The Internet uses an IP address to distinguish objects. However, people tend to use a name rather than an address. Hence, there is need for a system that changes the name to the address and changes the address to the name.
In such a conversion system, names are mapped to addresses (all names and addresses are unique), and thus, if one person knows one of a name and an address, the system allows the person know the other. However, as the scale of the Internet increases, it has become impossible to store all names and addresses in a single computer.
In order to solve this problem, the currently used system is a domain name system (DNS) which divides a lot of information into small parts and stores respective parts in different computers.
The domain name has a plurality of labels which are divided by “.”, and each label is composed of 63 characters maximum. In other words, a complete domain name is a continuation of labels which are divided by “.”.
For example, “service.com” is composed of a service label, a com label, and a NULL label. (The NULL label is always included last in the domain name.)
Converting the name to the address or converting the address to the name is called a domain name address resolution.
FIG. 1 shows an example of a domain name address resolution process. The process of resolving the “www.service.com” domain will be described below as an example of a domain name with reference to FIG. 1.
Generally, users request a service with a domain name through a browser, and a host desiring to convert an address into a name calls a DNS client, which is called a resolver. The resolver connects to a closest DNS server to send the resolution request. The DNS server is set on the operating system of the host, and in the present specification, the DNS server is called a public DNS.
The resolution starts from the back of the domain name. There is always a NULL label 115 at the back of the domain name, and there is always a dot (.) at the last part of the domain name.
The NULL label 115 refers to a root DNS server 130, and the public DNS 125, which has received the user's domain request message, requests the IP address of the “www.service.com” from the root DNS server 130.
If the root DNS server 130 does not have the IP address information for the domain, the root DNS server 130 responds with an address of a com name server 135 having information on a com label 110.
The public DNS 125 requests the IP address of “www.service.com” from the com response-received name server 135, and the com name server 135 responds with a DNS server 140 having information (authority) of a service label 105.
Again, the public DNS 125 requests the resolution for the “www.service.com” from the request-received DNS server. The request-received DNS server has the mapped IP address for the “www” in a Zone File 145 having the information of the service, and thus the IP address (200.1.1.1) is sent as a response.
The response-received public DNS server 125 responds with “200.1.1.1” to a resolver 120 of the client, and after the resolver 120 resolves the response message, the value is handed over to the client program which has requested the resolution.
Likewise, the scheme, where the DNS server hands over the IP of the DNS server having the authority for the domain and repeatedly attempts an inquiry, is called an iterative resolution.
Furthermore, the DNS server responds with the IP address which is matched with the domain name in the Zone File, and in the initial period, a lot of changes to the addresses were not expected.
When the domain name and the mapped IP address information need to be changed, it is very difficult for the manager to manually make changes one-by-one. A solution to the problem is a dynamic DNS, which automatically updates the DNS address file.
However, in order to provide user-based information, user information needs to be collected from the DNS request message, and the information is extremely limited in a conventional DNS request message. Furthermore, the master file of the DNS server is frequently corrected, i.e., the mapped information is frequently added, removed, and changed, and in the case of a service where synchronization needs to be always maintained, it is difficult to completely perform the function with the conventional static DNS.
Furthermore, a distributed denial-of-service (D-DOS) attack refers to causing the DOS as a plurality of systems cooperate on the Internet and attack one target system. The target system finally stops due to overflowing messages, and thus the system fails to provide a service to innocent users. That is, since particular resources and usable line traffic is monopolized, and thus the target system fails to provide a service to innocent users.
Furthermore, load balancing refers to distributing and allocating the process load between devices operated in parallel. The load balancing is a concept which is widely used in various fields such as equally granting the process load to various microprocessors in the computer or returning the connection request to the available server on the network. In order to efficiently perform the load balancing, the load of each device needs to be continually measured, and for accurate application, the control itself of the load balancing generates a heavy load. Hence, the actually used load balancing is set to be done with accuracy, and a continuous search for a more efficient way is under way.
However, in a bandwidth attack, it is difficult to block the attack only with the advancement of the equipment (IPS, server). In a network bandwidth attack, the network bandwidth attack becomes stronger along with the network performance of a zombie personal computer (PC). As the network used by the zombie PC and the PC has a better performance, the attack becomes stronger. On previous ADSL, in order to make a 100 Gb/s attack, 100,000 zombie PCs are needed, but in the recently distributed optical LAN (upload 100 Mb/s), only 1000 zombie PCs are needed. Furthermore, in the future, if a Giga Bit Home LAN is used, only 100 zombie PCs are needed to make a 90 Gb/s attack. The IPS equipment may continually advance, but it may be very difficult to block bandwidth attacks.
Furthermore, when the IP address of the server is exposed and available to the public, the server can be attacked by a malicious user. In a DNS server, name server information is available to the public through the domain management organization, and thus the exposure of the IP address is inevitable. Furthermore, when the DNS server itself becomes unusable, the domain service itself, which has been managed in the DNS server, is impossible.