| With the evolution of information technology and popularization of computers, Internet has gone deep into every corner of the social life. As the network environment becomes more complex and busier, the network infrastructure is working under much larger pressure than before. But the network infrastructure has also disadvantages. Some of the network protocols didn't take security into their consideration when they were designed. Nowadays, the increasing security events let us realize the importance of the network infrastructure. The performance and security of the network infrastructure has become the focus of more scientific researchers. In this thesis, our research focus on the performance tunning and security issues of DNS systems. We investigate the performance of the Server Selection algorithm in existed DNS systems and proposed a substitution algorithm. We also investigate the performance of the substitution algorithm. Besides that, we investigate several kinds of popular DNS attack methods, and proposed some defence schemes to resist these attacks and improve the robustness of the DNS system.Server selection algorithm is the key algorithm for a DNS system while handling iterative queries. Among all quesries sent to DNS system, the proportion of iterative query is larger than 30%, so the performance of server selection algorithm directly affects the performance of a DNS system. The existing server selection algorithms are briefly reviewed and both advantages and disadvantages of these algorithms are described. Then, an improved AR(1) model is proposed. Through this new model, the response time of a DNS server can be dynamic predicted using previous response time series. This new model can efficiently avoid performance fluctuation and lost due to network congestion and short-time system failure. At the same time, the application scope of AR(1) model is broadened by the new model and is suitable for all DNS system.MITM attack, cache poisoning attack, DoS attack, etc, are major attacks which the DNS system encounters. Due to the instinct security weakness of the DNS protocol and low deployment rate of the DNSSEC protocol, there are no efficient means to elimate these attacks. In this thesis, we analyse the reason of the vulnerability of DNS system, and we analyse two typical attacks and propose some defence schemes to resist these attacks, which improves the security and robustness of the DNS system. |
PDF Full Text Request