计算机与现代化

• 信息安全 • 上一篇    下一篇

面向权威DNS的数据一致性保障机制

  

  1. (中国互联网络信息中心,北京100190)
  • 收稿日期:2019-06-17 出版日期:2020-03-03 发布日期:2020-03-03
  • 作者简介:王骞(1986-),女,山东邹平人,工程师,硕士,研究方向:域名系统,E-mail: wangqian@cnnic.cn; 闫夏莉(1987-),女,工程师,硕士,研究方向:域名系统; 通信作者:叶崛宇(1983-),男,工程师,硕士,研究方向:域名系统; 张海阔(1981-),男,河北唐山人,工程师,博士,研究方向:计算机系统结构; 李真辉(1973-),男,高级工程师,硕士,研究方向:软件工程,自动化测试。
  • 基金资助:
    国家自然科学基金资助项目(61303242)

Data Consistency Mechanism for Authoritative DNS

  1. (China Internet Network Information Center, Beijing 100190, China)
  • Received:2019-06-17 Online:2020-03-03 Published:2020-03-03

摘要: 作为分布式系统,权威DNS服务采用多副本数据存储和多节点服务模式,对解析数据的一致性提出了要求,拜占庭容错问题成为权威DNS的关键问题。针对权威系统特征,提出一种DNS数据一致性保障机制。借鉴PBFT算法,基于自行设计的数据一致性校验和,在节点数据同步过程实施数据协商方案,排除拜占庭节点的影响,保障解析节点获得一致的可信数据。解析数据一致性分析结果表明,保障机制在不可信环境下能有效降低解析数据不一致概率,增强了权威DNS解析服务的可靠性。

关键词: 权威DNS, 分布式系统, 数据一致性, 校验和, 拜占庭容错

Abstract: As a distributed system, authoritative DNS service adopts multi-copy data storage and multi-node service mode, which puts forward requirements on the consistency of resolution data. Byzantine fault tolerance becomes the key problem of authoritative DNS. According to the characteristics of authoritative system, this paper presents a DNS data consistency mechanism. Based on PBFT algorithm and self-designed data consistency checksum, in the process of node data synchronization, the data negotiation scheme is implemented to eliminate the influence of Byzantine node, and ensures the analytic node to obtain consistent and reliable data. The results of consistency analysis of analytic data prove that in the untrustworthy environment, the guarantee mechanism can effectively reduce the probability of inconsistency of resolution data, and enhance the reliability of authoritative DNS.

Key words: authoritative DNS, distributed system, data consistency, checksum, Byzantine fault tolerance

中图分类号: