Root name server (English: root name Server ) is the Internet Domain Name System (DNS) in the highest-level domain name server is responsible for the return of top-level domain authoritative name server address. They are an important part of the Internet infrastructure, because all DNS operations are inseparable from them. Since the DNS and certain protocols (unfragmented User Datagram Protocol (UDP) packets in IPv4 the maximum effective size of 512 bytes ) of the common limit, the number of the root name server addresses is limited to 13. Fortunately, using anycast technology to set up the mirror server to resolve the problem and make the number of root name server is actually running greatly increased. As of August 2019, the global total of more than a thousand root DNS.
There are 13 sets of global Internet DNS root servers
United States VeriSign's two network management organization IANA (Internet Assigned Number Authority) 1 Taiwan European Network management organization RIPE - the NCC (Resource IP Europeens Network Coordination Center) 1 set US PSINet company Taiwan United States ISI (Information Sciences Institute) 1 Taiwan United States ISC (Internet Software Consortium) 1 Taiwan University of Maryland (University of Maryland) 1 station NASA (NASA) 1 sets the United States Department of Defense 1 set US Army Research Institute of Taiwan Nuewei NORDUnet 1 Taiwan Riben WIDE (Widely Integrated Distributed Environments) research Taiwan plans
China has a total of mirror root-server 10
JKFL four mirror image
10 using DNS to access said anycast manner:
任播(英语:anycast)是一种网络定址和路由的策略,使得数据可以根据路由拓扑来决定送到“最近”或“最好”的目的地。
任播是与单播(unicast)、广播(broadcast)和多播(multicast)不同的方式。
在单播中,在网络地址和网络节点之间存在一一对应的关系。
在广播和多播中,在网络地址和网络节点之间存在一对多的关系:每一个发送地址对应一群接收可以复制信息的节点。
在任播中,在网络地址和网络节点之间存在一对多的关系:每一个地址对应一群接收节点,但在任何给定时间,只有其中之一可以接收到发送端来的信息。
DNS 常用攻击方式
当前针对域名系统的攻击手段多种多样,总结起来主要包括以下三类:
一是分布式拒绝服务攻击(DDOS)。由于域名系统协议存在体系开放、无认证、无连接和无状态等特点,使其更易受到分布式拒绝服务攻击。针对域名系统的分布式拒绝服务攻击主要采用基于正常域名请求、反弹式、大流量阻塞等三种途径。
二是DNS欺骗攻击,通过技术手段向缓存域名服务器注入非法域名解析记录,当用户向被攻击的缓存域名服务器提交域名请求时,将会返回攻击者预先设定的IP地址。
三是域名劫持攻击[3],攻击者控制域名管理密码和域名管理邮箱后,将该域名的NS纪录指向到攻击者可以控制的DNS服务器,然后通过在该DNS服务器上配置相应域名纪录,使用户访问该域名时,实际指向攻击者预先设定的主机。
网域服务器缓存污染(DNS cache pollution)
DNS hijacking is through hijacking the DNS server, acquire control of a domain name resolution records by some means, and then modify this domain analytical results, leading to access to the original IP address of the domain name transferred to the specified IP modified its the result is not access or access to a particular Web site is a fake website in order to achieve the purpose of stealing data or damage to the original normal service. DNS hijacking to achieve returns an error to the user's query results by tampering with the data on the DNS server.
DNS poisoning is a way for the average user to obtain false because the destination host IP method can not communicate, is a DNS cache poisoning attack (DNS cache poisoning). The way it works is: As usual DNS queries without any authentication mechanism, and DNS query protocol is usually based on the UDP is a connectionless unreliable, so the DNS queries are vulnerable to tampering, intrusion by UDP DNS on port 53 queries request detection, and once found matching the keyword is immediately disguised as a target domain name resolution server (NS, Name server) returns a false result to the inquirer.