Design And Implementation Of DNS Structure Vulnerability Assessment System Based On Domain Name Resolution

With the rapid development of the Internet, DNS has become the coreinfrastructure of the Internet, and its security and reliability have direct influence onthe service quality of the Internet. Therefore, the study on DNS security has becomemore and more important. As is well known, DNS protocol has been designed to besimple without essential security mechanism. Besides, the popular domain nameresolving softwares have multiple security vulnerabilities for the reasonof inadequate level of safety coding standards. What’s more, DNS structure iscomplex that makes it difficult for the administrators to manage and configure. Allissues above are great threats to the DNS security.This paper focuses on the domain name dependencies in the domain nameresolution process and quantifies the dependencies model. It locates the keyprotection area and dedicates to studying the DNS structure vulnerability assessmentmethodology. The main research content includes the following four parts.Adopting the domain name dependencies as the basic data, this paper analyzesthe DNS work principle in order to study the domain name resolvable issues. Usingthe first-order predicate logic theory, it abstracts the condition sets for the domainname to be resolved and to be unresolved, which associates the resolvable issueswith the state of name servers in the domain name system accurately.This paper proposes a quantitative approach based on the directed relationalnetwork. This approach turns the domain name dependencies into a dependencygraph, and uses a directed edge weight to measure dependence level of the domainname dependencies.Using the node importance as the metric, this paper proposes a method toabstract the core domain sets and key name server sets, which quantifies theimportance of each node and thus figures out the key protection area sets.This paper proposes a method to assess the vulnerability of the DNS structure,which combines static influence and dynamic influence. By removing the nodes tosimulate the network attacks to the name servers and quantifying the impact, thestatus of the DNS, in case of some name servers fails, can be analized.In summery, relying on the domain name dependencies, this paper hascompleted four research issues above, designed and implemented the DNS structurevulnerability assessment system. Besides, this paper introduces the design idea,implementation method, and the analysis of the test results in detail.