A large-scale domain name in China has been parsing abnormalities around 15 o'clock on the 21st, causing some users to be unable to access it normally. The National Internet Emergency Center confirmed on the 22nd that the failure was caused by a network attack on the root server. This makes the security of the root domain name server once again a topic of concern. In the Internet, what is the role of the root domain name server (hereinafter referred to as the root server)? What if the root server is attacked? Does China need to have its own root server?
Irreplaceable root server
The National Internet Emergency Center announced on the afternoon of the 22nd that at 15:20 on January 21, 2014, a large number of Internet users in China could not normally access websites ending in ".com" and ".net". After the incident, the National Internet Emergency Center launched the emergency response mechanism at the first time, and coordinated some technical support units to conduct investigations and emergency response. At around 16:50, user access basically returned to normal. After analyzing the data that has been mastered, it is preliminarily judged that the incident is caused by cyberattacks, and the Internet users in China are abnormal when parsing through the international top-level domain name service. The source of the attack is under further investigation.
The root server is mainly used to manage the home directory of the Internet, and there are only 13 devices in the world. Most of them are placed in the United States, one each in the United Kingdom, Sweden, and Japan. All root servers are managed by ICANN, an Internet domain name and number assignment authority authorized by the US government, and are responsible for the management of global Internet domain name root servers, domain name systems, and IP addresses. The 13 root name servers in the world are named after the English letters A to M, and 9 of them have mirror stations in multiple locations around the world.
The URLs that people enter daily are easy to remember, but each URL must correspond to an IP address, which is convenient for computer identification. Then there will be a list of IP addresses corresponding to the URL, and the root server will be responsible for managing this list. Once there is a problem with the root server, you can't find the IP address by entering the domain name URL, and the user can't open the website. On the 21st, the large-scale analysis of the abnormal situation in the Chinese network was that when people entered a website they wanted to go, they found that they were directed to an irrelevant IP address.
Tan Xiaosheng, a Chinese network security expert and vice president of 360 Company, said in an interview with the Global Times on the 22nd that the process of parsing from domain name to IP address is equivalent to the process of asking for directions. The domain name server is divided into different levels, and the root server It can be seen as a top-level institution that controls all the routes in the world. When you ask the highest level, the root server will give you the answer. Tan Xiaosheng said that there are two main problems with the root server. One is that it is "killed", which means that all domain names cannot be resolved into IP addresses. There is another situation where it is replaced by a fake one.
The root domain name server was attacked multiple times
On the 21st, China’s network failure was not the first time the root server was attacked. In fact, the root domain name server has played a key role since the Internet was put into use, but it has also been rampant due to failure or attack.
In July 1997, a new general list of Internet address assignments was automatically passed between the root servers, but this list is actually blank. This human error caused a serious local service interruption on the Internet, which caused the network to be inaccessible within a few days and the email could not be sent.
On the afternoon of October 21, 2002, 13 servers were the most serious and the most cyberattacks after the Internet was put into use. The attack was mainly a DDoS attack, which was a distributed denial of service attack. The 13 root servers were attacked by more than 30 to 40 times the conventional number, resulting in 9 out of order, 7 of which lost the processing of network communication. The ability, the other two are also closely followed. However, after the hacker attack was discovered, computer and network security experts took timely measures, and the attack time was short. The attack did not cause serious consequences, and Internet users were not significantly affected. On the night of February 5, 2007, the unidentified hacker launched a 12-hour attack on multiple root servers, the most serious hacking attack on the Internet since 2002.
Similar to the abnormality of some of China's ".com" domain name resolutions on the 21st, it has also occurred in other countries. In April 2004, Libya disappeared from the Internet for three days due to the “.ly†domain name.
Why the attack only happened in China
The cyber incident on the 21st once again sounded the alarm. People can't help but ask, what should China's Internet do in the few extreme cases of the global Internet, or the blockage of China's Internet international exports? In response, some people have called for the establishment of their own root server. Some analysts believe that the global layout of the 13 root servers is related to the informationization layout of Europe and the United States. Currently, the only primary root server is in the United States, and the other 12 servers are the primary root servers of the United States. To change this layout, the establishment of the 14th root server requires an authority to pass, which can only be achieved through international cooperation and negotiation, because adding a root server involves a series of problems such as how the information flow is distributed.
Yu Xiaoqiu, senior adviser of the China Information Security Evaluation Center, put forward another point of view in an interview with the Global Times on the 22nd. He believes that the main point of attention and analysis of this incident should be why China is in trouble. Because if the root server is attacked, it means that the national domain name resolution in the world or in a certain area will be a problem, not just a problem in one country. From this point of view, it may be that there is a problem with the server providing domain name resolution in China. It is necessary to understand what is wrong with the host that provides domain name resolution for domestic users. Is it attacked or is it malfunctioning, or Caused by another reason.
Yu Xiaoqiu believes that whether the network is attacked can alert, monitor and reduce the impact on the Internet. Through network traffic monitoring, once an abnormal transient traffic is found, it means that there is a problem. However, Yu Xiaoqiu said that network security is dynamic security. Emergency measures can be monitored, monitored, and taken, and once an attack occurs, local service interruptions may occur if not fully prevented, and emergency measures can be taken to minimize losses.
Tan Xiaosheng said that the most effective solution to the root server attack is to back up the IP address data parsed by the root server. Once there is a problem, although it cannot be 100% recovered, it can guarantee the vast majority in the case of an emergency. The service is normal. This may result in a slight decrease in service quality in a short period of time, but there will be no overall network failure.
Featured by its wide flat surface with top bend, T16 generates lighting with astonishing uniformity, covers all the colors we offer and all functions. All types of IP68 mold injection connectors and DIY connectors are also available for this size. This size can be widely designed for façade lighting, pool lighting, architecture lighting design and etc.
Cute Neon Lights,Color Changing Led Neon Rope Light,Led Neon Wall Lights,Flexible Neon Rope
Tes Lighting Co,.Ltd. , https://www.neonflexlight.com