform for DNS.In the last chapter, we consider a particular scene that in some irresistible reason, the DNS systems out of our country could not serve domestic users, In which case, we must take over the DNS answer service to insure the regular internet service. We proposed a DNS Emergency Response Modal to cope with above problem. |
PDF Full Text Request