Research On DNS Service Resources Measuring And Mapping Technology

DNS(domain name system)service resources constitute a highly important infrastructure of the Internet.The mapping of DNS service resources,namely the identification and detection of DNS servers,can help understand DNS in-depth,allocate DNS service resources more reasonably,and counter DNS security threats better.At present,the research of DNS service resources mapping still faces challenges.The existing DNS server identification methods judge types according to the fields in the DNS packages with inadequate effects.And the existing DNS server detection methods simply employ either active or passive methods,which perform insufficiently with regard to comprehensiveness.Therefore,DNS server identification and DNS server detection are studied in this thesis,two innovations included:1)DNS server identification method based on long-term behavior characteristicsThe long-term characteristics are brought in and machine learning models are applied in this method.Compared to traditional mode of mainly focusing on the fields specified in the protocol,this method stresses the observation and analysis of the long-term behavior characteristics of DNS service,the stability in terms of transforming them into long-term service,and thereby higher accuracy of DNS server identification.In the first instance,long-term behavior features of DNS servers are extracted which include traffic feature,discrete feature of user IPs,and discrete feature of domain names by means of observing and analyzing DNS traffic in the backbone network.Then,these features are integrated with traditional features,and feature selection is applied.Eventually,a variety of classifiers are employed to build the model,and the best classifier therein is singled out by comparison.The result of the experiment shows that such method can obtain higher accuracy,precision rate,recall rate,and F1 score,in which AUC value hits more than 0.94,the accuracy and recall rate can reach 94%,and the F1 score is also up to 0.9.2)Research on combination of active and passive DNS server detection methodsThis method employs both the active DNS server detection method and the passive DNS server detection method.In the first place,DNS server information is collected in a passive manner and DNS response data is analyzed to acquire DNS server information.Then,the nationwide IP addresses are scanned for DNS detection to obtain DNS server information.Moreover,the active detection method is improved by introducing the multithreading asynchronous method,which lifts detection speed by approximately 53%.Finally,the results of active method and passive method are summarized.The experimental results demonstrate that the combination of passive method enhances the accuracy of detection results by 22%,and raises the results by 9.9%compared with active detection.Finally,a DNS server information query system based on the above researches is constructed.The system has detected more than 3 million DNS servers in China,consisting of more than 2 million recursive DNS servers and more than 900 thousand authoritative DNS servers.These data provide reference and support for further DNS researches.