| With the rapid development of computer and network technology, the Internet is becoming popular in the world. Domain Name System has a vital impact on people’s network life as the important infrastructure of the Internet. Providing DNS services for users, DNS recursive server is a domain name server for the Internet users, and its performance and security are directly related to timeliness and accuracy of data which the user access to. Therefore, how to improve the performance and security of DNS recursive server has become the focus of the research in DNS field.In this paper, based on research of DNS working principle and security issues, event handling model, domain name control model, domain name resolution model and security model are presented, and a DNS recursive server with control function is designed and implemented. This system can provide high-speed, stable and security DNS service for users. Firstly, an event handling model is proposed, which uses I/O reuse model to detect client connection, receive data and write to the buffer, which is used for data transfer between I/O model and worker threads. Multiple threads are created to read data from the buffer and execute message pretreatment. Secondly, a domain name control model is proposed, which creates highly effective index for database, and the domain name is quickly judged. The query requests for malicious domain name are effectively controled according to the control strategy. The query requests for normal domain are processed by the resolution module. Then, a domain name resolution model is proposed, which construct twolevel caching. In the process of domain name resolution, the query domain name corresponding to the type of resource record data and each region of the authoritative server address data are cached. SRTT algorithm is used to select one from a number of authoritative servers in iterative lookup. Finally, a security model is proposed, which has two security features of source IP access control and key domain name protection. Source IP access control detects and controls the IP address of the attacker, which can avoid denial of service attacks. Key domain name protection monitors and protects the result of domain name resolution, which can prevent cache pollution.In conclusion, based on the study of DNS performance and security, this paper has designed and implemented four models above, a DNS recursive server with control function is completed. The system test results show that the system meet the design goal. |
PDF Full Text Request