技术领域technical field
本发明涉及区块链技术领域,特别是涉及一种基于联盟链的DNS资源记录的去中心化存储系统及其实现、信息检索方法。The invention relates to the technical field of blockchain, in particular to a decentralized storage system based on a DNS resource record of a consortium chain, its implementation, and an information retrieval method.
背景技术Background technique
当前DNS(Domain Name System,域名系统)系统的体系结构是一种中心化的层级结构,DNS根服务器作为整个DNS系统的控制中心,负责DNS全局管理和解析,所有域名的解析和验证都需要DNS根服务器参与,这种体系结构一方面增加了根服务器的处理负担,另一方面存在单点故障隐患。当根服务器不可访问或者发生故障时,,将导致整个互联网域名系统瘫痪。The architecture of the current DNS (Domain Name System, Domain Name System) system is a centralized hierarchical structure. As the control center of the entire DNS system, the DNS root server is responsible for the global management and resolution of DNS. The resolution and verification of all domain names require DNS The root server participates in this architecture. On the one hand, this architecture increases the processing burden of the root server, and on the other hand, there is a potential single point of failure. When the root server is inaccessible or fails, the entire Internet domain name system will be paralyzed.
现有中心化层级结构的DNS系统还存在单边控制隐患。目前13台根服务有10台位于美国,2台位于欧洲,1台位于日本,DNS服务器的分布和数目严重不均衡,导致网络空间主权存在严重的单边控制现象,主要包括两个方面:一是域名消失性风险。只需在根服务器中删除特定国家的顶级域名记录,并拒绝提供到该国家的域名注册就可以实现。二是拒绝访问风险。在根服务器及其镜像服务器中,拒绝来自某一国家顶级域名的解析请求。在根服务器中也可以设置对特定域名及其子集的访问策略,从而破坏该域名对应组织的网络主权。The existing centralized hierarchical structure of the DNS system also has hidden dangers of unilateral control. At present, 10 of the 13 root services are located in the United States, 2 are located in Europe, and 1 is located in Japan. The distribution and number of DNS servers are seriously unbalanced, resulting in serious unilateral control of cyberspace sovereignty, which mainly includes two aspects: 1. It is the risk of domain name disappearance. This can be done by simply deleting the country-specific top-level domain record in the root server and denying domain name registrations to that country. The second is the risk of denying access. In the root server and its mirror server, the resolution request from a certain country's top-level domain name is rejected. The root server can also set access policies for a specific domain name and its subsets, thereby destroying the network sovereignty of the organization corresponding to the domain name.
基于PKI(Public Key Infrastructure,公开密钥基础设施)的DNS安全解决方案难以广泛部署。目前提出的DNS安全增强或替代方案大多基于数字签名和PKI基础设施,而这类方案需要修改DNS协议,无法和传统DNS系统保持兼容,因此难以大规模部署,例如:目前89%的顶级域名服务器部署了DNSSEC(Domain Name System Security Extensions,DNS安全扩展),但是二级域名部署率仅为3%,这使得DNSSEC在实际应用中难以发挥作用。此外,PKI基础设施本身就存在单边控制问题,难以在全球范围部署。DNS security solutions based on PKI (Public Key Infrastructure) are difficult to deploy widely. Most of the proposed DNS security enhancements or alternatives are based on digital signatures and PKI infrastructure. However, these solutions need to modify the DNS protocol and cannot be compatible with the traditional DNS system, so it is difficult to deploy on a large scale. For example, 89% of top-level domain name servers are currently DNSSEC (Domain Name System Security Extensions) is deployed, but the deployment rate of second-level domain names is only 3%, which makes it difficult for DNSSEC to play a role in practical applications. In addition, the PKI infrastructure itself has the problem of unilateral control, which makes it difficult to deploy on a global scale.
综上所述,由于DNS系统过于明显的中心化特征是造成DNS系统安全隐患难以根治的重要原因,为此,DNS去中心化成为了一个重要的发展方向。因此,本发明拟在不改变DNS协议的情况下,提出一种去中心化的DNS资源记录存储、检索和验证方法。To sum up, because the obvious centralization of the DNS system is an important reason for the difficulty of rooting out the hidden dangers of the DNS system, DNS decentralization has become an important development direction. Therefore, the present invention proposes a decentralized DNS resource record storage, retrieval and verification method without changing the DNS protocol.
发明内容SUMMARY OF THE INVENTION
为克服上述现有技术存在的不足,本发明之目的在于提供一种DNS资源记录的去中心化存储系统及其实现、信息检索方法,利用联盟链去中心化、数据分布式存储、不可篡改、集体维护的特点,实现基于联盟链的DNS资源记录去中心化存储和检索的目的,在不改变DNS协议的前提下,防止DNS资源记录被恶意篡改和伪造,提高DNS系统解析和验证效率。In order to overcome the above-mentioned deficiencies in the prior art, the purpose of the present invention is to provide a decentralized storage system for DNS resource records and its realization and information retrieval method, which utilizes alliance chain decentralization, data distributed storage, non-tampering, The characteristics of collective maintenance can achieve the purpose of decentralized storage and retrieval of DNS resource records based on the alliance chain. On the premise of not changing the DNS protocol, it can prevent malicious tampering and forgery of DNS resource records, and improve the efficiency of DNS system resolution and verification.
为达上述目的,本发明提出一种DNS资源记录的去中心化存储系统,包括:In order to achieve the above-mentioned purpose, the present invention proposes a decentralized storage system for DNS resource records, including:
链上存储层,利用智能合约存储DNS资源记录、索引外部存储中DNS资源记录以及溯源DNS资源记录;The on-chain storage layer uses smart contracts to store DNS resource records, index DNS resource records in external storage, and trace DNS resource records;
链下存储层,采用IPFS存储DNS资源记录,每个IPFS节点对应一个标识身份的哈希地址,将标识身份的哈希地址和记录信息的哈希值存储在区块链中,确保资源记录的真实性和完整性;The off-chain storage layer uses IPFS to store DNS resource records. Each IPFS node corresponds to a hash address that identifies the identity. The hash address that identifies the identity and the hash value of the record information are stored in the blockchain to ensure that the resource records are authenticity and integrity;
用户层,包括DNS管理员和DNS用户,DNS管理员负责DNS数据库信息注册和更新,同步DNS关键数据到外部存储中,并利用智能合约将DNS注册信息、更新信息、记录的哈希值、签名信息、外部存储链接地址写入区块中;DNS用户通过DNS客户端查询域名对应的资源记录,并且进一步根据域名对应的地址,查询区块链和外部存储中的记录,验证记录的真实性和完整性。User layer, including DNS administrators and DNS users, DNS administrators are responsible for registering and updating DNS database information, synchronizing DNS key data to external storage, and using smart contracts to register DNS registration information, update information, record hash values, and signatures Information and external storage link addresses are written into the block; DNS users query the resource records corresponding to the domain name through the DNS client, and further query the records in the blockchain and external storage according to the address corresponding to the domain name to verify the authenticity of the records and completeness.
优选地,所述链上存储层利用智能合约将域名信息的哈希值、资源记录签名、更新信息、外部存储链接、公钥信息写入区块中,并利用共识算法确保区块链网络中的每个节点中存储的记录相同,为资源记录提供真实性和完整性保证,所述区块链层还用于索引外部存储中关键DNS资源记录,利用智能合约将关键资源记录在外部存储中的链接地址和记录的哈希值存储在区块中,以将区块链和外部存储进行关联,所述区块链中区块按照时间顺序进行存储,每个区块中存储资源记录在外部存储中的地址、资源记录的更新记录信息,以通过所述区块链溯源某个域名的历史信息。Preferably, the on-chain storage layer uses a smart contract to write the hash value of the domain name information, resource record signature, update information, external storage link, and public key information into the block, and uses a consensus algorithm to ensure the blockchain network. The records stored in each node are the same, providing authenticity and integrity guarantees for resource records. The blockchain layer is also used to index key DNS resource records in external storage, and use smart contracts to record key resources in external storage. The link address and the hash value of the record are stored in the block to associate the block chain with the external storage. The blocks in the block chain are stored in chronological order, and the storage resources in each block are recorded in the external storage. The update record information of the addresses and resource records in the storage can trace the historical information of a certain domain name through the blockchain.
优选地,所述智能合约包括共识合约、关系合约、所有权合约、历史记录合约以及服务合约,通过该五种合约将DNS层级关系、资源记录、历史更新信息写入区块链中。Preferably, the smart contract includes a consensus contract, a relationship contract, an ownership contract, a history record contract, and a service contract, through which the DNS hierarchical relationship, resource records, and historical update information are written into the blockchain.
优选地,所述共识合约负责用户注册信息写入,所述关系合约负责存储DNS层级关系,所述所有权合约负责记录域名服务器所管理域名的具体信息,所述历史记录合约负责将包含DNS资源记录的DNS zone文件更新信息写入区块链中,所述服务合约负责记录域名服务器的服务记录。Preferably, the consensus contract is responsible for writing user registration information, the relationship contract is responsible for storing DNS hierarchical relationships, the ownership contract is responsible for recording specific information of domain names managed by the domain name server, and the history record contract is responsible for including DNS resource records The update information of the DNS zone file is written into the blockchain, and the service contract is responsible for recording the service records of the domain name server.
优选地,所述区块链中的每个节点经共识算法协商一致后,授权加入区块链网络,所述共识合约将用户注册信息写入区块链。Preferably, each node in the blockchain is authorized to join the blockchain network after being negotiated by a consensus algorithm, and the consensus contract writes the user registration information into the blockchain.
为达到上述目的,本发明还提供一种DNS资源记录去中心化存储系统的实现方法,包括如下步骤:In order to achieve the above object, the present invention also provides a method for implementing a DNS resource record decentralized storage system, comprising the following steps:
步骤S1,采用联盟链的方式构建区块链网络,利用智能合约对注册节点的注册申请进行处理,并通过共识算法经授权后将其加入所述区块链网络,通过智能合约将包含DNS资源记录的DNS zone文件写入所述区块链网络中,采取链上/链下相结合的方式进行管理,在链下将完整数据存储在外部存储中,在链上将域名资源记录的文件哈希值、外部链接地址、验证外部数据的公钥信息存储在区块链中,通过区块链保证DNS数据的真实性和完整性,同时利用外部存储系统扩展区块链的存储空间;In step S1, a blockchain network is constructed by means of a consortium chain, and a smart contract is used to process the registration application of the registered node, and after being authorized by a consensus algorithm, it is added to the blockchain network, and DNS resources are included through the smart contract. The recorded DNS zone file is written into the blockchain network, and managed by a combination of on-chain/off-chain. The complete data is stored in external storage off-chain, and the domain name resource records are stored on the chain. The value, external link address, and public key information for verifying external data are stored in the blockchain, the authenticity and integrity of DNS data are guaranteed through the blockchain, and the storage space of the blockchain is expanded by using an external storage system;
步骤S2,于数据更新时,通过服务器节点将要更新的资源记录同步链下存储,并将域名配置文件的链接地址、记录的哈希值、状态信息发送给服务合约,利用服务合约存储更新的域名信息,并生成历史合约,记录更新的状态和更新的内容。In step S2, when the data is updated, the resource records to be updated are synchronously stored off-chain through the server node, and the link address of the domain name configuration file, the hash value of the record, and the status information are sent to the service contract, and the updated domain name is stored by the service contract. information, and generate a history contract to record the status of the update and the content of the update.
优选地,步骤S1进一步包括:Preferably, step S1 further comprises:
注册节点向区块链网络提出注册申请;The registration node submits a registration application to the blockchain network;
共识合约将消息推送给投票池节点,进行确认;The consensus contract pushes the message to the voting pool node for confirmation;
投票池节点检查域名信息是否合法且未注册,若域名合法且未注册,则返回注册成功,否则返回注册失败;The voting pool node checks whether the domain name information is legal and unregistered. If the domain name is legal and unregistered, it will return the registration success, otherwise it will return the registration failure;
所述共识合约处理投票结果,若投票结果合法,则创建关系合约,否则丢弃注册信息;The consensus contract processes the voting result, and if the voting result is valid, a relationship contract is created, otherwise the registration information is discarded;
共识合约将注册消息转发给关系合约;The consensus contract forwards the registration message to the relationship contract;
关系合约将注册消息转给发对应的服务器节点;The relationship contract forwards the registration message to the corresponding server node;
上级服务器节点同意授权该节点,并将申请信息和自身签名发送给关系合约;The upper-level server node agrees to authorize the node, and sends the application information and self-signature to the relationship contract;
关系合约对注册信息和授权服务器签名进行编译,并创建服务合约;The relationship contract compiles the registration information and the authorization server signature, and creates a service contract;
关系合约将注册好的信息写入服务合约;The relationship contract writes the registered information into the service contract;
服务合约的地址返回给注册节点,注册节点利用服务合约进行域名信息操作。The address of the service contract is returned to the registration node, and the registration node uses the service contract to operate the domain name information.
优选地,所述方法还包括:Preferably, the method further includes:
在系统的开始阶段,所述共识合约为空,临时管理员节点根据需要添加初始节点,一旦有足够多的完整节点加入后,允许移除临时管理员,协商一致的过程按照共识算法执行。In the initial stage of the system, the consensus contract is empty, and the temporary administrator node adds initial nodes as needed. Once enough complete nodes have joined, the temporary administrator is allowed to be removed, and the consensus process is performed according to the consensus algorithm.
为达到上述目的,本发明还提供一种DNS资源记录的去中心化检索方法,包括如下步骤:In order to achieve the above object, the present invention also provides a decentralized retrieval method for DNS resource records, comprising the following steps:
步骤S1,端用户在检索域名信息时,向可信服务器发起查询请求;Step S1, when retrieving domain name information, the end user initiates a query request to the trusted server;
步骤S2,所述可信服务器查找缓存,若缓存没有命中,则向区块链中的服务合约发起查询请求,服务合约记录每个域名对应的服务器和外部链接地址;Step S2, the trusted server searches the cache, and if the cache is not hit, initiates a query request to the service contract in the blockchain, and the service contract records the server and external link address corresponding to each domain name;
步骤S3,所述服务合约将检索到的域名对应的zone文件的外部地址和记录哈希值返回给可信服务器;Step S3, the service contract returns the external address and record hash value of the zone file corresponding to the retrieved domain name to the trusted server;
步骤S4,所述可信服务器收到外部链接地址后,查询外部zone文件记录,并计算外部记录哈希和服务合约返回记录哈希作比较,以防止外部记录被篡改,若两个哈希值结果相同,可信服务器将检索到的信息返回给端用户。Step S4, after receiving the external link address, the trusted server queries the external zone file record, and calculates the external record hash and the service contract return record hash for comparison, so as to prevent the external record from being tampered with. With the same result, the trusted server returns the retrieved information to the end user.
优选地,所述方法还包括:Preferably, the method further includes:
对检索结果进行验证,将DNS中心化的验证方式,转为分布式验证方式,通过区块链技术,将DNS资源记录的验证变为查找集体维护的账本,利用签名机制和哈希算法保证查找链上记录的方式保证记录的真实性和完整性。Verify the retrieval results, convert the centralized DNS verification method to a distributed verification method, and use blockchain technology to transform the verification of DNS resource records into a collectively maintained ledger, and use the signature mechanism and hash algorithm to ensure search The way of on-chain records ensures the authenticity and integrity of records.
与现有技术相比,本发明提出了一种DNS资源记录的去中心化存储系统及其实现、信息检索方法,通过智能合约将DNS zone文件写入以太坊区块链中,采取链上/链下相结合的方式进行管理,在链下将完整数据存储在外部存储中,在链上将域名资源记录(RR)的文件哈希值、外部链接地址、验证外部数据的公钥信息存储在区块链中,通过区块链保证DNS资源记录的真实性和完整性,同时利用外部存储系统扩展区块链的存储空间,提高了系统可扩展性,本发明实现了在检索域名的同时验证域名,相比DNSSEC在得到检索结果后再进行域名验证的方式,缩短了验证路径和过程,提升验证效率。Compared with the prior art, the present invention proposes a decentralized storage system for DNS resource records and its implementation and information retrieval method. The DNS zone file is written into the Ethereum blockchain through a smart contract, and the on-chain/ It is managed in a combined way off-chain, and the complete data is stored in external storage off-chain, and the file hash value of the domain name resource record (RR), the external link address, and the public key information for verifying external data are stored on the chain. In the blockchain, the authenticity and integrity of the DNS resource records are guaranteed by the blockchain, and the storage space of the blockchain is expanded by using an external storage system, which improves the system scalability. The present invention realizes the verification of the domain name at the same time. Domain name, compared with DNSSEC's method of domain name verification after the retrieval results are obtained, the verification path and process are shortened, and the verification efficiency is improved.
附图说明Description of drawings
图1为本发明提出的DNS资源记录去中心化存储、检索和验证方法的结构示意图;1 is a schematic structural diagram of a DNS resource record decentralized storage, retrieval and verification method proposed by the present invention;
图2为本发明具体实施例中智能合约的示意图;2 is a schematic diagram of a smart contract in a specific embodiment of the present invention;
图3为本发明提出的DNS资源记录去中心化存储系统的实现方法的步骤流程图;Fig. 3 is the step flow chart of the realization method of the DNS resource record decentralized storage system proposed by the present invention;
图4为本发明具体实施例中联盟链的网络示意图;FIG. 4 is a network schematic diagram of a consortium chain in a specific embodiment of the present invention;
图5为本发明具体实施例中节点添加的过程示意图;5 is a schematic diagram of a process of adding a node in a specific embodiment of the present invention;
图6为本发明具体实施例中共识算法的流程图;6 is a flowchart of a consensus algorithm in a specific embodiment of the present invention;
图7为本发明具体实施例中数据更新过程的流程图;7 is a flowchart of a data update process in a specific embodiment of the present invention;
图8为本发明提出的DNS资源记录去中心化信息检索方法的步骤流程图;Fig. 8 is the step flow chart of the DNS resource record decentralized information retrieval method proposed by the present invention;
图9为本发明具体实施例中数据检索过程示意图;9 is a schematic diagram of a data retrieval process in a specific embodiment of the present invention;
图10为本发明具体实施例中基于区块链的DNS资源记录检索和验证过程示意图;10 is a schematic diagram of a blockchain-based DNS resource record retrieval and verification process in a specific embodiment of the present invention;
图11为本发明具体实施例中秘钥更新流程示意图;11 is a schematic diagram of a key update process flow in a specific embodiment of the present invention;
图12为本发明具体实施例中资源记录检索和验证过程示意图。FIG. 12 is a schematic diagram of a resource record retrieval and verification process in a specific embodiment of the present invention.
具体实施方式Detailed ways
以下通过特定的具体实例并结合附图说明本发明的实施方式,本领域技术人员可由本说明书所揭示的内容了解本发明的其它优点与功效。本发明亦可通过其它不同的具体实例加以施行或应用,本说明书中的各项细节亦可基于不同观点与应用,在不背离本发明的精神下进行各种修饰与变更。The embodiments of the present invention are described below through specific examples and in conjunction with the accompanying drawings, and those skilled in the art can understand other advantages and effects of the present invention from the contents disclosed in this specification. The present invention can also be implemented or applied through other different specific examples, and various details in this specification can also be modified and changed based on different viewpoints and applications without departing from the spirit of the present invention.
图1为本发明提出的DNS资源记录的去中心化存储系统的结构示意图。如图1所示,该DNS资源记录的去中心化存储系统,包括:FIG. 1 is a schematic structural diagram of a decentralized storage system for DNS resource records proposed by the present invention. As shown in Figure 1, the decentralized storage system of the DNS resource record includes:
链上存储层10,用于存储DNS资源记录、索引外部存储中关键DNS资源记录以及溯源DNS资源记录。具体地,链上存储层10利用智能合约将域名信息的哈希值、资源记录签名、更新信息、外部存储链接、公钥信息写入区块中,并利用共识算法确保区块链网络中的每个节点中存储的记录相同,为资源记录提供真实性和完整性保证,所述区块链层10还用于索引外部存储中DNS资源记录,即利用智能合约将关键资源记录在外部存储中的链接地址和记录的哈希值存储在区块中,以将区块链和外部存储进行关联,由于区块链中区块都是按照时间顺序进行存储,每个区块中存储资源记录在外部存储中的地址、资源记录的更新记录信息,因此通过区块链10可以溯源某个域名的历史信息。The on-chain storage layer 10 is used to store DNS resource records, index key DNS resource records in external storage, and traceable DNS resource records. Specifically, the on-chain storage layer 10 uses the smart contract to write the hash value of the domain name information, the resource record signature, the update information, the external storage link, and the public key information into the block, and uses the consensus algorithm to ensure the blockchain network. The records stored in each node are the same, which provides authenticity and integrity assurance for resource records. The blockchain layer 10 is also used for indexing DNS resource records in external storage, that is, using smart contracts to record key resources in external storage The link address and the recorded hash value are stored in the block to associate the blockchain with external storage. Since the blocks in the blockchain are stored in chronological order, the storage resources in each block are recorded in The update record information of addresses and resource records in external storage, so the historical information of a domain name can be traced through the blockchain 10.
链下存储层20,用于负责存储DNS资源记录。在本发明具体实施例中,链下存储层20采用IPFS(Inter Planetary File System,星际文件系统)外部存储系统,IPFS会保存每次DNS管理员提交的记录信息,每个IPFS对应一个标识身份的哈希地址,将标识身份的哈希地址和记录信息的哈希值存储在区块链中,确保资源记录的真实性和完整性。The off-chain storage layer 20 is responsible for storing DNS resource records. In the specific embodiment of the present invention, the off-chain storage layer 20 adopts the IPFS (Inter Planetary File System) external storage system, IPFS will save the record information submitted by the DNS administrator each time, and each IPFS corresponds to an identity Hash address, which stores the hash address that identifies the identity and the hash value of the record information in the blockchain to ensure the authenticity and integrity of resource records.
用户层30,主要包含两种用户:DNS管理员和搜索用户,其中DNS管理员负责DNS数据库信息注册和更新,同步DNS关键数据到外部存储中,并利用智能合约将DNS注册信息、更新信息、记录的哈希值、签名信息、外部存储链接地址写入区块中;DNS用户则利用DNS客户端查询域名对应的资源记录,对检索到的IP地址,查询区块链和外部存储中的记录,验证记录的真实性和完整性。The user layer 30 mainly includes two types of users: DNS administrators and search users. The DNS administrator is responsible for registering and updating DNS database information, synchronizing key DNS data to external storage, and using smart contracts to register DNS registration information, update information, The recorded hash value, signature information, and external storage link address are written into the block; DNS users use the DNS client to query the resource records corresponding to the domain name, and query the records in the blockchain and external storage for the retrieved IP address. , to verify the authenticity and integrity of the records.
为了方便DNS资源记录写入区块链中,本发明构造了5种智能合约,包括:共识合约(Consensus Contract,CC)、关系合约(Relationship Contract,RC)、所有权合约(Ownership Contract,OC)(图中未示出)、历史记录合约(History Contract,HC)、服务合约(Service Contract,SC)。通过这5种合约将DNS层级关系、资源记录、历史更新信息写入区块链中。为了使节点间的合约相互独立,合约只有通过已生成的合约才能创建。具体地,区块链层10所采用的智能合约如图2所示,所述智能合约如下所示:In order to facilitate the writing of DNS resource records into the blockchain, the present invention constructs five smart contracts, including: Consensus Contract (CC), Relationship Contract (RC), Ownership Contract (OC) ( Not shown in the figure), history contract (History Contract, HC), service contract (Service Contract, SC). Through these five contracts, the DNS hierarchical relationship, resource records, and historical update information are written into the blockchain. In order to make contracts between nodes independent of each other, contracts can only be created through generated contracts. Specifically, the smart contract adopted by the blockchain layer 10 is shown in Figure 2, and the smart contract is as follows:
(1)共识合约(CC):共识合约负责用户注册信息写入,共识合约各字段含义如下:(1) Consensus contract (CC): The consensus contract is responsible for writing user registration information. The meanings of the fields of the consensus contract are as follows:
Ethereum Addr:授权用户加入的以太坊地址Ethereum Addr: The Ethereum address to which users are authorized to join
Reponsible Domain:负责管理的域名空间Reponsible Domain: The domain name space that is responsible for management
User Type:用户类型,包括查询用户、域名申请者User Type: User type, including query users, domain name applicants
RC Addr:负责存储层级关系的合约地址RC Addr: contract address responsible for storing hierarchical relationships
区块链中的每个节点经共识算法协商一致后,授权加入区块链网络,共识合约将上诉信息写入区块链。After each node in the blockchain is negotiated by the consensus algorithm, it is authorized to join the blockchain network, and the consensus contract writes the appeal information into the blockchain.
对于用户注册过程,共识合约CC用于验证注册节点是否被重复注册,防止攻击者进行恶意抢注。为了构建DNS服务器间的层级关系,上级服务器通过关系合约RC存储授权的下级服务器,关系合约的地址保存在注册节点的共识合约中,新注册节点通过共识算法经授权后加入,防止新加入节点对系统构成威胁。应该注意,在系统的开始阶段,共识合约CC将为空。因此,临时管理员节点将需要添加初始节点,例如将顶级域名服务器节点作为起始加入节点。一旦有足够多的完整节点加入后,允许移除临时管理员,协商一致的过程按照共识算法执行。For the user registration process, the consensus contract CC is used to verify whether the registered node has been repeatedly registered to prevent malicious cybersquatting by attackers. In order to build a hierarchical relationship between DNS servers, the upper-level server stores the authorized lower-level server through the relationship contract RC, and the address of the relationship contract is stored in the consensus contract of the registered node. system poses a threat. It should be noted that at the beginning of the system, the consensus contract CC will be empty. Therefore, the temporary administrator node will need to add the initial node, such as the top-level domain name server node as the initial join node. Once enough full nodes have joined, the temporary administrator is allowed to be removed, and the consensus process is performed according to the consensus algorithm.
2)关系合约(RC):关系合约负责存储DNS层级关系,关系合约各字段含义如下:2) Relationship contract (RC): The relationship contract is responsible for storing the DNS hierarchical relationship. The meanings of the fields of the relationship contract are as follows:
Ethereum Addr:授权的下一级服务器以太坊地址Ethereum Addr: Authorized next-level server Ethereum address
Reponsible Domain:授权的下一级服务器负责的名称空间Reponsible Domain: The namespace that the authorized next-level server is responsible for
IP:服务器的IP地址IP: The IP address of the server
Level:服务器层级Level: server level
HC Addr:关系合约地址HC Addr: Relationship contract address
Server Signature:信息签名Server Signature: message signature
对于服务器授权出的名称空间,为了记录层级关系,上级服务器在共识合约CC关联的关系合约RC中存储授权的名称服务器管理的名称空间、IP和关联的以太坊地址信息。上级服务器授权的名称空间会有多个,关系合约负责记录每个授权记录。对于每个授权服务器信息,都会按照时间顺序记录在区块链中,以便后续的查找和溯源。For the namespace authorized by the server, in order to record the hierarchical relationship, the upper-level server stores the namespace, IP and associated Ethereum address information managed by the authorized name server in the relationship contract RC associated with the consensus contract CC. There will be multiple namespaces authorized by the upper-level server, and the relationship contract is responsible for recording each authorization record. For each authorization server information, it will be recorded in the blockchain in chronological order for subsequent search and traceability.
3)所有权合约(OC):所有权合约负责记录域名服务器所管理域名的具体信息,所有权合约各字段含义如下:3) Ownership contract (OC): The ownership contract is responsible for recording the specific information of the domain name managed by the domain name server. The meanings of the fields of the ownership contract are as follows:
Ethereum Addr:资源记录管理者地址信息Ethereum Addr: resource record manager address information
Domain Name:负责管理的域名Domain Name: The domain name responsible for management
IP Addr:域名对应的IP地址IP Addr: The IP address corresponding to the domain name
External Link:资源记录外部存储的链接External Link: The link to the external storage of the resource record
Hash:资源记录的哈希Hash: The hash of the resource record
HC Addr:历史记录合约的地址HC Addr: The address of the history contract
由于每个区块的存储空间有限,如果将完整的资源记录信息存储在区块链中,会使区块链的长度迅速增长,不易管理和维护。因此,为方便快速查找域名地址信息,在每个区块中直接存储域名和地址,其他资源记录存储在外部存储中。外部存储的链接地址保存在External Link字段中。为防止外部资源记录恶意篡改,资源记录的哈希值保存在Hash字段。DNS资源记录信息会实时更新,通过构建历史记录合约存储更新信息。历史记录合约的地址保存在所有权合约中。Due to the limited storage space of each block, if the complete resource record information is stored in the blockchain, the length of the blockchain will grow rapidly, making it difficult to manage and maintain. Therefore, in order to quickly find the domain name address information, the domain name and address are directly stored in each block, and other resource records are stored in external storage. The link address of the external storage is stored in the External Link field. To prevent malicious tampering of external resource records, the hash value of the resource record is stored in the Hash field. DNS resource record information is updated in real time, and the updated information is stored by building a history record contract. The address of the history contract is kept in the ownership contract.
完整DNS资源存储在IPFS中,每个域名配置(zone)文件对应IPFS中的一个节点ID,这个节点ID不可变,且只有DNS服务器管理员拥有,负责更新DNS域名配置(zone)文件。更新后的域名配置(zone)文件将由历史记录合约写入区块链。Complete DNS resources are stored in IPFS, each domain name configuration (zone) file corresponds to a node ID in IPFS, this node ID is immutable, and only the DNS server administrator has it, responsible for updating the DNS domain name configuration (zone) file. The updated domain name configuration (zone) file will be written to the blockchain by the history contract.
4)历史记录合约(HC):历史记录合约负责将DNS zone文件更新信息写入区块链中,历史记录合约各字段具体含义如下:4) History contract (HC): The history contract is responsible for writing the DNS zone file update information into the blockchain. The specific meanings of the fields of the history contract are as follows:
Ethereum Addr:zone文件管理者地址Ethereum Addr: zone file manager address
New_Hash:更新后zone文件哈希New_Hash: zone file hash after update
Condition:状态,添加、修改、删除Condition: status, add, modify, delete
IPFS ID:用户在IPFS中的标识IPFS ID: The user's identification in IPFS
对zone文件的更改信息,通过历史记录合约将更改后的信息写入区块链,对于每次更改的信息,在外部IPFS中保存每次提交的副本,同时在区块链中存储记录的哈希,确保每次提交的zone文件信息不被篡改,通过区块链和外部IPFS可以溯源zone文件信息。For the change information of the zone file, the changed information is written into the blockchain through the history record contract. For each changed information, a copy of each submission is saved in the external IPFS, and the recorded hash is stored in the blockchain. Hope to ensure that the zone file information submitted each time is not tampered with, and the zone file information can be traced through the blockchain and external IPFS.
5)服务合约(SC)(图中未示出):负责记录域名服务器的服务记录,服务合约各字段具体含义如下:5) Service contract (SC) (not shown in the figure): responsible for recording the service records of the domain name server. The specific meanings of the fields of the service contract are as follows:
Ethereum Addr:zone文件管理者地址Ethereum Addr: zone file manager address
Service Record:服务记录Service Record: Service Record
Condition:状态,添加、修改、删除Condition: status, add, modify, delete
IPFS ID:用户在IPFS中的标识IPFS ID: The user's identification in IPFS
也就是说,本发明通过智能合约将DNS zone文件写入以太坊区块链中,采取链上/链下相结合的方式进行管理。在链下将完整数据存储在外部存储中,在链上将域名资源记录(RR)的文件哈希值、外部链接地址、验证外部数据的公钥信息存储在区块链中,通过区块链保证DNS数据的真实性和完整性,同时利用外部存储系统扩展区块链的存储空间,提高系统可扩展性,本发明实现了在检索域名的同时验证域名,相比DNSSEC在得到检索结果后再进行域名验证的方式,缩短了验证路径和过程,提升验证效率。That is to say, the present invention writes the DNS zone file into the Ethereum blockchain through a smart contract, and adopts a combination of on-chain/off-chain management. The complete data is stored in the external storage off-chain, and the file hash value of the domain name resource record (RR), the external link address, and the public key information for verifying the external data are stored in the blockchain on the blockchain. The authenticity and integrity of the DNS data are guaranteed, and the storage space of the block chain is expanded by using an external storage system to improve the scalability of the system. The invention realizes the verification of the domain name while retrieving the domain name. Compared with DNSSEC, after the retrieval result is obtained, The method of domain name verification shortens the verification path and process and improves the verification efficiency.
图3为本发明一种DNS资源记录的去中心化存储系统的实现方法的步骤流程图。如图3所示,本发明一种DNS资源记录的去中心化存储系统的实现方法,包括如下步骤:FIG. 3 is a flow chart of the steps of a method for implementing a decentralized storage system for DNS resource records according to the present invention. As shown in Figure 3, a method for implementing a decentralized storage system for DNS resource records of the present invention includes the following steps:
步骤S1,采用联盟链的方式构建区块链网络,利用智能合约对注册节点的注册申请进行处理,将其加入所述区块链网络,通过智能合约将DNS zone文件写入所述区块链网络中,采取链上/链下相结合的方式进行管理,在链下将完整数据存储在外部存储中,在链上将域名资源记录(RR)的文件哈希值、外部链接地址、验证外部数据的公钥信息存储在区块链中,通过区块链保证DNS数据的真实性和完整性,同时利用外部存储系统扩展区块链的存储空间。In step S1, a blockchain network is constructed by means of a consortium chain, a smart contract is used to process the registration application of a registered node, and it is added to the blockchain network, and the DNS zone file is written into the blockchain through a smart contract In the network, a combination of on-chain/off-chain management is adopted, and the complete data is stored in external storage off-chain, and the file hash value of the domain name resource record (RR), external link address, and external verification are stored on the chain. The public key information of the data is stored in the blockchain, the authenticity and integrity of the DNS data are guaranteed through the blockchain, and the storage space of the blockchain is expanded by using an external storage system.
在本发明具体实施例中,所述智能合约包括共识合约CC、关系合约RC、所有权合约OC、历史记录合约HC以及服务合约SC。所述区块链网络采用联盟链的方式构建,服务器节点授权加入联盟链网络,所述联盟链的网络示意图如图4所示。假定加入系统的服务器节点已经安装Ethereum客户端并创建Ethereum地址,节点添加过程如图5所示,具体地,步骤S1的节点添加过程如下:In a specific embodiment of the present invention, the smart contract includes a consensus contract CC, a relationship contract RC, an ownership contract OC, a history record contract HC, and a service contract SC. The blockchain network is constructed in the form of a consortium chain, and the server node is authorized to join the consortium chain network. The network schematic diagram of the consortium chain is shown in FIG. 4 . Assuming that the server node joining the system has installed the Ethereum client and created the Ethereum address, the node adding process is shown in Figure 5. Specifically, the node adding process in step S1 is as follows:
1)注册节点向区块链网络中提出注册申请,其中包括Ethereum地址、域名信息、所属服务器层级、身份信息;1) The registration node submits a registration application to the blockchain network, including the Ethereum address, domain name information, server level, and identity information;
2)共识合约将消息推送给投票池节点,进行确认;2) The consensus contract pushes the message to the voting pool node for confirmation;
3)投票池节点检查域名信息是否合法且未注册,若域名合法且未注册,则返回注册成功,否则返回注册失败;3) The voting pool node checks whether the domain name information is legal and unregistered. If the domain name is legal and unregistered, it will return the registration success, otherwise it will return the registration failure;
4)共识合约处理投票结果,若投票结果合法,则创建关系合约,否则丢弃注册信息;4) The consensus contract processes the voting results. If the voting results are legal, a relationship contract is created, otherwise the registration information is discarded;
5)共识合约将注册消息转发给关系合约;5) The consensus contract forwards the registration message to the relationship contract;
6)关系合约将注册消息转给发对应的服务器节点;6) The relationship contract forwards the registration message to the corresponding server node;
7)上级服务器节点同意授权该节点,并将申请信息和自身签名发送给关系合约;7) The upper-level server node agrees to authorize the node, and sends the application information and its own signature to the relationship contract;
8)关系合约对注册信息和授权服务器签名进行编译,并创建服务合约;8) The relationship contract compiles the registration information and the authorization server signature, and creates a service contract;
9)关系合约将注册好的信息写入服务合约;9) The relationship contract writes the registered information into the service contract;
10)服务合约的地址返回给注册节点,注册节点利用服务合约进行域名信息操作。10) The address of the service contract is returned to the registration node, and the registration node uses the service contract to operate the domain name information.
可见,对于用户注册过程,共识合约CC验证注册节点是否被重复注册,防止攻击者进行恶意抢注,为了构建DNS服务器间的层级关系,上级服务器通过关系合约存储授权的下级服务器,关系合约的地址保存在注册节点的共识合约中。新注册节点通过共识算法经授权后加入,防止新加入节点对系统构成威胁。应该注意,在系统的开始阶段,共识合约CC将为空,因此,临时管理员节点将需要添加初始节点,例如将顶级域名服务器节点作为起始加入节点。一旦有足够多的完整节点加入后,允许移除临时管理员,协商一致的过程按照共识算法执行。It can be seen that for the user registration process, the consensus contract CC verifies whether the registered nodes are repeatedly registered to prevent malicious squatting by attackers. In order to build a hierarchical relationship between DNS servers, the upper-level server stores the authorized lower-level server through the relationship contract, and the address of the relationship contract Saved in the consensus contract of the registered node. Newly registered nodes are authorized to join through the consensus algorithm to prevent newly added nodes from posing a threat to the system. It should be noted that at the beginning of the system, the consensus contract CC will be empty, therefore, the temporary administrator node will need to add the initial node, such as the top-level domain name server node as the initial join node. Once enough full nodes have joined, the temporary administrator is allowed to be removed, and the consensus process is performed according to the consensus algorithm.
以下说明本发明具体实施例中所采用的共识算法(即数据更新的共识过程):The consensus algorithm (that is, the consensus process of data update) adopted in the specific embodiment of the present invention is described below:
1)算法思想1) Algorithm idea
考虑到PBFT(共识算法)算法在网络带宽和节点通信方式方面的局限性,结合区块链的特点,PBFT算法不要求每个消息先排好顺序,每个节点只需完成消息的验证和确认,将PBFT的3次广播过程缩减为2次,降低网络的通信开销。Considering the limitations of the PBFT (consensus algorithm) algorithm in terms of network bandwidth and node communication methods, combined with the characteristics of the blockchain, the PBFT algorithm does not require each message to be sorted first, and each node only needs to complete the verification and confirmation of the message , reducing the 3 broadcast processes of PBFT to 2 times, reducing the communication overhead of the network.
2)符号表示2) Symbol representation
设系统中参与共识的节点数为N,能容忍的最大恶意节点数为f,则N必须满足公式N≥3f+1,系统中共识节点参与记账过程,普通节点可以看到共识过程,但并不参与。参与共识的节点分为两种类型:主节点m,从节点s。为保证消息的真实性和完整性,消息发送过程中,采用签名的方式,设函数σ为签名函数,msg为要发送的消息,hash为哈希函数,则签名值Sig表示为Suppose the number of nodes participating in the consensus in the system is N, and the maximum number of malicious nodes that can be tolerated is f, then N must satisfy the formula N≥3f+1, the consensus nodes in the system participate in the accounting process, and ordinary nodes can see the consensus process, but not participating. The nodes participating in the consensus are divided into two types: master node m and slave node s. In order to ensure the authenticity and integrity of the message, in the process of message sending, the method of signature is adopted, and the function σ is the signature function, msg is the message to be sent, and hash is the hash function, then the signature value Sig is expressed as
Sigmsg=σ(hash(msg))Sigmsg =σ(hash(msg))
在每轮共识过程中所需要的数据集合记为视图v,集合从0开始编号,如果当前的集合没有达成共识,则需要进入下一个集合,直至达成共识。共识过程参与的节点也进行编号,每轮选择一个节点作为主节点,其他节点作为从节点。The data set required in each round of consensus is recorded as view v, and the set is numbered from 0. If the current set does not reach a consensus, it needs to enter the next set until a consensus is reached. The nodes participating in the consensus process are also numbered, and one node is selected as the master node in each round, and the other nodes are used as slave nodes.
假设初始时参与共识的节点具有相同的初始状态,即初始区块高度h、上一区块哈希、版本号一致。初始视图编号和主节点编号关系如公式(1)所示It is assumed that the nodes participating in the consensus at the beginning have the same initial state, that is, the initial block height h, the hash of the previous block, and the version number are consistent. The relationship between the initial view number and the main node number is shown in formula (1)
若非共识节点收到交易信息,则将消息进行转发。共识节点由主节点发起共识请求,子共识节点收到交易消息,则验证消息的正确性,若消息经验证后正确则保存该信息,发送共识确认广播,否则广播视图更新信息。当共识过程结束后,删除交易信息,更新视图和区块高度,准备进入新的阶段,具体地,共识算法的流程如图6所示。所述共识算法主要包含两个方面:If the non-consensus node receives the transaction information, it forwards the message. The consensus node initiates a consensus request from the master node, and the sub-consensus node verifies the correctness of the message after receiving the transaction message. If the message is verified to be correct, it saves the information and sends a consensus confirmation broadcast, otherwise it broadcasts the view update information. When the consensus process is over, delete the transaction information, update the view and block height, and prepare to enter a new stage. Specifically, the flow of the consensus algorithm is shown in Figure 6. The consensus algorithm mainly includes two aspects:
A.主节点广播共识请求A. The master node broadcasts the consensus request
主节点的任期为时间t,主节点m向其他共识节点广播共识提案消息The term of the master node is time t, and the master node m broadcasts a consensus proposal message to other consensus nodes
{ConsensusRequest,h,v,m,Block,SigBlock}{ConsensusRequest,h,v,m,Block,SigBlock }
其中ConsensusRequest代表消息类型为共识请求,h是当前区块高度,v当前视图编号,m主节点编号,Block一段时间内交易构成的区块,SigBlock为区块信息签名。Among them, ConsensusRequest represents the message type is a consensus request, h is the current block height, v is the current view number, m is the master node number, Block is the block formed by transactions within a period of time, and SigBlock is the block information signature.
B.子节点共识确认阶段B. Sub-node consensus confirmation stage
每个共识过程子节点接收到主节点的广播消息后,依次验证消息的正确性,若消息正确,则广播共识确认信息:After each consensus process child node receives the broadcast message from the master node, it verifies the correctness of the message in turn. If the message is correct, it broadcasts the consensus confirmation information:
<ConsensusConfirm,h,v,s,SigBlock><ConsensusConfirm,h,v,s,SigBlock >
其中ConsensusConfirm代表消息类型为共识请求,h是当前区块高度,v当前视图编号,s子节点编号,SigBlock为区块签名。Among them, ConsensusConfirm means that the message type is consensus request, h is the current block height, v is the current view number, s is the child node number, and SigBlock is the block signature.
每个共识节点接收到广播消息后,执行如下过程,判断消息的正确性:After each consensus node receives the broadcast message, it performs the following process to judge the correctness of the message:
a.判断消息的格式是否正确,包括消息类型、当前区块高度、主节点编号、签名是否正确,若不正确则进行视图更新流程;a. Determine whether the format of the message is correct, including the message type, current block height, master node number, and whether the signature is correct. If not, perform the view update process;
b.判断当前区块中交易的正确性,包括是否已经存在、交易的验证脚本是否正确、是否包含重复交易,若不正确则转到步骤d;b. Determine the correctness of the transaction in the current block, including whether it already exists, whether the verification script of the transaction is correct, and whether it contains repeated transactions. If not, go to step d;
c.在步骤a和b均验证通过的情况下,则该区块内每个交易均为合法的;c. If both steps a and b are verified, then each transaction in the block is legal;
d.广播视图更换消息;d. Broadcast view replacement message;
若接收到的消息不正确,则广播视图更换消息。若每个共识节点收到至少2f个共识节点的共识确认消息后,则证明该区块被网络中到大多数节点接受,即共识达成,将该区块添加到区块链中,并广播该区块。If the received message is incorrect, the broadcast view replaces the message. If each consensus node receives consensus confirmation messages from at least 2f consensus nodes, it proves that the block is accepted by most nodes in the network, that is, consensus is reached, the block is added to the blockchain, and the block is broadcast. block.
当主节点发生故障没有在规定时间t内广播共识请求消息或子节点广播视图更新消息未得到2f个节点确认,则会执行视图更新操作,更新过程如下:When the master node fails and fails to broadcast the consensus request message within the specified time t or the sub-node broadcast view update message is not confirmed by 2f nodes, the view update operation will be performed. The update process is as follows:
a.首先将视图增加v=v+1a. First increase the view by v=v+1
b.子节点发送更换视图消息b. The child node sends a change view message
<ViewChange,h,v,s,v′,Sigmsg><ViewChange,h,v,s,v′,Sigmsg >
其中ViewChange代表消息类型为视图更新,h是当前区块高度,v当前视图编号,s子节点编号,v′新视图编号,Sigmsg为消息签名Among them, ViewChange represents that the message type is view update, h is the current block height, v is the current view number, s is the child node number, v′ is the new view number, and Sigmsg is the message signature
c.若共识节点接受视图更新广播消息数超过2f,则将视图更新为v′,主节点更新为m=m+1,开始新的共识过程。c. If the consensus node receives more than 2f of view update broadcast messages, it will update the view to v' and the master node to m=m+1, and start a new consensus process.
d.若接收的视图更新消息数未到2f,返回到步骤a继续执行。d. If the number of received view update messages is less than 2f, return to step a to continue execution.
B.主节点任期时间t的设置B. Setting of the term t of the master node
当主节点网络不稳定或共识节点间网络波动,可能会到导致频繁的视图更换,消耗网络资源。为了避免因网络波动而频繁触发视图跟换,主节点工作的时间t,应随视图更新的指数增加,当视图频发更新时,说明网络发生波动,应该增加时间t。设时间t满足如下函数,When the master node network is unstable or the network between consensus nodes fluctuates, it may lead to frequent view changes and consume network resources. In order to avoid frequent triggering of view changes due to network fluctuations, the working time t of the master node should increase with the index of view update. When views are updated frequently, it means that the network fluctuates and the time t should be increased. Let the time t satisfy the following function,
T(k)=2k·t,k=0,1,2,...T(k)=2k t,k=0,1,2,...
函数T随视图更新次数指数增加,可以避免因网络波动而造成的频繁视图更换,造成网络资源的浪费。The function T increases exponentially with the number of view updates, which can avoid frequent view changes caused by network fluctuations, resulting in a waste of network resources.
步骤S2,于数据更新时,服务器节点将要更新的资源记录同步链下存储中,并将域名配置(zone)文件的链接地址、记录的哈希值、状态信息发送给服务合约,利用服务合约存储更新的域名信息,并生成历史合约,记录更新的状态和更新的内容。在本发明具体实施例中,假定要更新域名配置(zone)文件的服务器节点已经在系统中完成注册,服务器节点的数据库管理组件将要更新的资源记录同步到链下存储中,将zone文件在IPFS中的链接地址、记录的哈希值、状态信息发送给服务合约,需说明的是,链下存储采用数据库、云存储也可以同样完成同样的功能,采用IPFS即使在数据文件被删除的情况下,原有的数据也仍能够访问,且IPFS具有去中心化的特点,服务合约存储更新的域名信息,并生成历史合约,来记录更新的状态和更新的内容。Step S2, when the data is updated, the server node synchronizes the resource record to be updated in the off-chain storage, and sends the link address of the domain name configuration (zone) file, the hash value of the record, and the status information to the service contract, and the service contract is used for storage. Update domain name information, and generate a history contract to record the updated status and updated content. In the specific embodiment of the present invention, it is assumed that the server node to update the domain name configuration (zone) file has been registered in the system, the database management component of the server node synchronizes the resource record to be updated to the off-chain storage, and the zone file is stored in IPFS. The link address, the recorded hash value, and the status information are sent to the service contract. It should be noted that the off-chain storage using database and cloud storage can also perform the same function. IPFS is used even when the data file is deleted. , the original data can still be accessed, and IPFS has the characteristics of decentralization. The service contract stores the updated domain name information, and generates a historical contract to record the updated status and updated content.
具体地,如图7所示,数据更新过程如下:Specifically, as shown in Figure 7, the data update process is as follows:
(1)服务器节点数据库管理组件生成更新记录;(1) The server node database management component generates update records;
(2)数据库管理组件将更新记录同步到外部IPFS系统,并生成外部存储链接和记录哈希值;(2) The database management component synchronizes the update records to the external IPFS system, and generates external storage links and record hash values;
(3)服务器节点将链接地址、记录的哈希值、状态信息发送给服务合约;(3) The server node sends the link address, recorded hash value, and status information to the service contract;
(4)服务合约记录更新后的域名信息,并生成历史合约;(4) The service contract records the updated domain name information and generates a historical contract;
(5)服务合约将更新记录、状态信息发送给历史合约;(5) The service contract sends the update record and status information to the history contract;
(6)历史合约将更新记录、状态信息写入区块链。(6) History contracts write update records and status information into the blockchain.
图8为本发明一种DNS资源记录的去中心化信息检索方法的步骤流程图。在本发明中,区块链网络负责存储记录的索引,并对记录的真实性和完整性提供保证。区块链网络中由合约负责记录的写入和读取,并且合约由已经存在的合约创建,确保合约创建和数据传输过程中的安全性。可信域由本地网络或者可信任的服务器节点组成,端用户通过可信任的服务器检索域名信息。完整的域名配置(zone)文件存储在外部存储中,外部存储的链接地址和记录哈希保存在区块链中。如图8所示,本发明一种DNS资源记录的去中心化信息检索方法,包括如下步骤:FIG. 8 is a flow chart of steps of a method for decentralizing information retrieval of DNS resource records according to the present invention. In the present invention, the blockchain network is responsible for storing the index of the records and provides guarantees for the authenticity and integrity of the records. In the blockchain network, the contract is responsible for the writing and reading of records, and the contract is created by the existing contract to ensure the security of the contract creation and data transmission process. The trusted domain consists of the local network or trusted server nodes, and end users retrieve domain name information through trusted servers. The complete domain name configuration (zone) file is stored in external storage, and the link address and record hash of the external storage are saved in the blockchain. As shown in Fig. 8, a kind of decentralized information retrieval method of DNS resource record of the present invention comprises the following steps:
步骤S601,端用户在检索域名信息时,向可信服务器发起查询请求;Step S601, when retrieving domain name information, the end user initiates a query request to the trusted server;
步骤S602,可信服务器查找缓存,若缓存没有命中,则向区块链中的服务合约发起查询请求,服务合约记录每个域名对应的服务器和外部链接地址;Step S602, the trusted server searches the cache, and if the cache is not hit, initiates a query request to the service contract in the blockchain, and the service contract records the server and external link address corresponding to each domain name;
步骤S603,服务合约将检索到的域名对应的zone文件的外部地址和记录哈希值返回给可信服务器;Step S603, the service contract returns the external address and record hash value of the zone file corresponding to the retrieved domain name to the trusted server;
步骤S604,可信服务器收到外部链接地址后,查询外部zone文件记录,并计算外部记录哈希和服务合约返回记录哈希作比较,以防止外部记录被篡改,若两个哈希值结果相同,可信服务器将检索到的信息返回给端用户。Step S604, after receiving the external link address, the trusted server queries the external zone file record, and calculates the external record hash and the service contract return record hash for comparison, to prevent the external record from being tampered with, if the two hash values result are the same , the trusted server returns the retrieved information to the end user.
具体地,如图9所示,信息检索过程如下:Specifically, as shown in Figure 9, the information retrieval process is as follows:
(1)端用户发起查询请求(1) The end user initiates a query request
(2)可信服务器查找本地缓存记录,若没有命中则向区块链中的服务合约发起查询请求(2) The trusted server searches for the local cache record, and if there is no hit, initiates a query request to the service contract in the blockchain
(3)服务合约查询存储记录,若存储在该域名的记录,查询内容为对应的IP地址,则将IP地址返回,若查询内容为其他记录,则返回zone文件的外部存储地址;(3) The service contract queries the storage record. If the record stored in the domain name is the corresponding IP address, the IP address will be returned. If the query content is other records, the external storage address of the zone file will be returned;
(4)可信服务器收到服务合约返回结果,若用户查询内容为域名对应的IP地址,则将IP地址返回,若为其他记录,服务器查找外部存储(4) The trusted server receives the result returned by the service contract. If the user query content is the IP address corresponding to the domain name, it will return the IP address. If it is another record, the server will search for external storage.
(5)可信服务器查找外部存储;(5) The trusted server searches for external storage;
(6)计算外部zone文件的哈希和服务合约返回记录哈希作比较,若两者相同,则将外部文件未被篡改,检索相应资源记录;(6) Calculate the hash of the external zone file and compare the hash of the service contract return record. If the two are the same, the external file is not tampered with, and the corresponding resource record is retrieved;
(7)返回查询结果。(7) Return the query result.
优选地,所述信息检索方法还包括如下步骤:Preferably, the information retrieval method further comprises the following steps:
对检索结果进行验证。在本发明中,将DNS中心化的验证方式,转为分布式验证方式,即通过区块链技术,将DNS资源记录的验证变为查找集体维护的账本,利用签名机制和哈希算法保证查找链上记录的方式保证记录的真实性和完整性。Validate the search results. In the present invention, the centralized verification method of DNS is converted into a distributed verification method, that is, through blockchain technology, the verification of DNS resource records is changed into a collectively maintained ledger, and a signature mechanism and a hash algorithm are used to ensure the search The way of on-chain records ensures the authenticity and integrity of records.
图10为本发明具体实施例中基于区块链的DNS资源记录检索和验证过程示意图。具体地,本发明对基于区块链的DNS系统进行验证,将DNS每个zone文件存储在外部数据库,zone文件签名、外部索引、公钥信息存储在区块链中,利用区块链去中心化、集体维护、不易篡改的特点,提供zone文件的真实性和完整性保护,以验证www.aa.com地址记录的真实性为例,其只需2次查询,即查询区块链获得外部链接地址,查询外部链接地址获得地址记录,并进行1次哈希运算,1次加密运算验证zone文件的真实性和完整性。FIG. 10 is a schematic diagram of a blockchain-based DNS resource record retrieval and verification process in a specific embodiment of the present invention. Specifically, the present invention verifies the blockchain-based DNS system, stores each zone file of DNS in an external database, and stores the zone file signature, external index, and public key information in the blockchain, and utilizes the blockchain to decentralize It provides the authenticity and integrity protection of zone files. Taking the verification of the authenticity of the www.aa.com address record as an example, it only takes 2 queries to query the blockchain to obtain external information. Link address, query the external link address to obtain the address record, and perform 1 hash operation and 1 encryption operation to verify the authenticity and integrity of the zone file.
1)身份绑定1) Identity binding
区块链中的记录可以被所有区块链中的节点检索到,如果将用户的公钥直接与域名信息绑定,该节点的身份信息和公钥信息会泄露。为此,本发明为了解决秘钥与身份信息绑定同时保护用户隐私的条件下,对用户的秘钥采用图11的流程进行设计。The records in the blockchain can be retrieved by all nodes in the blockchain. If the user's public key is directly bound to the domain name information, the node's identity information and public key information will be leaked. For this reason, the present invention adopts the process of FIG. 11 to design the user's secret key under the condition that the secret key is bound to the identity information while protecting the user's privacy.
数据的更新通过发布在区块链中公钥进行真实性和完整性验证,离线存储的私钥负责更新区块链中公钥。用户在本地生成一对离线秘钥对,在线秘钥由离线私钥和上一步生成的在线公钥用函数F生成,如公式(2)所示。The update of the data is verified by the public key published in the blockchain for authenticity and integrity, and the private key stored offline is responsible for updating the public key in the blockchain. The user generates a pair of offline secret key pairs locally, and the online secret key is generated by the offline private key and the online public key generated in the previous step with the function F, as shown in formula (2).
(skn,pkn)=F(skf,pkn-1),(2)(skn ,pkn )=F(skf ,pkn-1 ), (2)
当用户更新信息时,用公钥负责签名,确保身份信息和真正的身份关联的秘钥信息相分离。When the user updates the information, the public key is responsible for the signature to ensure that the identity information is separated from the secret key information associated with the real identity.
当服务器向区块链中发送密钥信息时,服务器发送秘钥注册广播信息:When the server sends key information to the blockchain, the server sends the key registration broadcast information:
<key_register,id,values=(pk,σ)><key_register,id,values=(pk,σ)>
其中key_register为消息类型为秘钥注册,id为身份标识,σ=sig(sk,id),σ为用私钥sk对身份标识id的签名,证明该节点拥有公钥pk对应私钥sk。Among them, key_register is the message type is the key registration, id is the identity, σ=sig(sk, id), σ is the signature of the identity id with the private key sk, which proves that the node has the public key pk corresponding to the private key sk.
2)秘钥更新2) Key update
在线公钥的更新通过向区块链发送新、旧公钥,并附加签名的方式完成。通过数字签名,新的公钥由旧公钥相对应私钥的持有者生成,确保消息的发出者为旧公钥的拥有者。The update of the online public key is done by sending the new and old public key to the blockchain and appending the signature. Through digital signature, the new public key is generated by the holder of the corresponding private key of the old public key, ensuring that the sender of the message is the owner of the old public key.
服务器发送秘钥更新广播信息:<key_update,id,values=(pkold,pknew,σ1,σ2)>The server sends the key update broadcast information: <key_update,id,values=(pkold ,pknew ,σ1,σ2)>
其中key_update为消息类型为秘钥更新,id为身份标识,σ1=sig(skold,(id,pknew)),σ1为用旧秘钥签名对身份和新的公钥的签名,这证明该节点拥有旧的公钥pkold对应的私钥skold,并且pknew为节点id对应的新公钥。σ2=sig(sknew,id),σ2为用新私钥sknew对身份标识id的签名,证明该节点拥有新公钥pknew对应新私钥sknew。Where key_update is the message type is the key update, id is the identity identifier, σ1=sig(skold ,(id,pknew )), σ1 is the signature of the identity and the new public key signed with the old key, which proves that the The node has the private key skold corresponding to the old public key pkold , and pknew is the new public key corresponding to the node id. σ2=sig(sknew , id), σ2 is the signature of the identity identifier id with the new private key sknew , which proves that the node has the new public key pknew corresponding to the new private key sknew .
3)验证过程3) Verification process
A.秘钥更新验证A. Key update verification
每个记账节点收到秘钥更新请求后,做如下验证:After each accounting node receives the key update request, it performs the following verification:
判断id标识是否与区块链中pkold对应id相匹配;Determine whether the id identifier matches the id corresponding to pkold in the blockchain;
签名σ1是否正确;Whether the signature σ1 is correct;
签名σ2是否正确。Whether the signature σ2 is correct.
若其中有一项验证失败,则丢弃该交易,否则将该消息打包成区块,广播对该消息的确认。If one of the verification fails, the transaction is discarded, otherwise the message is packaged into a block, and the confirmation of the message is broadcast.
B.资源记录检索与验证B. Resource Record Retrieval and Verification
资源记录的验证域检索过程如图12所示。若域名D在区块链汇总没有记录,返回没有记录,检索过程结束,若区块链中有检索记录,首先检索链接文件,并做如下验证:The verification domain retrieval process of the resource record is shown in Figure 12. If there is no record of domain name D in the blockchain summary, and no record is returned, the retrieval process ends. If there is a retrieval record in the blockchain, the link file is retrieved first, and the following verification is done:
a判断区块链中保存文件的哈希值是否与外存中的文件值相同a Determine whether the hash value of the file saved in the blockchain is the same as the file value in the external memory
b判断区块链中的签名,与用区块链中公钥对外部文件的签名值是否相同b. Determine whether the signature in the blockchain is the same as the signature value of the external file with the public key in the blockchain
c若二者有一项不同,则返回错误,否则返回正确的查询结果。c If there is a difference between the two, return an error, otherwise return the correct query result.
综上所述,本发明一种DNS资源记录的去中心化存储系统及其实现、信息检索方法通过智能合约将DNS zone文件写入以太坊区块链中,采取链上/链下相结合的方式进行管理,在链下将完整数据存储在外部存储中,在链上将域名资源记录(RR)的文件哈希值、外部链接地址、验证外部数据的公钥信息存储在区块链中,通过区块链保证DNS数据的真实性和完整性,同时利用外部存储系统扩展区块链的存储空间,提高了系统可扩展性,本发明实现了在检索域名的同时验证域名,相比DNSSEC在得到检索结果后再进行域名验证的方式,缩短了验证路径和过程,提升验证效率。To sum up, the present invention provides a decentralized storage system for DNS resource records and its implementation and information retrieval method. The DNS zone file is written into the Ethereum blockchain through a smart contract, and a combination of on-chain/off-chain is adopted. The complete data is stored in the external storage under the chain, and the file hash value of the domain name resource record (RR), the external link address, and the public key information for verifying the external data are stored in the blockchain on the chain. The authenticity and integrity of the DNS data is guaranteed by the blockchain, and the storage space of the blockchain is expanded by using an external storage system, which improves the system scalability. The invention realizes the domain name verification while retrieving the domain name. Compared with DNSSEC, The method of domain name verification after obtaining the retrieval results shortens the verification path and process and improves the verification efficiency.
与现有技术相比,本发明具有如下优点:Compared with the prior art, the present invention has the following advantages:
1)可渐进部署,无需改变DNS协议,可与DNS系统兼容;1) It can be deployed gradually without changing the DNS protocol and is compatible with the DNS system;
2)DNS zone文件去中心化存储和管理,利用联盟链思想和智能合约技术将DNSzone文件和联盟链结合,利用区块链去中心、分布式管理、集体维护的特点,保证DNS zone文件的安全可靠和去中心化存储;2) Decentralized storage and management of DNS zone files, using alliance chain ideas and smart contract technology to combine DNSzone files with alliance chains, and utilizing the characteristics of blockchain decentralization, distributed management, and collective maintenance to ensure the security of DNS zone files Reliable and decentralized storage;
3)域名信息的去中心化检索与验证,利用区块链去中心化共识机制和签名机制,保证检索结果的正确性,在域名检索的同时完成域名验证。3) Decentralized retrieval and verification of domain name information, using blockchain decentralized consensus mechanism and signature mechanism to ensure the correctness of retrieval results, and complete domain name verification at the same time as domain name retrieval.
上述实施例仅例示性说明本发明的原理及其功效,而非用于限制本发明。任何本领域技术人员均可在不违背本发明的精神及范畴下,对上述实施例进行修饰与改变。因此,本发明的权利保护范围,应如权利要求书所列。The above-mentioned embodiments merely illustrate the principles and effects of the present invention, but are not intended to limit the present invention. Any person skilled in the art can modify and change the above embodiments without departing from the spirit and scope of the present invention. Therefore, the protection scope of the present invention should be as listed in the claims.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910350269.5ACN110061838B (en) | 2019-04-28 | 2019-04-28 | A decentralized storage system for DNS resource records and its implementation method |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910350269.5ACN110061838B (en) | 2019-04-28 | 2019-04-28 | A decentralized storage system for DNS resource records and its implementation method |
| Publication Number | Publication Date |
|---|---|
| CN110061838Atrue CN110061838A (en) | 2019-07-26 |
| CN110061838B CN110061838B (en) | 2022-07-19 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910350269.5AActiveCN110061838B (en) | 2019-04-28 | 2019-04-28 | A decentralized storage system for DNS resource records and its implementation method |
| Country | Link |
|---|---|
| CN (1) | CN110061838B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110492997A (en)* | 2019-08-09 | 2019-11-22 | 华南理工大学 | A kind of encryption system based on super account book, method, apparatus and storage medium |
| CN110737668A (en)* | 2019-12-17 | 2020-01-31 | 腾讯科技(深圳)有限公司 | Data storage method, data reading method, related device and medium |
| CN110880966A (en)* | 2019-11-22 | 2020-03-13 | 哈尔滨工业大学 | A Domain Name Resolution System Construction and Domain Name Query Method |
| CN111031076A (en)* | 2020-03-06 | 2020-04-17 | 南京畅洋科技有限公司 | Internet of things block chain consensus method based on timing mechanism |
| CN111031086A (en)* | 2019-10-08 | 2020-04-17 | 安徽华博胜讯信息科技股份有限公司 | Block chain data storage method and system |
| CN111061698A (en)* | 2019-12-30 | 2020-04-24 | 语联网(武汉)信息技术有限公司 | Storage method and device of Ether house contract data |
| CN111144578A (en)* | 2019-12-27 | 2020-05-12 | 创新奇智(重庆)科技有限公司 | Artificial intelligence model management system and management method under distributed environment |
| CN111177277A (en)* | 2020-04-10 | 2020-05-19 | 支付宝(杭州)信息技术有限公司 | Data storage method, transaction storage method and device |
| CN111200642A (en)* | 2019-12-26 | 2020-05-26 | 下一代互联网关键技术和评测北京市工程研究中心有限公司 | Authoritative DNS server information distribution method and system |
| CN111210223A (en)* | 2019-12-17 | 2020-05-29 | 广东文储区块链科技有限公司 | Method and system for clearing block chain of decentralized storage area |
| CN111310238A (en)* | 2020-02-12 | 2020-06-19 | 腾讯科技(深圳)有限公司 | File management method and device |
| CN111343267A (en)* | 2020-02-24 | 2020-06-26 | 深圳木成林科技有限公司 | Configuration management method and system |
| CN111339528A (en)* | 2020-02-26 | 2020-06-26 | 腾讯科技(深圳)有限公司 | Method, device and equipment for starting decentralized application and storage medium |
| CN111373402A (en)* | 2019-11-08 | 2020-07-03 | 支付宝(杭州)信息技术有限公司 | Lightweight decentralized application platform |
| CN111448565A (en)* | 2020-02-14 | 2020-07-24 | 支付宝(杭州)信息技术有限公司 | Data authorization based on decentralized identity |
| CN111445245A (en)* | 2020-03-27 | 2020-07-24 | 北京瑞卓喜投科技发展有限公司 | Certificate index updating method and device for security type general certificate |
| CN111460489A (en)* | 2019-12-09 | 2020-07-28 | 重庆锐云科技有限公司 | Client persistent storage method based on IPFS (Internet protocol file system) block chain |
| CN111835884A (en)* | 2020-07-13 | 2020-10-27 | 北京好扑信息科技有限公司 | Virtual address generation method for block chain |
| CN111858627A (en)* | 2020-06-24 | 2020-10-30 | 南京信息职业技术学院 | Academic degree and academic calendar query system and method based on block chain |
| CN111885212A (en)* | 2020-06-03 | 2020-11-03 | 山东伏羲智库互联网研究院 | Domain name storage method and device |
| CN111901447A (en)* | 2020-05-27 | 2020-11-06 | 伏羲科技(菏泽)有限公司 | Domain name data management method, device, equipment and storage medium |
| CN111936995A (en)* | 2020-06-08 | 2020-11-13 | 支付宝实验室(新加坡)有限公司 | Distributed storage of customs clearance data |
| CN112187900A (en)* | 2020-09-18 | 2021-01-05 | 中国科学院计算技术研究所 | DNS data updating method and system based on block chain shared cache |
| CN112214456A (en)* | 2020-11-05 | 2021-01-12 | 深圳市瀚兰区块链地产有限公司 | House property data processing method and device and electronic equipment |
| CN112241435A (en)* | 2020-10-23 | 2021-01-19 | 山西特信环宇信息技术有限公司 | Cone block chain storage system and consensus storage method |
| CN112256662A (en)* | 2020-10-22 | 2021-01-22 | 安徽农业大学 | Storage and traceability method, device, equipment and storage medium of agricultural product information blockchain |
| CN112286881A (en)* | 2020-10-28 | 2021-01-29 | 金蝶云科技有限公司 | Document authentication and tracing method and device |
| CN112437089A (en)* | 2020-11-26 | 2021-03-02 | 交控科技股份有限公司 | Train control system key management method and device based on block chain |
| CN112468603A (en)* | 2019-09-06 | 2021-03-09 | 傲为信息技术(江苏)有限公司 | Domain name query system and method based on block chain |
| WO2021042784A1 (en)* | 2019-09-06 | 2021-03-11 | 南京瑞祥信息技术有限公司 | Domain name management system employing blockchain |
| CN112529581A (en)* | 2020-12-23 | 2021-03-19 | 广州大学 | Domain name data storage system based on block chain and data transaction implementation method thereof |
| CN112637330A (en)* | 2020-12-22 | 2021-04-09 | 山东大学 | Block chain large file copy address selection method, system, equipment and storage medium |
| WO2021071421A1 (en)* | 2019-10-10 | 2021-04-15 | Standard Chartered Bank (Singapore) Limited | Methods, systems, and devices for managing digital assets |
| CN112686673A (en)* | 2020-12-18 | 2021-04-20 | 上海黑犇互联网科技有限公司 | Article traceability system based on IPFS and ETH |
| CN112702390A (en)* | 2020-12-07 | 2021-04-23 | 北京大学 | Block chain-based networking method and device for intelligent contract resources |
| CN112822279A (en)* | 2021-01-13 | 2021-05-18 | 精英数智科技股份有限公司 | Monitoring method and device based on intelligent sensing and trusted storage |
| CN112818038A (en)* | 2021-02-02 | 2021-05-18 | 山东伏羲智库互联网研究院 | Data management method based on combination of block chain and IPFS (Internet protocol file system) and related equipment |
| CN112948847A (en)* | 2021-02-02 | 2021-06-11 | 山东伏羲智库互联网研究院 | Data sharing system based on block chain and data correctness verification method |
| CN113064898A (en)* | 2021-04-06 | 2021-07-02 | 北京瑞卓喜投科技发展有限公司 | Retrieval method and device based on miniature index of contract on chain and electronic equipment |
| CN113064886A (en)* | 2021-03-04 | 2021-07-02 | 广州中国科学院计算机网络信息中心 | A method for identity resource storage and tag management |
| CN113064876A (en)* | 2021-03-25 | 2021-07-02 | 芝麻链(北京)科技有限公司 | IPFS file processing method |
| CN113067836A (en)* | 2021-04-20 | 2021-07-02 | 哈尔滨工业大学 | Intelligent contract system based on decentralized DNS root zone management |
| CN113098941A (en)* | 2021-03-25 | 2021-07-09 | 浙江大学 | Virtual reality content distributed management method and system based on integral excitation |
| CN113127811A (en)* | 2021-03-09 | 2021-07-16 | 西北大学 | Cultural relic digital resource safety sharing method, cultural relic digital resource safety sharing system and information data processing terminal |
| CN113157698A (en)* | 2021-04-23 | 2021-07-23 | 上海和数软件有限公司 | Data query verification method and system based on block chain technology |
| CN113312640A (en)* | 2021-05-31 | 2021-08-27 | 天津理工大学 | Software data integrity multi-party consensus method based on trusted computing |
| CN113422767A (en)* | 2021-06-21 | 2021-09-21 | 哈尔滨工业大学 | Domain name registration management method and system based on block chain |
| CN113538149A (en)* | 2021-07-28 | 2021-10-22 | 浙江数秦科技有限公司 | A multi-source data fusion platform based on blockchain |
| CN113608703A (en)* | 2021-08-24 | 2021-11-05 | 上海点融信息科技有限责任公司 | Data processing method and device |
| CN113657899A (en)* | 2021-10-19 | 2021-11-16 | 支付宝(杭州)信息技术有限公司 | Method, device and system for transferring property right |
| CN114117545A (en)* | 2021-11-08 | 2022-03-01 | 重庆邮电大学 | Tamper-proof electronic certification system and implementation method thereof |
| CN114185997A (en)* | 2022-02-17 | 2022-03-15 | 天津眧合数字科技有限公司 | Pet information credible storage system based on block chain |
| US20220103370A1 (en)* | 2020-09-25 | 2022-03-31 | Wickr Inc. | Decentralized system for securely resolving domain names |
| CN114490685A (en)* | 2021-12-29 | 2022-05-13 | 中国科学院计算技术研究所 | DNS data query and update method and system based on blockchain and verifiable computing |
| CN114629631A (en)* | 2021-07-21 | 2022-06-14 | 国网河南省电力公司信息通信公司 | Data credible interaction method and system based on alliance chain and electronic equipment |
| CN114666277A (en)* | 2022-05-05 | 2022-06-24 | 中国互联网络信息中心 | A kind of data processing method and device based on domain name |
| CN114692174A (en)* | 2020-12-30 | 2022-07-01 | 航天信息股份有限公司 | Electronic certificate service system, method, device, medium and equipment |
| CN114721580A (en)* | 2021-01-04 | 2022-07-08 | 中国移动通信有限公司研究院 | Interplanetary file system IPFS, data storage method, device and communication node |
| CN115150355A (en)* | 2021-03-15 | 2022-10-04 | 正链科技(深圳)有限公司 | Method for realizing distributed domain name |
| CN115174385A (en)* | 2022-06-15 | 2022-10-11 | 桂林电子科技大学 | Industrial Internet of things equipment firmware software updating method based on block chain |
| KR20220150728A (en)* | 2021-05-04 | 2022-11-11 | 계명대학교 산학협력단 | Method and apparatus for providing lightweight blockchain using external strorage and pbft consensus algorithm |
| CN115567550A (en)* | 2022-09-22 | 2023-01-03 | 北京工业大学 | File information data storage method based on block chain and national cryptographic algorithm |
| CN116566945A (en)* | 2023-03-27 | 2023-08-08 | 中国互联网络信息中心 | Access method, device, electronic device and storage medium of decentralized application |
| CN116975151A (en)* | 2023-07-20 | 2023-10-31 | 杭州溪塔科技有限公司 | Block chain event processing method and device |
| CN120086827A (en)* | 2025-02-13 | 2025-06-03 | 江苏维姆信息技术有限公司 | A decentralized identity verification system based on blockchain |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106910051A (en)* | 2017-01-11 | 2017-06-30 | 中国互联网络信息中心 | A kind of DNS resource record notarization method and system based on alliance's chain |
| CN107273410A (en)* | 2017-05-03 | 2017-10-20 | 上海点融信息科技有限责任公司 | Distributed storage based on block chain |
| CN107563905A (en)* | 2017-07-20 | 2018-01-09 | 西安电子科技大学 | A kind of academic platform service system and method for building up based on block chain |
| CN107613041A (en)* | 2017-09-22 | 2018-01-19 | 中国互联网络信息中心 | Blockchain-based domain name management system, domain name management method and domain name resolution method |
| CN108023894A (en)* | 2017-12-18 | 2018-05-11 | 苏州优千网络科技有限公司 | Visa information system and its processing method based on block chain |
| WO2018213880A1 (en)* | 2017-05-22 | 2018-11-29 | Haventec Pty Ltd | System for blockchain based domain name and ip number register |
| CN109034833A (en)* | 2018-06-16 | 2018-12-18 | 复旦大学 | A kind of product back-tracing information management system and method based on block chain |
| CN109327562A (en)* | 2018-12-10 | 2019-02-12 | 中共中央办公厅电子科技学院 | Domain name storage system and method based on block chain |
| CN109491968A (en)* | 2018-11-13 | 2019-03-19 | 浙江鲸腾网络科技有限公司 | A kind of document handling method, device, equipment and computer readable storage medium |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106910051A (en)* | 2017-01-11 | 2017-06-30 | 中国互联网络信息中心 | A kind of DNS resource record notarization method and system based on alliance's chain |
| CN107273410A (en)* | 2017-05-03 | 2017-10-20 | 上海点融信息科技有限责任公司 | Distributed storage based on block chain |
| WO2018213880A1 (en)* | 2017-05-22 | 2018-11-29 | Haventec Pty Ltd | System for blockchain based domain name and ip number register |
| CN107563905A (en)* | 2017-07-20 | 2018-01-09 | 西安电子科技大学 | A kind of academic platform service system and method for building up based on block chain |
| CN107613041A (en)* | 2017-09-22 | 2018-01-19 | 中国互联网络信息中心 | Blockchain-based domain name management system, domain name management method and domain name resolution method |
| CN108023894A (en)* | 2017-12-18 | 2018-05-11 | 苏州优千网络科技有限公司 | Visa information system and its processing method based on block chain |
| CN109034833A (en)* | 2018-06-16 | 2018-12-18 | 复旦大学 | A kind of product back-tracing information management system and method based on block chain |
| CN109491968A (en)* | 2018-11-13 | 2019-03-19 | 浙江鲸腾网络科技有限公司 | A kind of document handling method, device, equipment and computer readable storage medium |
| CN109327562A (en)* | 2018-12-10 | 2019-02-12 | 中共中央办公厅电子科技学院 | Domain name storage system and method based on block chain |
| Title |
|---|
| WENTONG WANG等: "《BlockZone: A Blockchain-Based DNS Storage and Retrieval Scheme》", 《INTERNATIONAL CONFERENCE ON ARTIFICIAL INTELLIGENCE AND SECURITY》* |
| XIANGUI WANG等: "《ConsortiumDNS: A Distributed Domain Name Service Based on Conssortium Chain》", 《2017 IEEE 19TH INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE COMPUTING AND COMMUNICATIONS》* |
| 王文通: "《基于区块链的DNS系统设计与实现》", 《中国优秀硕士学位论文全文数据库信息科技辑》* |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110492997A (en)* | 2019-08-09 | 2019-11-22 | 华南理工大学 | A kind of encryption system based on super account book, method, apparatus and storage medium |
| CN110492997B (en)* | 2019-08-09 | 2020-12-01 | 华南理工大学 | A hyperledger-based encryption system, method, device and storage medium |
| WO2021042788A1 (en)* | 2019-09-06 | 2021-03-11 | 南京瑞祥信息技术有限公司 | Blockchain-based domain name query system and method |
| CN112468603A (en)* | 2019-09-06 | 2021-03-09 | 傲为信息技术(江苏)有限公司 | Domain name query system and method based on block chain |
| WO2021042784A1 (en)* | 2019-09-06 | 2021-03-11 | 南京瑞祥信息技术有限公司 | Domain name management system employing blockchain |
| CN111031086A (en)* | 2019-10-08 | 2020-04-17 | 安徽华博胜讯信息科技股份有限公司 | Block chain data storage method and system |
| WO2021071421A1 (en)* | 2019-10-10 | 2021-04-15 | Standard Chartered Bank (Singapore) Limited | Methods, systems, and devices for managing digital assets |
| US11164186B2 (en) | 2019-10-10 | 2021-11-02 | Standard Chartered Bank (Singapore) Limited | Methods, systems, and devices for managing digital assets |
| US11429617B2 (en) | 2019-11-08 | 2022-08-30 | Alipay (Hangzhou) Information Technology Co., Ltd. | System and method for blockchain-based data synchronization |
| CN111373402A (en)* | 2019-11-08 | 2020-07-03 | 支付宝(杭州)信息技术有限公司 | Lightweight decentralized application platform |
| CN110880966B (en)* | 2019-11-22 | 2022-05-06 | 哈尔滨工业大学 | A Domain Name Resolution System Construction and Domain Name Query Method |
| CN110880966A (en)* | 2019-11-22 | 2020-03-13 | 哈尔滨工业大学 | A Domain Name Resolution System Construction and Domain Name Query Method |
| CN111460489A (en)* | 2019-12-09 | 2020-07-28 | 重庆锐云科技有限公司 | Client persistent storage method based on IPFS (Internet protocol file system) block chain |
| CN111210223A (en)* | 2019-12-17 | 2020-05-29 | 广东文储区块链科技有限公司 | Method and system for clearing block chain of decentralized storage area |
| CN110737668A (en)* | 2019-12-17 | 2020-01-31 | 腾讯科技(深圳)有限公司 | Data storage method, data reading method, related device and medium |
| CN111200642B (en)* | 2019-12-26 | 2022-08-23 | 下一代互联网关键技术和评测北京市工程研究中心有限公司 | Authoritative DNS server information distribution method and system |
| CN111200642A (en)* | 2019-12-26 | 2020-05-26 | 下一代互联网关键技术和评测北京市工程研究中心有限公司 | Authoritative DNS server information distribution method and system |
| CN111144578A (en)* | 2019-12-27 | 2020-05-12 | 创新奇智(重庆)科技有限公司 | Artificial intelligence model management system and management method under distributed environment |
| CN111144578B (en)* | 2019-12-27 | 2023-07-28 | 创新奇智(重庆)科技有限公司 | Artificial intelligence model management system and management method in distributed environment |
| CN111061698B (en)* | 2019-12-30 | 2023-09-05 | 语联网(武汉)信息技术有限公司 | Method and device for storing Ethernet contract data |
| CN111061698A (en)* | 2019-12-30 | 2020-04-24 | 语联网(武汉)信息技术有限公司 | Storage method and device of Ether house contract data |
| CN111310238A (en)* | 2020-02-12 | 2020-06-19 | 腾讯科技(深圳)有限公司 | File management method and device |
| CN111310238B (en)* | 2020-02-12 | 2024-05-14 | 腾讯科技(深圳)有限公司 | File management method and device |
| CN111448565B (en)* | 2020-02-14 | 2024-04-05 | 支付宝(杭州)信息技术有限公司 | Data authorization based on decentralised identification |
| CN111448565A (en)* | 2020-02-14 | 2020-07-24 | 支付宝(杭州)信息技术有限公司 | Data authorization based on decentralized identity |
| CN111343267B (en)* | 2020-02-24 | 2022-08-12 | 深圳木成林科技有限公司 | Configuration management method and system |
| CN111343267A (en)* | 2020-02-24 | 2020-06-26 | 深圳木成林科技有限公司 | Configuration management method and system |
| CN111339528A (en)* | 2020-02-26 | 2020-06-26 | 腾讯科技(深圳)有限公司 | Method, device and equipment for starting decentralized application and storage medium |
| CN111339528B (en)* | 2020-02-26 | 2025-07-25 | 腾讯科技(深圳)有限公司 | Starting method, device, equipment and storage medium of decentralised application |
| CN111031076A (en)* | 2020-03-06 | 2020-04-17 | 南京畅洋科技有限公司 | Internet of things block chain consensus method based on timing mechanism |
| CN111445245A (en)* | 2020-03-27 | 2020-07-24 | 北京瑞卓喜投科技发展有限公司 | Certificate index updating method and device for security type general certificate |
| CN111177277A (en)* | 2020-04-10 | 2020-05-19 | 支付宝(杭州)信息技术有限公司 | Data storage method, transaction storage method and device |
| CN112182099A (en)* | 2020-04-10 | 2021-01-05 | 支付宝(杭州)信息技术有限公司 | Transaction verification method and device |
| CN111901447A (en)* | 2020-05-27 | 2020-11-06 | 伏羲科技(菏泽)有限公司 | Domain name data management method, device, equipment and storage medium |
| CN111901447B (en)* | 2020-05-27 | 2022-09-20 | 伏羲科技(菏泽)有限公司 | Domain name data management method, device, equipment and storage medium |
| CN111885212B (en)* | 2020-06-03 | 2023-05-30 | 山东伏羲智库互联网研究院 | Domain name storage method and device |
| CN111885212A (en)* | 2020-06-03 | 2020-11-03 | 山东伏羲智库互联网研究院 | Domain name storage method and device |
| CN111936995A (en)* | 2020-06-08 | 2020-11-13 | 支付宝实验室(新加坡)有限公司 | Distributed storage of customs clearance data |
| CN111858627A (en)* | 2020-06-24 | 2020-10-30 | 南京信息职业技术学院 | Academic degree and academic calendar query system and method based on block chain |
| CN111858627B (en)* | 2020-06-24 | 2024-05-31 | 南京信息职业技术学院 | System and method for inquiring academic calendar based on blockchain |
| CN111835884A (en)* | 2020-07-13 | 2020-10-27 | 北京好扑信息科技有限公司 | Virtual address generation method for block chain |
| CN111835884B (en)* | 2020-07-13 | 2022-11-04 | 北京好扑信息科技有限公司 | Virtual address generation method for block chain |
| CN112187900A (en)* | 2020-09-18 | 2021-01-05 | 中国科学院计算技术研究所 | DNS data updating method and system based on block chain shared cache |
| CN112187900B (en)* | 2020-09-18 | 2022-03-01 | 中国科学院计算技术研究所 | DNS data updating method and system based on block chain shared cache |
| US11757652B2 (en)* | 2020-09-25 | 2023-09-12 | Wickr Inc. | Decentralized system for securely resolving domain names |
| US20220103370A1 (en)* | 2020-09-25 | 2022-03-31 | Wickr Inc. | Decentralized system for securely resolving domain names |
| CN112256662A (en)* | 2020-10-22 | 2021-01-22 | 安徽农业大学 | Storage and traceability method, device, equipment and storage medium of agricultural product information blockchain |
| CN112241435A (en)* | 2020-10-23 | 2021-01-19 | 山西特信环宇信息技术有限公司 | Cone block chain storage system and consensus storage method |
| CN112286881B (en)* | 2020-10-28 | 2024-04-05 | 金蝶云科技有限公司 | Document authentication tracing method and device |
| CN112286881A (en)* | 2020-10-28 | 2021-01-29 | 金蝶云科技有限公司 | Document authentication and tracing method and device |
| CN112214456A (en)* | 2020-11-05 | 2021-01-12 | 深圳市瀚兰区块链地产有限公司 | House property data processing method and device and electronic equipment |
| CN112214456B (en)* | 2020-11-05 | 2022-05-10 | 深圳市瀚兰区块链地产有限公司 | House property data processing method and device and electronic equipment |
| CN112437089A (en)* | 2020-11-26 | 2021-03-02 | 交控科技股份有限公司 | Train control system key management method and device based on block chain |
| CN112702390B (en)* | 2020-12-07 | 2022-04-15 | 北京大学 | Networking method and device for smart contract resources based on blockchain |
| CN112702390A (en)* | 2020-12-07 | 2021-04-23 | 北京大学 | Block chain-based networking method and device for intelligent contract resources |
| CN112686673A (en)* | 2020-12-18 | 2021-04-20 | 上海黑犇互联网科技有限公司 | Article traceability system based on IPFS and ETH |
| CN112637330A (en)* | 2020-12-22 | 2021-04-09 | 山东大学 | Block chain large file copy address selection method, system, equipment and storage medium |
| CN112529581A (en)* | 2020-12-23 | 2021-03-19 | 广州大学 | Domain name data storage system based on block chain and data transaction implementation method thereof |
| CN114692174A (en)* | 2020-12-30 | 2022-07-01 | 航天信息股份有限公司 | Electronic certificate service system, method, device, medium and equipment |
| CN114721580A (en)* | 2021-01-04 | 2022-07-08 | 中国移动通信有限公司研究院 | Interplanetary file system IPFS, data storage method, device and communication node |
| CN112822279A (en)* | 2021-01-13 | 2021-05-18 | 精英数智科技股份有限公司 | Monitoring method and device based on intelligent sensing and trusted storage |
| CN112948847B (en)* | 2021-02-02 | 2024-05-10 | 山东伏羲智库互联网研究院 | Block chain-based data sharing system and data correctness verification method |
| CN112948847A (en)* | 2021-02-02 | 2021-06-11 | 山东伏羲智库互联网研究院 | Data sharing system based on block chain and data correctness verification method |
| CN112818038B (en)* | 2021-02-02 | 2025-02-25 | 山东伏羲智库互联网研究院 | Data management method and related equipment based on combination of blockchain and IPFS |
| CN112818038A (en)* | 2021-02-02 | 2021-05-18 | 山东伏羲智库互联网研究院 | Data management method based on combination of block chain and IPFS (Internet protocol file system) and related equipment |
| CN113064886A (en)* | 2021-03-04 | 2021-07-02 | 广州中国科学院计算机网络信息中心 | A method for identity resource storage and tag management |
| CN113064886B (en)* | 2021-03-04 | 2023-08-29 | 广州中国科学院计算机网络信息中心 | A method for identity resource storage and tag management |
| CN113127811B (en)* | 2021-03-09 | 2024-03-19 | 西北大学 | Cultural relic digital resource safe sharing method, system and information data processing terminal |
| CN113127811A (en)* | 2021-03-09 | 2021-07-16 | 西北大学 | Cultural relic digital resource safety sharing method, cultural relic digital resource safety sharing system and information data processing terminal |
| CN115150355A (en)* | 2021-03-15 | 2022-10-04 | 正链科技(深圳)有限公司 | Method for realizing distributed domain name |
| CN113064876A (en)* | 2021-03-25 | 2021-07-02 | 芝麻链(北京)科技有限公司 | IPFS file processing method |
| CN113098941A (en)* | 2021-03-25 | 2021-07-09 | 浙江大学 | Virtual reality content distributed management method and system based on integral excitation |
| CN113064876B (en)* | 2021-03-25 | 2024-06-04 | 北京知料科技有限公司 | IPFS file processing method |
| CN113064898A (en)* | 2021-04-06 | 2021-07-02 | 北京瑞卓喜投科技发展有限公司 | Retrieval method and device based on miniature index of contract on chain and electronic equipment |
| CN113067836B (en)* | 2021-04-20 | 2022-04-19 | 哈尔滨工业大学 | Intelligent contract system based on decentralized DNS root zone management |
| CN113067836A (en)* | 2021-04-20 | 2021-07-02 | 哈尔滨工业大学 | Intelligent contract system based on decentralized DNS root zone management |
| CN113157698A (en)* | 2021-04-23 | 2021-07-23 | 上海和数软件有限公司 | Data query verification method and system based on block chain technology |
| KR20220150728A (en)* | 2021-05-04 | 2022-11-11 | 계명대학교 산학협력단 | Method and apparatus for providing lightweight blockchain using external strorage and pbft consensus algorithm |
| KR102650336B1 (en) | 2021-05-04 | 2024-03-22 | 계명대학교 산학협력단 | Method and apparatus for providing lightweight blockchain using external strorage and pbft consensus algorithm |
| CN113312640A (en)* | 2021-05-31 | 2021-08-27 | 天津理工大学 | Software data integrity multi-party consensus method based on trusted computing |
| CN113312640B (en)* | 2021-05-31 | 2022-05-24 | 天津理工大学 | A Multi-Party Consensus Method for Software Data Integrity Based on Trusted Computing |
| CN113422767A (en)* | 2021-06-21 | 2021-09-21 | 哈尔滨工业大学 | Domain name registration management method and system based on block chain |
| CN114629631B (en)* | 2021-07-21 | 2024-01-09 | 国网河南省电力公司信息通信公司 | Data trusted interaction method and system based on alliance chain and electronic equipment |
| CN114629631A (en)* | 2021-07-21 | 2022-06-14 | 国网河南省电力公司信息通信公司 | Data credible interaction method and system based on alliance chain and electronic equipment |
| CN113538149B (en)* | 2021-07-28 | 2024-02-27 | 浙江数秦科技有限公司 | Multi-source data fusion platform based on block chain |
| CN113538149A (en)* | 2021-07-28 | 2021-10-22 | 浙江数秦科技有限公司 | A multi-source data fusion platform based on blockchain |
| CN113608703A (en)* | 2021-08-24 | 2021-11-05 | 上海点融信息科技有限责任公司 | Data processing method and device |
| CN113608703B (en)* | 2021-08-24 | 2024-06-07 | 上海点融信息科技有限责任公司 | Data processing method and device |
| CN113657899A (en)* | 2021-10-19 | 2021-11-16 | 支付宝(杭州)信息技术有限公司 | Method, device and system for transferring property right |
| CN114117545A (en)* | 2021-11-08 | 2022-03-01 | 重庆邮电大学 | Tamper-proof electronic certification system and implementation method thereof |
| CN114490685A (en)* | 2021-12-29 | 2022-05-13 | 中国科学院计算技术研究所 | DNS data query and update method and system based on blockchain and verifiable computing |
| CN114185997B (en)* | 2022-02-17 | 2022-05-13 | 天津眧合数字科技有限公司 | Pet information credible storage system based on block chain |
| CN114185997A (en)* | 2022-02-17 | 2022-03-15 | 天津眧合数字科技有限公司 | Pet information credible storage system based on block chain |
| CN114666277B (en)* | 2022-05-05 | 2023-10-24 | 中国互联网络信息中心 | Domain name based data processing method and device |
| CN114666277A (en)* | 2022-05-05 | 2022-06-24 | 中国互联网络信息中心 | A kind of data processing method and device based on domain name |
| CN115174385B (en)* | 2022-06-15 | 2024-04-02 | 桂林电子科技大学 | A blockchain-based method for updating firmware software of industrial IoT devices |
| CN115174385A (en)* | 2022-06-15 | 2022-10-11 | 桂林电子科技大学 | Industrial Internet of things equipment firmware software updating method based on block chain |
| CN115567550A (en)* | 2022-09-22 | 2023-01-03 | 北京工业大学 | File information data storage method based on block chain and national cryptographic algorithm |
| CN115567550B (en)* | 2022-09-22 | 2024-06-21 | 北京工业大学 | File information data storage method based on blockchain and cryptographic algorithm |
| CN116566945A (en)* | 2023-03-27 | 2023-08-08 | 中国互联网络信息中心 | Access method, device, electronic device and storage medium of decentralized application |
| CN116975151A (en)* | 2023-07-20 | 2023-10-31 | 杭州溪塔科技有限公司 | Block chain event processing method and device |
| CN120086827A (en)* | 2025-02-13 | 2025-06-03 | 江苏维姆信息技术有限公司 | A decentralized identity verification system based on blockchain |
| Publication number | Publication date |
|---|---|
| CN110061838B (en) | 2022-07-19 |
| Publication | Publication Date | Title |
|---|---|---|
| CN110061838B (en) | A decentralized storage system for DNS resource records and its implementation method | |
| CN108124502B (en) | Top-level domain name management method and system based on alliance chain | |
| US11831772B2 (en) | Blockchain multi-party shared-governance-based system for maintaining domain name information | |
| CN112311530B (en) | Block chain-based alliance trust distributed identity certificate management authentication method | |
| Bozic et al. | A tutorial on blockchain and applications to secure network control-planes | |
| CN113824563B (en) | Cross-domain identity authentication method based on block chain certificate | |
| US11368450B2 (en) | Method for bidirectional authorization of blockchain-based resource public key infrastructure | |
| CN106910051B (en) | DNS resource record notarization method and system based on alliance chain | |
| CN111106940B (en) | Certificate transaction verification method of resource public key infrastructure based on block chain | |
| CN102045413B (en) | DHT expanded DNS mapping system and method for realizing DNS security | |
| CN112468309B (en) | Domain Name Management System Based on Smart Contract | |
| CN108064444A (en) | A blockchain-based domain name resolution system | |
| WO2022134951A1 (en) | Data synchronization method and apparatus, and device and computer-readable storage medium | |
| CN113269546B (en) | User identity card system and method based on block chain | |
| KR20090015026A (en) | How to use index storage, computer systems, and computer readable media | |
| CN108366137A (en) | The method and root DNS that domain name is handled based on block chain | |
| CN108923932A (en) | A kind of decentralization co-verification model and verification algorithm | |
| CN108366138A (en) | Domain name operating method, system and electronic equipment | |
| CN114629631B (en) | Data trusted interaction method and system based on alliance chain and electronic equipment | |
| CN108429765A (en) | A method, server and system for implementing domain name resolution based on blockchain | |
| CN112468525A (en) | Domain name management system based on block chain | |
| CN117118640A (en) | A data processing method, device, computer equipment and readable storage medium | |
| CN112132581B (en) | PKI identity authentication system and method based on IOTA | |
| CN116151844A (en) | A blockchain-based electronic material circulation traceability method | |
| CN108876378B (en) | Public link data encryption backup method |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |