[关键词]
[摘要]
DNS为互联网应用提供名字解析服务,是互联网的重要基础服务设施.近年发生的互联网安全事件表明DNS正面临严峻的安全威胁.DNS的安全脆弱性主要包括:协议设计脆弱性、技术实现脆弱性和体系结构脆弱性.针对上述脆弱性,对DNS协议设计、系统实现、检测监控和去中心化等方面的最新研究成果进行了归纳和总结,并且对未来可能的热点研究方向进行了展望.
[Key word]
[Abstract]
As a vital infrastructure of the Internet, DNS provides name resolution services for Internet applications. Major Internet incidents in recent years indicate that DNS is facing serious security threats. The vulnerability of DNS can be divided into three categories:protocol design vulnerability, technology implementation vulnerability, and architecture vulnerability. In view of the above vulnerabilities, the latest research achievements on DNS security enhancement are summarized which include protocol design, system implementation, DNS monitoring and DNS decentralization. Some possible future research hotspots and challenges are also discussed.
[中图分类号]
[基金项目]
国家自然科学基金(61976064,61672020,61572513);国防科技创新特区项目(18-H863-01-ZT-005-027-02);装备预研重点实验室基金项目(61421030203)