Research On Enterprise DNS Security Scheme Based On Blockchain Technology

The domain name system is the core infrastructure of the Internet.It is responsible for converting boring Internet Protocol Address(IP)addresses into userfriendly domain names.It is an indispensable prerequisite for the normal operation of the Internet and the realization of network applications.However,because the Domain Name System(DNS)adopts a centralized design method,the domain name resolution requests from the bottom layer inevitably need to be queued up in the domain name server for a response,which brings additional delay to application access.To solve this problem,the domain name resolution uses a caching mechanism to cache the recently resolved domain name records in the local DNS server for a period.Subsequent DNS domain name resolution directly through the local DNS server cache resolution,thereby greatly improving the efficiency of DNS domain name resolution.Studies have shown that 80% of DNS queries can be hit in the local DNS server,but there is still no effective solution to solve the security problem of the local DNS server.Although the Internet Engineering Task Force(IETF)released RFC2535 as early as 1999,and proposed a Domain Name System Security Extensions(DNSSEC)solution based on public key cryptography,DNSSEC still faces many difficulties in large-scale deployment.The main content of the paper is as follows:(1)This article proposes a solution that combines blockchain technology with an enterprise-level DNS cache server.This solution can safely implement enterpriselevel DNS services.The enterprise-level DNS cache server is built on the blockchain and can be used to process DNS requests from users on the LAN.All nodes on the blockchain are equipped with a load balancing mechanism and provide domain name resolution services in turn.Even if the attacking adversary can capture the network address of the blockchain node at a certain moment and initiate a Distributed Denial of Service(DDo S)attack,the remaining nodes can continue to provide domain name resolution services instead of them to improve the availability of the system.(2)This article proposes a two-round verification mechanism for domain name records to achieve the legality verification of domain name records.Multiple domain name server nodes in the corporate LAN initiate domain name resolution requests to different public DNS servers and reach consensus through smart contracts within a specific time.The experimental results show that the mechanism can solve the problem of DNS spoofing caused by single-source domain name resolution.(3)This article proposes a solution for storing domain name records using blockchain,and develops domain name contracts as an interface for storing and querying domain name records.Through the test of domain name resolution efficiency,it has been proved that when the domain name cache hits,the query delay of this experimental system is 5ms higher than that of the baseline system;in the case of cache misses,the experimental system in this paper is 100 ms lower than the baseline system query delay.In summary,this paper uses blockchain technology to build a new type of enterprise-level DNS cache server that can effectively solve a series of security issues such as single point of failure,DNS pollution,and vulnerability to DDo S attacks.