China Internet Network Information Center (CNNIC) and National Domain Name Security Alliance (hereinafter abbreviated as the alliance) co-released 2012 Security Status and Trends Analysis Report of Domain Name Service in China (the report) On Dec. 21, which is also the first transcript since the foundation of the alliance. With the object analysis of root DNS, top-level authoritative DNS, secondary and its below authoritative DNS and recursive DNS, the report reflects the security configuration and operational status of the overall domain name system through the detection to the under-layer operating system, DNS software, the upper-class DNS architecture, as well as the function configuration and resolution performance of the server. The data shows that more than 80% (equivalent to 120 million) secondary and its below authoritative domain name servers in China face the predicament of weak security status while the configuration for authoritative servers of VIP domain names is apparently complete with over 99% fine service security status.
As the access gateway for the netizens, DNS security is directly associated with the overall Internet security. The occurrence of DNS breakdown will result in disconnection of the whole network due to the domino effect.
According to the analysis, the current global Domain name volume approaches to 300 million. Decentralized registrants operate the authoritative services by themselves or the third-party, resulting in the consequence of massive servers, scattered management, limited scale, and a lack of comprehensive and professional security assurance capability, and therefore bringing about the prodigious potential security hazard to DNS resolution. Among the four DNS taches, root and top-level DNS are operated or administered by the professional organizations such as ICANN and CNNIC, thus the security of DNS can be assured. Whereas, due to the uneven service capability and operational levels, secondary and its below authoritative domain names become to be the severely afflicted areas by potential security hazards, resulting in the server query RTT (Round-Trip Time) of the great distinctions. The data shows that 55% secondary and its below domain names suffer over 0.5 second query RTT, compared with it, the query RTT of only 45% top level domain names is over 0.5 second and moreover, less than 0.1 second for VIP CN domain names.
The resolution nodes for the global service platform of national domain name will break through 40, which will be dispersed in five continents and cover the main ISPs in Chinese mainland, major overseas countries and regions in Asia-pacific, European, and North America. With the support of these nodes, the SLA for domain name registration, resolution, and WHOIS lookup had achieved to 100% for more than three years with the shortened taking effect time for the resolution from 4 hours to 15 minutes, which shows the world-class advanced level and makes sure the query RTT for VIP CN domain names less than 0.1 second.86-10-68597521 (day)
86-10-68597289 (night)
86-10-68511095 (day)
86-10-68512458 (night)
cas_en@cas.cn
52 Sanlihe Rd., Xicheng District,
Beijing, China (100864)