The Ministry of Industry and Information Technology recently issued an announcement approving two domestic institutions to set up a DNS root server operation agency, which is responsible for the operation, maintenance and management of the DNS root server (root mirror server). Subsequently, the Domain Name National Engineering Research Center launched the domain name server equipped with Godson CPU and the domestic domain name management software "Red Maple System" version 2.0. This series of actions immediately aroused widespread concern in the society, and discussions such as "China's construction of domain name root server", "China's Internet is no longer under the control of others", etc.
In fact, the two institutions only built a mirror server of the domain name root server, which has nearly 1000 servers worldwide. At present, in the IPv4 protocol, the 13 root servers in the world are owned by the United States, Europe and Japan, while China has no root servers. However, China has the ability to deal with hidden dangers from the root server, so that Chinese Internet users can access the Internet normally without being affected. However, once there is a problem with the corporate domain name, it may be "disconnected".
At present, China, the United States, Japan and other countries are building the next generation Internet protocol Ipv6, of which China has deployed four root servers. In the wave of countries accelerating the development of Ipv6, China seems to have "lagged behind". However, since the end of 2018, the domestic large-scale service network has begun to migrate to Ipv6. By May this year, China's Ipv6 Internet users had rapidly grown to more than 200 million, and were expected to become the largest user market of Ipv6.
Domain name root server "trio"
On June 26, 2019, the Ministry of Industry and Information Technology agreed that China Internet Network Information Center (CNNIC) would set up a domain name root server (F, I, K, L root mirror servers) and a domain name root server operating agency to operate, maintain, and manage the domain name root servers numbered JX0001F, JX0002F, JX0003I, JX0004K, JX0005L, and JX0006L, respectively.
The Ministry of Industry and Information Technology requires China Internet Network Information Center to strictly abide by relevant regulations, accept its management, supervision and inspection, establish an information management system that meets the requirements of the Ministry of Industry and Information Technology, and connect with the designated management system to ensure the safe and reliable operation of the domain name root server. At the same time, it provides users with safe and convenient domain name services to ensure the quality of service. Protect users' personal information security and safeguard national interests and users' rights and interests.
It is worth mentioning that, in addition to the root domain name server of China Internet Network Information Center, the Ministry of Industry and Information Technology also approved the application of the Domain Name National Engineering Research Center (ZDNS) to set up the root domain name server (L root mirror server) and the operation agency of the root domain name server. The latter will be responsible for the operation, maintenance and management of the root domain name server numbered JX0007L respectively.
Previously, on April 29, China Internet Network Information Center, Zhejiang Internet Information Office and Zhejiang Provincial Department of Economy and Information Technology held the launch conference of Zhejiang mirror node of F root server in Hangzhou. This means that Hangzhou has become the only city in China with more than one root mirror server besides Beijing, which will improve the Internet speed, stability and security in the southern region.
On June 28, the Domain Name National Engineering Research Center announced the launch of the first domain name server equipped with domestic Godson CPU in the Software Park of the Chinese Academy of Sciences. This server is considered to be the result of the combination of hardware and software in China's underlying technology, which will protect the core of Internet security and stability from the bottom.
Hu Weiwu, president of Longxin Zhongke, pointed out that CPU is the core component of the information industry, and domain name server is the core component of the entire network system. The combination of the two will provide more powerful support for the development of the information industry. Whether Godson Zhongke is the CPU or Domain Name National Engineering Research Center is the domain name server, it is a long process, and it may take 20 or 30 years of accumulation to produce results.
At the meeting, the domestic domain name management software "Red Maple System" version 2.0 was also released simultaneously. Xing Zhijie, general manager of the Domain Name National Engineering Research Center, said that the functions and performance of version 2.0 in root zone data update, distribution and loading have been greatly improved. It is fully compatible with the international standard RFC7706 and supports local root zone services. At the same time, it also explored the root server expansion ability, breaking the limit of 13 root servers in the world.
Xing Zhijie said that Hongfeng Software is a new architecture design adopted by the National Engineering Research Center of Domain Name, which has spent eight years polishing a set of high-performance and intelligent basic software. It is superior to the traditional domain name management software Bind in many aspects, such as high-performance resolution, multi line intelligent scheduling, rapid data update, scalability, etc. It has reached the international leading level and is fully adapted to domestic processors.
How does the root server affect?
The Root Server is one of the most important strategic infrastructures of the Internet, responsible for the top-level domain name resolution of the Internet (such as. com,. net,. org,. cn, etc.). In the history of Internet development, the root server governance system dominated by the first mover advantage in the United States has lasted for nearly 30 years. However, due to the technical limitations of the fourth version of Internet Protocol (Ipv4), the number of root servers in the world has been limited to 13 for a long time.
It is reported that the only primary root server is deployed in the United States, 9 of the other 12 secondary roots are in the United States, 2 in Europe and 1 in Japan. However, the operation of existing root servers adopts a unilateral mode. In particular, the generation and distribution of key root files are also controlled by the Internet Digital Distribution Agency (IANA), the Telecommunications and Information Administration (NTIA) under the U.S. Department of Commerce, and Verisign, a U.S. company.
Lu Feng, Deputy Director of the Internet Research Institute of the CCID Research Institute of the Ministry of Industry and Information Technology, said recently that the mirror server of the domain name root server to be built by China this time has no direct connection with the change of the situation that the domain name root server is subject to others. At present, there are nearly 1000 mirror servers of domain name root servers in the world, and almost all major operators in the world have mirror servers of domain name root servers.
Lu Feng mentioned that the biggest advantage of setting up a domain name root server in China is to improve the efficiency of domain name resolution, but the normal operation of the image server cannot be separated from the domain name root server. The best way to deal with the restriction of domain name root server is to optimize the domain name resolution protocol and promote P2P resolution of national domain name servers.
Historically, the root server governance system led by the United States, on the one hand, has resulted in uneven management and distribution of key resources of the global Internet; On the other hand, countries lacking root servers are not able to withstand large-scale "distributed denial of service" attacks, and there are hidden dangers in Internet security.
For example, during the Iraq War in 2003, the United States was suspected of deleting the Iraq regional top-level domain name. iq, which caused heavy losses in Iraq's economy and foreign exchanges. However, when ICANN returned the domain name in 2005, it said that the "disconnection" incident in Iraq was not caused by the root server controlled by the United States, but the problem of the top-level domain name operator itself.
In response to the popular "The United States makes China offline by controlling the root server" on the Internet, Mao Wei, director of the National Engineering Research Center for Domain Names, said that the global Internet domain name service system is divided into root, top-level domain names, secondary and lower domain names, and authoritative and recursive domain name resolution services Although the registration service root server system can affect the interconnection of domestic and overseas networks to a certain extent, it will not affect the interconnection of domestic networks in China.
In addition, even if the root is really broken, there are emergency solutions. In China, root zone data backup and emergency root server can be used to solve the problem; At the global level, it can be solved by root image, the expansion of root servers in the Ipv6 environment, and the alternative mechanism of the root server operating mechanism. China has the technical ability to ensure the normal use of the Internet by netizens. Access to shopping websites, video websites, chat, payment and other online applications will not be affected.
Corporate domain name service capability needs to be improved
In terms of Internet security, although there is no need to worry about the root server being disconnected, the enterprise domain name will be disconnected once there is a problem. It is understood that domain name services usually include two categories, one is domain name registration services, and the other is domain name security operation services. The risks of potential compliance and insufficient service capability of the two services respectively.
In recent years, corporate security incidents caused by domain name failures have occurred frequently. In December 2014, the largest vicious DdoS (distributed denial of service) attack against operators' networks broke out in China, resulting in slow or even inaccessible web pages in many provinces. Alibaba claims to have suffered the largest DDOS attack in the history of the Internet. The attack lasted 14 hours and the peak attack traffic reached 453.8Gbps.
In addition, internationally, in March 2015, Apple's iTunes store, App Store and several online Internet services experienced a global failure, with an interruption time of up to 11 hours; In October 2016, Dyn DNS, the US domain name management service, suffered a large-scale DdoS attack, leading to the disconnection of most of the US Internet. The affected enterprises include Twitter, Airbnb, GitHub, Reddit, Spotify and other well-known enterprises.
Mao Wei once said at the 2018 China Network Security Annual Conference that the Domain Name Service System (DNS) is the entrance to all network services of enterprises and the key infrastructure to support the security and stable operation of enterprises' networks. Whether it is an internal stability problem or an external hacker attack, once the domain name service fails, it will affect all network-based services and cause enterprise network outages, Bring immeasurable huge losses and serious hazards.
The threats faced by enterprises in domain name services mainly come from the compliance risks brought by domain name registration and the security risks brought by insufficient domain name service capabilities. First of all, domain name management organizations and domain name registration service providers are usually commercial companies. These management organizations have the ability to delete and lock domain names, which are governed by the laws and regulations of the country where they are located. If the management organization or service provider of the domain name registered on the enterprise website is a foreign company, there is a risk of being shut down due to violation of the laws and regulations of other countries or other reasons.
Therefore, when registering domain names, enterprises can choose domestic compliant registrars or registrars, and competent enterprises can also apply for their own top-level domain names. For example, domestic Internet companies and some large enterprises represented by "BAT" have applied for ". baidu" and ". taobao" enterprise top-level domain names, and control the management right in their own hands.
On the other hand, the domain name system is an important basic service for enterprise networks, but most domestic enterprises are still in the initial stage of adopting open source software and simple configuration. The domain name system has been in a state of lack of standardized operation management and professional maintenance for a long time. Configuration errors, performance failure, software version failure to upgrade in time, and failure to deal with problems in a timely and effective manner are common.
In this regard, relevant measures can be taken both internally and externally. Internally, enterprises should avoid manual errors, program errors, and network disaster recovery. Conditional enterprises can access the networks of multiple operators to avoid abnormal user access when the network is blocked; For external control, enterprises should strengthen their own security capabilities to prevent attacks and hijackings.
Ipv6 will reconstruct the order of the Internet
In recent years, with the emergence and application of new technologies such as DNSSEC, IDN and new gTLD, the domain name system is affecting all walks of life. In addition, the Internet is developing rapidly in the direction of various intelligent terminals, artificial intelligence, big data, cloud computing, the Internet of Things, and the demand for IP addresses will grow explosively.
As a result, the world has put forward higher requirements for the expansion, security and stability of the key infrastructure and core technologies that carry the Internet application business. The existing root server system can no longer meet the needs of technology and industrial development in terms of quantity, technology, or operation mode. The development and popularization of Ipv6 is the fundamental solution to reverse the current situation. The Internet root server system has evolved from Ipv4 to Ipv6 into an inevitable trend.
It is understood that the total length of Ipv4 addresses is 32 bits, which means that there are only 4.29 billion addresses at most in the world. The length of Ipv6 has reached 128 bits, adding 340 trillion IP addresses in total. In February 2011, the last batch of Ipv4 addresses were allocated. In April 2011, the Asia Pacific Internet Network Information Center (APNIC) announced that the Ipv4 addresses were sold out. Data shows that by the end of December 2011, the number of Ipv4 addresses in China had reached 330 million, while the number of Internet users had reached 513 million.
At present, the number of Internet users in China has reached 829 million, but the number of Ipv4 addresses has not increased, which is equivalent to at least two people sharing a dynamic IP address. On the other hand, it is estimated that the total demand for IP addresses in China will reach 50 billion in the future. In addition to the impact of root servers, the lack of IP addresses will also become a serious problem restricting the development of China's Internet. Ipv6 will meet the development needs of China in the new era.
On June 6, 2012, the Internet Association held the "World Ipv6 Launch Day", and the Ipv6 protocol was officially launched. Liu Dong, director of the National Engineering Center for the Next Generation Internet, said recently that the Engineering Center seized the historical opportunity to launch the "Snowman Plan" in 2013 with relevant Japanese and American operating agencies and professionals, and proposed a complete set of root server solutions and technical systems based on Ipv6, oriented to emerging applications, and autonomous and controllable.
On the basis of compatibility with the existing Ipv4 root server architecture, the "Snowman Plan" completed the installation of 25 Ipv6 root servers in 16 countries around the world, including the United States, Japan, India, Russia, Germany, France, etc. in 2016, including one main root server and three auxiliary root servers deployed in China. Liu Dong said that this has in fact enabled the world to form a new pattern of 13 original roots plus 25 Ipv6 roots, laying a solid foundation for the establishment of a multilateral, democratic and transparent international Internet governance system.
Wu Jianping, academician of the Chinese Academy of Engineering, said that Ipv6 is an important opportunity for China to participate in the development of global Internet technology. China has formulated an action plan for large-scale deployment, which requires "deepening the development of Ipv6 from five major areas, including Internet applications, network infrastructure, application infrastructure, network security, and key cutting-edge technologies." In particular, it emphasizes the need to strengthen network security, maintain national information network security, and break through key cutting-edge technologies, Build the next generation Internet technology industry form of independent innovation.
To sum up, the large-scale deployment and application of Ipv6 not only helps China gain more voice in the Internet system, but also helps China gain the initiative in the development of the Internet of Everything era in the cyberspace with the next generation of Internet as the core, and also consolidates network security and "national defense" strength.
How is the development progress of China's Ipv6?
Since 2016, all countries have been accelerating the development of Ipv6. In November 2017, the General Office of the CPC Central Committee and the General Office of the State Council issued the Action Plan for Promoting the Scale Deployment of Internet Protocol Version 6 (Ipv6), which proposed that by the end of 2018, the number of active users of Ipv6 would reach 200 million, accounting for no less than 20% of Internet users; It is also required that the top 50 commercial websites and applications in terms of domestic user volume, provincial and ministerial level governments and central and provincial news, radio and television media website systems, etc., fully support Ipv6.
On the first anniversary of the above documents, the National Next Generation Internet Industry Technology Innovation Strategic Alliance released the "Supporting China's Ipv6 Scale Deployment - China's Ipv6 Business End to End Penetration User Experience Monitoring Report (Phase I)" in Beijing on November 1, 2018. Among the monitored Chinese websites, only 7.59% support Ipv6. The support rate of the central and provincial governments, central media and central enterprises is 8.33%. The support rate of the top 50 websites is 4%.
According to the Monitoring Report, as of October 31, 2018, the penetration rate of mobile broadband Ipv6 was 6.16%, the number of users covered by Ipv6 was 70.17 million, and the number of active users of Ipv6 was 7.18 million; The penetration rate of fixed broadband Ipv6 is 0.65%, the number of users covered by Ipv6 is 2.4 million, and the number of active users of Ipv6 is 2.33 million. The total number of them is 9.51 million. This reveals that the penetration rate of mobile broadband and fixed broadband Ipv6 and the Ipv6 support rate of websites and apps in China are not satisfactory.
According to the statistics of APNIC, the authoritative organization, as of October 31, 2018, Belgium had the highest user rate of Ipv6 (58.12%), followed by India (52.51%), the United States (42.08%), Germany (41.35%), Greece (37.27%), Switzerland (33.43%), Uruguay (32.36%), Luxembourg (32.30%), the United Kingdom (26.72%), and Japan (25.01%). The user rate of China's Ipv6 is 0.63%, and the number of active users is 4.64 million, ranking 71st.
In this regard, Fu Chengpeng, chief scientist of the National Next Generation Internet Industry Technology Innovation Strategic Alliance, said that there have been positive changes in China's Ipv6 deployment, but there is still a big gap with the requirements of the "Ipv6 Action Plan". The reason is that network transformation lacks the ability to support applications, terminals and business applications do not match the Ipv6 network, and users have poor actual use experience, The development of China's Ipv6 has a long way to go.
Professor Li Xing of Tsinghua University once said that the primary reason for blocking the pace of Ipv6 in China is that China has become accustomed to NAT address translation, which leads to less urgent demand for Ipv6 addresses. Another important reason is that the upgrading of Ipv6 is a high-risk and costly project, which depends on the joint efforts of telecom operators and well-known information providers, especially BAT. The development of Ipv6 needs the foresight and foresight of enterprises. If they can all act, it will be easy to promote Ipv6, otherwise it will be difficult.
However, at the end of 2018, APNIC pointed out in the article "Unplanned Acceleration of Ipv6 in China" after conducting research that the use of Ipv6 in China has undergone large-scale changes. Since November, there have been many obvious signs of migration to Ipv6 in these large-scale service networks. If someone hopes that China will become the last link in the next few years to promote the critical point of large-scale Internet Ipv6 migration and deployment, then the situation looks very encouraging.
On May 18, at the 2019 Digital "Belt and Road" International Summit Forum held in Hangzhou, Zhejiang Province, Latif Ladid, Chairman of the Global Ipv6 Forum, said that the transition speed of Internet protocols from Ipv4 to Ipv6 was gradually accelerating, and the global penetration rate of Ipv6 had reached 27%. Asia will become the main battlefield of Ipv6, and India and China will become the largest user market of Ipv6. At present, China's Ipv6 Internet users have exceeded 200 million.
