基于Sketch的重要DNS查询缓存方法  

作　　者：郝逸航 刘紫千[1,2] 常力元 佟欣哲[1,2] 杨成 孙琦 郭俊言[1,2] HAO Yihang;LIU Ziqian;CHANG Liyuan;TONG Xinzhe;YANG Cheng;SUN Qi;GUO Junyan(China Telecom Co.,Ltd,Beijing,100001,China;China Telecom Network Security Technology Co.,Ltd,Suzhou 215131,China)

机构地区：[1]中国电信股份有限公司,北京100001 [2]天翼安全科技有限公司,江苏苏州215131

出　　处：《网络与信息安全学报》2024年第5期95-106,共12页Chinese Journal of Network and Information Security

基　　金：国家重点研发计划(2022YFB3103004)。

摘　　要：在网络信息技术快速发展背景下,域名系统作为互联网应用的入口,其性能和安全对网络服务的质量尤为关键。然而,从缓存的角度来看,当前域名解析器的域名缓存项管理机制尚不完善。为此,提出了一种基于Sketch技术的域名缓存管理方法,创新地引入了“重要度”评估指标,将网络测量方法应用于缓存管理,实现对缓存项的时间和频率两方面特征的综合度量,满足动态划定重要域名需求。实验结果表明,该缓存方法能够从真实网络环境产生的海量域名查询请求中,针对性地将重要域名添加到缓存予以保护,平均解析时间相比现有域名缓存解决方案减少超过18%。所提方法不仅能够对域名缓存实施更灵活的操作,提高域名系统的用户侧可用性和管理侧可维护性,更为域名缓存管理的研究提供了新的视角和解决方案。With the rapid advancement of networking technology,DNS(domain name system),acting as the first step for most network behaviors,plays a vital role in assuring service quality through its capability and security.However,the current DNS resolvers lack effective mechanisms for cache item protection and eviction.Addressing this lacuna,a method for DNS cache oversight based on the principles of sketch technology was proposed."Significance"was elegantly integrated as a novel evaluative indicator,and network measurement strategies were adopted into cache management.Consequently,a holistic benchmark that encapsulated both temporal and frequency characteristics for dynamically demarcating items’significance was culminated.The experimental results,which were based on a substantial amount of real-world network traffic data,demonstrated that the proposed method offered protection for significant domain names,hastening their resolution by an average of 18%relative to conventional DNS paradigms.The usability for end-users was augmented by this strategy,as was the maintainability for Internet Service Providers(ISPs),while the scope for ongoing research in the realm of DNS cache management was simultaneously expanded.

关 键 词：域名服务 缓存性能优化 SKETCH 域名查询更新 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]