CN domain Super COM become China's main domain name

Source: Internet
Author: User
Keywords Domain name we server so

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

, director of China Internet Information Center Mao Wei

April 15 News, China Internet Information Center Director Mao Wei said today, the CN domain name has become China's main domain name, CN-oriented site has reached 1.3 million, accounting for the total number of our website 70%, the current important site is also the use of CN domain name as the main domain name.

Mao Wei also introduced, from the domain name node, our country every day the number of domain name resolution more than 1.3 billion times, peak reached 2.3 billion times, and the first 5 years of domain name resolution is only about 1.3 billion times the scale, so the internet in China development very fast.

When it comes to domain name security, Mao Wei said that the country's top-level domain name is very important for a country, the United Nations Information Society Group believes that a country's national top-level domain name management decisions are not interfered with by other countries, a country's national domain name of the relevant decision-making reflects the reasonable interests should be respected, maintained and clear.

In addition, China, Germany, Britain, the United States, South Korea, Japan, Singapore, seven National Network Information Center in Beijing signed the Beijing Declaration in 2007, joint statement to work together to meet the challenges and opportunities of the information society, share the Internet construction and management experience. The important part of the Beijing Declaration is that the domain Name System constitutes the core infrastructure of the national Internet. (Tin Ying Rei)

The following is a speech by Mao Wei, director of China Internet Information Center, on the theme "Building the next Generation Internet trusted domain Name Service system":

Moderator: The afternoon of the meeting more exciting, Premier Wen Jiabao in the two sessions this year for the first time mentioned three nets fusion. "Network Convergence" like our topic today, IPv6 the Internet and mobile internet topics such as the future of China's information industry in the field of development, has a very important significance. Just now we talked about Premier Wen Jiabao's first mention of this issue in the Government's work report during the two sessions this year, so I think our meeting today is of great significance.

Today, due to a little delay in the morning, the afternoon meeting begins now. I hope our guests will speak as concisely as possible.

First of all, the guest speaker this afternoon is Mr. Mao Wei, Director of China Internet Information Center, his speech titled "Building the Next Generation Internet trusted domain Name Service System", please Chairman Mao.

Mao Wei: Good afternoon, ladies and gentlemen.

Next, I begin my speech, my topic is "constructs next Generation Internet trusted domain Name Service system". Probably will talk about these aspects of content, first of all will introduce the importance of domain name. Then we will tell you about our current trusted service domain name. The third part is about our country service Domain Name service system faces the difficulty and the challenge is what? Finally, the fourth section is how we construct the next generation of trusted domain Name Service system idea to everybody to talk about.

Domain Name service is to support the operation of the Internet, all kinds of applications on the Internet are based on domain names. It is equivalent to the Internet's infrastructure, equivalent to the pure system of the Internet. According to the survey, around the world about 11 million DNS servers, composed of our tree-like domain Name System, every day in the completion of the China DNS query, this amount is very alarming. I remember statistics from the United States in the past, when the exchange volume was three times times more than the telephone. At the same time, the Domain Name Service system is also a successful distributed query system, very robust and efficient. So when new applications involve querying, they also like to support domain name technology as their query. For example, the internet everyone used the RFID query, or some other queries are based on the domain name as the basis to do.

The former deputy minister of the Ministry of Xi made a metaphor, so it is very important to convert the security.

It is also important for a country to have a top-level domain name in its own country, and the United Nations information Society says that a country's management of the country's top domain names is not interfered with by others. A country should be respected, maintained and clear about the reasonable interests embodied in the relevant decisions of the national ccTLD. There is consensus, the Beijing Declaration, that the domain Name System constitutes the core infrastructure of the national Internet, and the core facilities have become the important status of the domain name. So that's why we're defining this.

ccTLD development of the situation simply speaking, at present, China's rapid growth has become the largest national top-level domain, after COM to become the world's second largest top-level domain. I think the application level of the Internet will be further improved.

From now on, CN Domain name has become China's main domain name, CN-oriented site has more than 70%, important sites are also selected CN domain name as their primary domain name. This is the domain name of the number, from the Domain name node, the number of visits per day more than 1.3 billion times, the peak reached 2.3 billion times. The first 5 years of our domain name resolution amount is about 1.3 billion times the scale, so this development in China very fast.

Quality of service we have a commitment, now from the registration, Whois, query such quality has reached more than 99%, analytic service is reached 100% reliability. These indicators have reached a world-class level.

In this area, we also set up a IPV6 node in the past 2004 years, the current IPV6 query is also relatively large, reached the consultation using a volume of 10%, which also reflects the Internet in the IPV6 access to the potential needs. This is some running situation. But there will be problems, there are more problems, the following can be introduced.

From a domain name query is graded, my side is roughly divided into four levels, one is the top of the CN server, the third is authoritative server, four is a recursive server. We also set up mirrors in China. Root system is our own to do, authoritative server by the enterprise itself to do, or he commissioned the domain name registrar to help him to carry out maintenance, in addition to the telecommunications operators to provide domain name Analysis Services. These services in the use of the Internet when you do not feel that you query the Web users are not feeling, he only felt this came out, it means that the resolution was successful.

We can see that our domain name software is from foreign software, there is no system protection. There is a domain Name system running, from the country to see no corresponding norms or industry standards, such risks should be relatively high. We did an online survey recently, found that 69 important institutions, their domain name server operation, security risk is high, the country probably has more than 40,000 servers in the running, which has most of the problems have security problems.

At the top of the server for CN, we used to be on the February 22, 2003, has been an attack, so that our system has failed, so that the network, Sina


Web sites like this are inaccessible. There are a lot of international, say a little about our neighborhood, like Hong Kong's domain name in 2004 after the problem, including the HSBC such sites are inaccessible, such as the South Korean domain names have arisen problems. Domain Name server security incidents or.

Authoritative server is in the domain name registrar to run, some domain registrar manages the quantity even more than million, manages the website number also to be several 100,000 meters, they have the question also to affect to the normal website the visit. The problem is probably 2006, 2007 and 2008.

In the recursive server this piece is mainly in the telecom operators level, we see for example, in Netcom, telecommunications, recursive server problems, all caused a large area of Internet access has been a problem. and the National Computer Emergency Center also published a number of corresponding announcements, the issue of such a corresponding warning.

I said these three levels, just cited the example, top-level, recursive, authoritative servers have problems, root server is there any problem? I used to remember that 2000 years or so, the world's 13 root people to his focus on the attack, and finally caused congestion, network access. A mirror of the root server appears, so the root server problem is resolved to a certain extent. So security incidents occur from one to the other.

At the same time, the domain Name System faces the technical challenge, for example domain name parsing system loophole, we can inject some false records to the DNS cache. Packets to intercept, or packets to intercept, so that is to visit a website, if you go to a fake business site, such words will cause some of your financial losses. There is also a bit like the registration system attacks, domain name information modification, through the Registrar's Registration system, the Registrar's system once modified, the operator will take hostage. I used to remember a famous web site in China, registered with the. com domain name, was modified after being pointed to the hacker's website is a yellow site. This would have caused our famous website to be inaccessible for about 2 days. This is the domain Name system itself some problems.

The nearest ICANN is also globally coordinated, with domain name attacks. Because the domain name is cached at the time and the TTL is valid for several days. This domain name is very short, because the IP address is constantly changing, by intercepting up to the network, we have such a vicious domain name for nearly 2000 of the analysis.

In addition, in the next generation of Internet transition, we have some requirements for domain names, such as the increase in address space, we require a more secure and reliable. There are IPv4, IPv6 transition, we want to have security support, including the resolution of new requirements, there will be some new requirements.

In this way, we think that the domain Name system is the next generation of the most important technology facilities on the Internet, in the new situation to meet the challenges. In some new applications, such as scale, security and so on, these aspects should put forward higher requirements to the domain Name System. Therefore, we need to quickly build the next generation of Internet Trusted domain Name Server system. Recently, the NDRC launched the new CN domain Name System, we also undertook the construction of the next generation of Internet trusted domain Name System project, I put the following situation also to introduce you. In general, there may be some requirements that are massive, fast, etc. I will introduce two points, with you in the future deployment and implementation and online have a certain relationship, because the whole system of construction involves relatively wide, I do not do one by one introduction.

As I said just now, the entire domain name parsing system is graded, and I write four levels. Just described the situation of the top-level domain name. To the security of the entire domain name is not a level to solve it, but it is necessary to solve a number of levels to be able to establish such a set of security operation and maintenance service system. Therefore, we hope that in the authoritative server, mainly in the service organization side and important enterprises to maintain their own domain name. There are also recursive servers that are mainly telecom operators who want them to upgrade.

Therefore, we have the system design completed, will be actively deployed in some key departments, we have the need to put forward some important domain Name system. We deploy the next generation of Internet trusted domain Name service systems that can deploy these points to the needs of these parties.

In addition, we can realize the domestic domain name Analysis System DNSSEC system, in the Internet when our domain name may be modified. Originally I check the industry and Commerce website, can point to which IP to go. But in the network transmission time was attacked, was changed, want to go to the real business site, but was changed, this is the verification of data transmission. Another is the validation of data negation, which requires deployment of DNSSEC to resolve.

After deploying the entire DNSSEC, we spend a lot of money and the area file expands a lot. In the existing device may also not support the expansion of the DNSSEC protocol, at that time we might do UDP, there are some gateways that have restrictions on this. Query, in addition to do domain name, but also to verify, such as the flow of inquiries, the cost is very large. There is also the corresponding software support, the technology how to do, this is the challenge, this needs each aspect to do together. Because the query is from the local server level to check, certification is a level one certification, but also from the root to the local server four levels together, even including the client configuration support, can support the entire DNSSEC service chain, in order to achieve DNSSEC query. For example, the root of this piece, we have to trust, to configure to the local DNSSEC server. When this is over, I'm going to save the work to the authoritative server at the top level, which forms the entire supply chain. This matter involves all aspects, we deploy the time specially to do the technical training, also invited everybody's some company inside, or is own technical personnel to participate in our technical training, to better the smooth deployment this matter. So, what I'm talking about today is the two things that the trusted domain Service system has to work on.

We also have a lot of work to do, for example, we want to study and improve a trusted domain Name system for other namespaces and a trusted solution that might need to separate the identity and location information of the address. or the support of mobile IP, or multi-homing, which changes our domain name, because the domain name is the most successful distributed common type, has been validated, the next generation of Internet development may provide support. At the same time, we revise the standards for other countries. It is important that we run the technical standards and specifications related to management and security services, such norms to release, just I mentioned but the village on China has more than 40,000 sets of domain Name service its system, master in a variety of institutions inside, will inevitably bring a lot of security risks, this is the important thing we do.

To sum up, the domain Name system is like the Internet signaling system, is the Internet infrastructure. Internet application and security status, challenges to the domain Name System. Next-generation Internet protocols and applications, new requirements for domain name systems. As the infrastructure of Internet, it is very necessary to build, operate and develop the next generation Internet for the future of our country.

China Internet Network Information Center as a national domain name registration Management Agency, based on these aspects we also have expertise, but also hope to help everyone to promote the next generation of Internet trusted domain name, supporting the construction and operation of our next generation of Internet, and actively promote the next generation of Internet-related industrialization and specific applications.

My speech will be here, thank you.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.