Research On Real-Time Monitoring DNS Domain Security

DNS (Domain Name System) as an important component of internet. DNS's mainly function is transfer domain names and IP resolution. How to ensure the security of the DNS system has long been an important problem. According to a recent DNS security event statistics, There're two sides problems are most important security issues of DNS. The first is DNS denial of service attacks; the second is the DNS domain name spoofing attacks.To solve the two attacks, this paper make a way to research the problem based on three layers of protection and deep studied from the application. It also create a system to protect three classes of DNS attacks which include massive attack monitoring protection, malformed packet attacks monitoring protection and DNS cache poisoning monitoring protection. According to the research, this paper design a DNS security system.Through the testing, achieved good test results in the actual test.The main research topics are:1. The detailed analysis of the DNS denial of service attacks and domain spoofing features, and explore new methods of defense against this type of attack.2. To against the DDoS DNS attacks, this topic tell how to use an method which is Deep Packet Inspection technology (DPI) to monitor and protect DNS request packets.3. For DNS massive denial of service attacks, the monitoring and analysis use a method about multiple dimensions.4. This topics creatively process attack packets based on routing hops manner and different processing levels.5. For DNS domain spoofing attacks, The system support to use DNSSec module and a way to monitor hot domains. The system provide a way to defense popular domain cache poisoning and pharming attacks.The system has an effectly online testing in Sichuan Mobile DNS network. Tests show that:in the case of simulation of a variety of means of attack, the system can make an effective defense measures, the system effectly detected attack traffic and recover, and ensure the of the DNS system was running effectivly and reliability. For carriers, this system has a high social and economic value.At the same time, the system has a high replicability because it is based on bypass deployment, without changes to the existing network DNS system, easy to implement. The other side, the system use a DPI acquisition model. It is also usefull for the other popular types of attacks, it can take full advantage over other areas of protection systems.