Research on the Construction of High-Trust Root Zone File Based on Multi-Source Data Verification

Abstract

The root zone is located at the top level of the DNS system’s hierarchical structure and serves as the entry point for all domain name resolutions. The accuracy of the root zone file determines whether domain names can be resolved correctly. To solve the problems of single-source distrust and inaccurate data in the use of root zone files, this paper utilizes multi-source root zone files to build an accurate, real-time, and highly trustworthy root zone file through the validation of data accuracy and integrity. First, we propose a weighted voting statistical verification method. We select top-level domain name records with the highest confidence from the multi-source root zone data, thereby improving data accuracy. Second, through a dynamic cyclic construction process, we achieve dynamic monitoring of root zone file version changes, effectively ensuring the real-time nature of root zone data. Finally, we adopt a DNSSEC verification mechanism to address the issue of unreliable transmission paths for actively probed root zone data, ensuring data integrity by verifying the signed top-level domain name records and their ZSK, KSK keys. In addition, through the analysis of experimental data, we find that the main reason for the inaccuracy and unreliability of the root zone file is the delay in updating and synchronizing the file. We also discover the presence of redundant KSK keys in some of the source root zone data, which led to failure in the DNSSEC validation chain. The high-trust root zone file constructed in this paper provides data support for research on the root-side resolution anomaly detection and localization application of root zone files and has wide-ranging practical value.