{"id":924,"date":"2019-09-21T22:55:12","date_gmt":"2019-09-21T22:55:12","guid":{"rendered":"https:\/\/www.jayjaydream.com\/?p=924"},"modified":"2019-09-21T22:56:11","modified_gmt":"2019-09-21T22:56:11","slug":"cnnic%e7%ac%ac43%e6%ac%a1%e8%b0%83%e6%9f%a5%e6%8a%a5%e5%91%8a%ef%bc%9a%e4%ba%92%e8%81%94%e7%bd%91%e5%9f%ba%e7%a1%80%e8%b5%84%e6%ba%90%e5%ae%89%e5%85%a8%e7%8a%b6%e5%86%b5","status":"publish","type":"post","link":"https:\/\/www.jayjaydream.com\/?p=924","title":{"rendered":"CNNIC\u7b2c43\u6b21\u8c03\u67e5\u62a5\u544a\uff1a\u4e92\u8054\u7f51\u57fa\u7840\u8d44\u6e90\u5b89\u5168\u72b6\u51b5"},"content":{"rendered":"<p>\u7b2c\u4e94\u7ae0 \u4e92\u8054\u7f51\u5b89\u5168\u72b6\u51b5<\/p>\n<p>\u4e00\u3001 \u4e92\u8054\u7f51\u57fa\u7840\u8d44\u6e90\u5b89\u5168\u72b6\u51b5<\/p>\n<p>\uff08\u4e00\uff09 \u57df\u540d\u5b89\u5168\u6574\u4f53\u6001\u52bf<\/p>\n<p>DNS\u4f5c\u4e3a\u4e92\u8054\u7f51\u5173\u952e\u57fa\u7840\u8d44\u6e90\uff0c\u5176\u5b89\u5168\u95ee\u9898\u53d7\u5230\u5e7f\u6cdb\u5173\u6ce8\u3002<strong>DNS\u957f\u671f\u9762\u4e34\u5982\u5206\u5e03\u5f0f\u62d2\u7edd\u670d\u52a1\u653b\u51fb\uff08Distributed Denial of Service\uff0cDDoS \uff09\u3001\u7f13\u5b58\u4e2d\u6bd2\u3001\u4e2d\u95f4\u4eba\u653b\u51fb\u7b49\u5f62\u5f0f\u7684\u5b89\u5168\u5a01\u80c1\uff0c\u5b89\u5168\u5f62\u52bf\u4e0d\u5bb9\u4e50\u89c2\u3002<\/strong>\u867d\u7136\u57282018\u5e74\u5185\u57df\u540d\u7cfb\u7edf\u5e76\u672a\u51fa\u73b0\u5982DNS\u6839\u57df\u540d\u670d\u52a1\u5668\u4e8e2016\u5e74\u906d\u53d7\u5927\u89c4\u6a21DDoS\u653b\u51fb\u7b49\u5f71\u54cd\u8f83\u5927\u7684\u89c4\u6a21\u6027\u5b89\u5168\u4e8b\u4ef6\uff0c\u4f46\u6700\u65b0\u7814\u7a76\u6570\u636e\u8868\u660e\uff0c2018\u5e74\u670977%\u7684\u7ec4\u7ec7\u81f3\u5c11\u7ecf\u5386\u8fc7\u4e00\u6b21\u57fa\u4e8eDNS\u7684\u7f51\u7edc\u653b\u51fb\uff0c23%\u7684DNS\u7f51\u7edc\u653b\u51fb\u4f1a\u5bf9\u76ee\u6807\u7ec4\u7ec7\u7684\u58f0\u8a89\u4ea7\u751f\u660e\u663e\u5f71\u54cd\uff0c\u5b89\u5168\u5f62\u52bf\u4f9d\u7136\u4e25\u5cfb\u3002<\/p>\n<p><strong>\u4e3a\u5e94\u5bf9DNS\u7684\u5b89\u5168\u5a01\u80c1\uff0cIETF\u63d0\u51faDNS\u5b89\u5168\u6269\u5c55\u534f\u8bae\uff08DNSSEC\uff09\uff0c\u4ee5\u6709\u6548\u5e94\u5bf9\u57df\u540d\u52ab\u6301\u7b49\u7f51\u7edc\u653b\u51fb\u3002<\/strong>DNSSEC\u81ea2010\u5e74\u8d77\u5728\u5168\u7403\u5f00\u59cb\u90e8\u7f72\uff0c\u622a\u81f32018\u5e74\u5e95\uff0cCNNIC\u56fd\u5bb6\u57df\u540d\u5b89\u5168\u76d1\u6d4b\u5e73\u53f0\u6570\u636e\u663e\u793a\uff0c\u6839\u57df\u540d\u670d\u52a1\u5bf9DNSSEC\u534f\u8bae\u7684\u652f\u6301\u7387\u4e3a100%\uff0c\u9876\u7ea7\u57df\u540d\u670d\u52a1\u5bf9DNSSEC\u534f\u8bae\u7684\u652f\u6301\u7387\u4e3a91.3%\uff0c\u4f46\u662f\u4e8c\u7ea7\u53ca\u4ee5\u4e0b\u6743\u5a01\u57df\u540d\u670d\u52a1\u548c\u9012\u5f52\u57df\u540d\u670d\u52a1\u5bf9DNSSEC\u534f\u8bae\u7684\u652f\u6301\u7387\u666e\u904d\u8f83\u4f4e\uff0c\u5206\u522b\u4e3a0.03%\u53ca0.51%\u3002\u5bc6\u94a5\u7b7e\u540d\u5bc6\u94a5\uff08KSK \uff09\u662fDNSSEC\u7684\u5fc5\u8981\u6784\u6210\u90e8\u5206\uff0c\u5b9e\u65bdKSK\u8f6e\u8f6c\u662f\u4fdd\u969cDNSSEC\u6301\u7eed\u5b89\u5168\u8fd0\u884c\u7684\u5173\u952e\u73af\u8282\u30022018\u5e742\u6708\uff0cICANN\u53d1\u5e03\u4e86\u6839KSK\u8f6e\u8f6c\u8ba1\u5212\uff0c10\u670815\u65e5\uff0c\u5ba3\u5e03\u9996\u8f6e\u6839\u533aKSK\u8f6e\u8f6c\u5de5\u4f5c\u5706\u6ee1\u5b8c\u6210\uff0c\u5e76\u542f\u52a8\u4e86\u8f6e\u8f6c\u6d41\u7a0b\u7684\u540e\u7eed\u5de5\u4f5c\uff0c\u5ba3\u544a\u4e86\u9996\u6b21\u6839\u533a\u5bc6\u94a5\u8f6e\u8f6c\u5de5\u4f5c\u843d\u4e0b\u5e37\u5e55\u3002<\/p>\n<p><strong>\u9664DNSSEC\u4ee5\u5916\uff0c\u4e1a\u754c\u4f7f\u7528\u591a\u79cd\u624b\u6bb5\u63a8\u8fdb\u57df\u540d\u7cfb\u7edf\u5b89\u5168\u52a0\u56fa\u3002<\/strong>2018\u5e74\u53ec\u5f00\u7684\u4e24\u6b21DNS\u8fd0\u884c\u5206\u6790\u4e0e\u7814\u7a76\u4e2d\u5fc3\uff08Domain Name System Operations Analysis and Research Center\uff0c\u7b80\u79f0DNS OARC\uff09\u4f1a\u8bae\u4e2d\u63d0\u51fa\u4e86\u591a\u9879\u52a0\u56faDNS\u5b89\u5168\u7684\u63d0\u8bae\uff0c<strong>\u5982\u5bf9DNS over HTTPS\uff08\u7b80\u79f0\u4e3aDoH\uff09\u548cDNS over TLS\uff08\u7b80\u79f0\u4e3aDoT\uff09\u7b49\u534f\u8bae\u7684\u5e94\u7528\uff0cDNS\u670d\u52a1\u5668\u9690\u79c1\u4fdd\u62a4\u3001\u56fd\u9645\u5316\u57df\u540d\uff08Internationalized Domain Names\uff0c\u7b80\u79f0IDNs\uff09\u6ee5\u7528\u76d1\u6d4b\u4ee5\u53ca\u52a0\u5f3aDNSSEC\u9a8c\u8bc1\u6548\u7387\u7b49\u591a\u65b9\u9762\u6539\u5584\u57df\u540d\u5b89\u5168\u7684\u63d0\u6848\u3002<\/strong>\u53ef\u4ee5\u9884\u671f\uff0c\u5982\u4f55\u89e3\u51b3\u57df\u540d\u5b89\u5168\u95ee\u9898\u5c06\u6210\u4e3a\u4e1a\u754c\u957f\u671f\u5173\u6ce8\u7684\u70ed\u70b9\u3002DNSSEC\u3001DoT\u3001DoH\u7b49\u6280\u672f\u7684\u63a8\u5e7f\u53ca\u6539\u8fdb\uff0c\u4ee5\u53ca\u65b0\u7684\u57df\u540d\u5b89\u5168\u6280\u672f\u7684\u63d0\u51fa\u53ca\u5e94\u7528\u5c06\u6301\u7eed\u6539\u5584\u57df\u540d\u5b89\u5168\u72b6\u51b5\u3002<\/p>\n<p>\uff08\u4e8c\uff09 IP\u5730\u5740\u4e0e\u8def\u7531\u5b89\u5168<\/p>\n<p><strong>\u81ea\u6cbb\u7cfb\u7edf\uff08Autonomous System\uff0c\u7b80\u79f0AS\uff09\u662f\u7ec4\u6210\u5168\u7403\u4e92\u8054\u7f51\u7684\u57fa\u672c\u5355\u4f4d\uff0c\u800c\u8fb9\u754c\u7f51\u5173\u534f\u8bae\uff08Border Gateway Protocol\uff0c\u7b80\u79f0BGP\uff09\u662f\u7528\u4e8e\u5904\u7406AS\u95f4\u8def\u7531\u5bfb\u5740\u7684\u534f\u8bae\u3002<\/strong>\u7531\u4e8eBGP\u5728\u4ea7\u751f\u521d\u671f\u5e76\u672a\u8fc7\u591a\u8003\u8651\u5b89\u5168\u95ee\u9898\uff0c\u5df2\u6709\u7814\u7a76\u8868\u660e\uff0c<strong>BGP\u534f\u8bae\u5728\u5b89\u5168\u4e0a\u5b58\u5728\u7740\u660e\u663e\u7684\u5b89\u5168\u98ce\u9669\uff0c\u5bfc\u81f4BGP\u957f\u671f\u9762\u4e34\u5305\u62ec\u8def\u7531\u6cc4\u9732\u3001\u8def\u7531\u52ab\u6301\u3001\u65e0\u6cd5\u9a8c\u8bc1\u8def\u7531\u771f\u5b9e\u6027\u7b49\u5b89\u5168\u5a01\u80c1\u3002<\/strong>BGP\u5b89\u5168\u4e8b\u4ef6\u5728\u5386\u53f2\u4e0a\u4e0d\u4e4f\u6848\u4f8b\uff0c2018\u5e74\u7684\u5178\u578b\u4e8b\u4ef6\u5305\u62ec\u4ee5\u4e0b\u4e24\u8d77\uff1a2018\u5e744\u6708\uff0c\u4e9a\u9a6c\u900a\u6743\u5a01\u57df\u540d\u670d\u52a1\u5668\u906d\u5230BGP\u8def\u7531\u52ab\u6301\u653b\u51fb\uff0c\u7528\u6237\u6d41\u91cf\u88ab\u91cd\u5b9a\u5411\u5230\u4f4d\u4e8e\u4fc4\u7f57\u65af\u7684\u52a0\u5bc6\u8d27\u5e01\u7f51\u7ad9\uff0c\u636e\u79f0\u7a83\u53d6\u4e86\u4ef7\u503c\u8fd12000\u4e07\u82f1\u9551\u7684\u6570\u5b57\u8d27\u5e01\u30022018\u5e7411\u6708\uff0c\u8c37\u6b4c\u65d7\u4e0b\u4e91\u670d\u52a1\u7b49\u4e1a\u52a1\u6d41\u91cf\u7531\u4e8e\u897f\u975e\u7f51\u7edc\u8fd0\u8425\u5546\u914d\u7f6e\u95ee\u9898\u800c\u88ab\u9519\u8bef\u5bfc\u5411\uff0c\u5bfc\u81f4\u56fd\u5916\u90e8\u5206\u7528\u6237\u8bbf\u95ee\u5f02\u5e38\uff0c\u8774\u8776\u6548\u5e94\u6ce2\u53ca\u5317\u7f8e\u3002<\/p>\n<p><strong>\u4e3a\u4e86\u5e94\u5bf9AS\u95f4\u8def\u7531\u5bfb\u5740\u5b89\u5168\u5a01\u80c1\uff0c\u4e92\u8054\u7f51\u57fa\u7840\u8d44\u6e90\u516c\u94a5\u8bc1\u4e66\u4f53\u7cfb\uff08Resource Public Key Infrastructure\uff0c\u7b80\u79f0RPKI\uff09\u5e94\u8fd0\u800c\u751f\u3002<\/strong>RPKI\u4f9d\u6258\u8d44\u6e90\u8bc1\u4e66\u5b9e\u73b0\u4e86\u5bf9\u4e92\u8054\u7f51\u57fa\u7840\u7801\u53f7\u8d44\u6e90\u4f7f\u7528\u6388\u6743\u7684\u8ba4\u8bc1\uff0c\u53ef\u5e2e\u52a9\u57df\u95f4\u8def\u7531\u7cfb\u7edf\u9a8c\u8bc1\u67d0\u4e2aAS\u9488\u5bf9\u7279\u5b9aIP\u5730\u5740\u524d\u7f00\u7684\u8def\u7531\u901a\u544a\u7684\u5408\u6cd5\u6027\u3002RPKI\u6807\u51c6\u5316\u5de5\u4f5c\u5728IETF\u7684\u57df\u95f4\u8def\u7531\u5b89\u5168\uff08Secure Inter-Domain Routing\uff0c\u7b80\u79f0SIDR\uff09\u5de5\u4f5c\u7ec4\u4e2d\u5f00\u5c55\u3002RFC 6480\u5b9a\u4e49\u4e86RPKI\u6280\u672f\u6846\u67b6\uff0c\u540e\u7eed\u4e00\u7cfb\u5217RFC\u8bb0\u5f55\u4e86RPKI\u76f8\u5173\u6280\u672f\u89c4\u8303\u3002\u5728\u90e8\u7f72\u5e94\u7528\u65b9\u9762\uff0cRPKI\u5728\u4e94\u5927\u5730\u533a\u7ea7\u4e92\u8054\u7f51\u6ce8\u518c\u7ba1\u7406\u673a\u6784\uff08Regional Internet Registry\uff0c\u7b80\u79f0RIR\uff09\u7ec4\u7ec7\u4e2d\u5e7f\u6cdb\u5f00\u5c55\u90e8\u7f72\u5de5\u4f5c\uff0c\u4e94\u5927RIR\u90fd\u6b63\u5f0f\u5bf9\u5916\u53d1\u5e03\u4e86RPKI\u7cfb\u5217\u670d\u52a1\u3002\u5728\u4e9a\u592a\u5730\u533a\uff0cCNNIC\u4ee5\u53ca\u65e5\u672c\u4e92\u8054\u7f51\u7edc\u4fe1\u606f\u4e2d\u5fc3\uff08JPNIC\uff09\u7b49\u56fd\u5bb6\u7ea7\u4e92\u8054\u7f51\u6ce8\u518c\u7ba1\u7406\u673a\u6784\uff08National Internet Registry\uff0c\u7b80\u79f0NIR\uff09\u5728\u4e9a\u592a\u5730\u533a\u4e92\u8054\u7f51\u7edc\u4fe1\u606f\u4e2d\u5fc3\uff08Asia Pacific Network Information Centre\uff0c\u7b80\u79f0APNIC\uff09\u7684\u534f\u52a9\u4e0b\uff0c\u5df2\u7387\u5148\u5f00\u5c55RPKI\u76f8\u5173\u5de5\u4f5c\u3002\u968f\u7740\u4e92\u8054\u7f51\u6574\u4f53\u5b89\u5168\u6001\u52bf\u7684\u65e5\u76ca\u4e25\u5cfb\uff0c\u4ee5\u53ca\u4e92\u8054\u7f51\u5b89\u5168\u4e8b\u4ef6\u5371\u5bb3\u7684\u9010\u6b65\u5347\u7ea7\uff0c\u4e1a\u754c\u5bf9RPKI\u7684\u9700\u6c42\u5c06\u8fc5\u901f\u63d0\u5347\u3002\u672a\u6765\uff0c\u4ee5CNNIC\u4e3a\u4ee3\u8868\u7684\u56fd\u5185\u673a\u6784\u5c06\u6301\u7eed\u63a8\u8fdbRPKI\u7684\u7814\u7a76\u548c\u90e8\u7f72\u5de5\u4f5c\uff0c\u5404\u9886\u57df\u7684\u76f8\u5173\u673a\u6784\u5c06\u9646\u7eed\u52a0\u5165RPKI\u5de5\u4f5c\u4f53\u7cfb\uff0c\u5171\u540c\u6539\u5584\u56fd\u5185\u7684\u7f51\u7edc\u5b89\u5168\u72b6\u51b5\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u7b2c\u4e94\u7ae0 \u4e92\u8054\u7f51\u5b89\u5168\u72b6\u51b5 \u4e00\u3001 \u4e92\u8054\u7f51\u57fa\u7840\u8d44\u6e90\u5b89\u5168\u72b6\u51b5 \uff08\u4e00\uff09 \u57df\u540d\u5b89\u5168\u6574\u4f53\u6001\u52bf  &hellip; <a href=\"https:\/\/www.jayjaydream.com\/?p=924\">\u7ee7\u7eed\u9605\u8bfb <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[70],"class_list":["post-924","post","type-post","status-publish","format-standard","hentry","category-3","tag-cnnic"],"_links":{"self":[{"href":"https:\/\/www.jayjaydream.com\/index.php?rest_route=\/wp\/v2\/posts\/924","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jayjaydream.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jayjaydream.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jayjaydream.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jayjaydream.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=924"}],"version-history":[{"count":2,"href":"https:\/\/www.jayjaydream.com\/index.php?rest_route=\/wp\/v2\/posts\/924\/revisions"}],"predecessor-version":[{"id":926,"href":"https:\/\/www.jayjaydream.com\/index.php?rest_route=\/wp\/v2\/posts\/924\/revisions\/926"}],"wp:attachment":[{"href":"https:\/\/www.jayjaydream.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=924"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jayjaydream.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=924"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jayjaydream.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=924"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}