ccTLD域名服务器运行状况深度剖析

doi:10.11871/jfdc.issn.2096-742X.2025.03.017

数据与计算发展前沿 ›› 2025, Vol. 7 ›› Issue (3): 202-212.

CSTR: 32002.14.jfdc.CN10-1649/TP.2025.03.017

doi: 10.11871/jfdc.issn.2096-742X.2025.03.017

• 技术与应用 • 上一篇

ccTLD域名服务器运行状况深度剖析

何峥(),谢杰灵,李汉明,赵琦,冷峰^*()

中国互联网络信息中心，北京 100071

收稿日期:2025-01-20 出版日期:2025-06-20 发布日期:2025-06-25
通讯作者: *冷峰（E-mail: lengfeng@cnnic.cn）
作者简介:何峥，中国科学院大学，硕士研究生，CCF会员，主要研究方向为域名系统的运行与安全、互联网基础资源管理等系统的关键技术攻关和平台建设工作。
本文主要负责域名系统的测量方法以及探测指标的制定。
HE Zheng is a master’s student at the Chinese Academy of Sciences. His main research interests include the key technology research and platform construction of domain name system, Internet basic resource management and other systems.
In this paper, he is mainly responsible for the measurement methodology of the Domain Name System and the development of the detection metrics.
E-mail: hezheng@cnnic.cn|冷峰，中国科学院大学，博士，CCF会员，主要研究方向为域名系统的运行与安全、互联网基础资源管理等系统的关键技术攻关和平台建设工作。
本文承担工作为指导测量方法和设计与优化。
LENG Feng, Ph.D., is a member of the CCF. He is affiliated with the University of Chinese Academy of Sciences. His research interests include the key technology research and platform construction of domain name system, Internet basic resource management and other systems.
In this paper, he is mainly responsible for guiding measurement methods and designing and optimizing
E-mail: lengfeng@cnnic.cn
基金资助:
国家重点研发计划(2022YFB3103000)

In-Depth Analysis of the Operation Status of ccTLD Domain Name Servers

HE Zheng(),XIE Jieling,LI Hanming,ZHAO Qi,LENG Feng^*()

China Internet Network Information Center, Beijing 100071, China

Received:2025-01-20 Online:2025-06-20 Published:2025-06-25

摘要/Abstract

摘要：

【背景】本研究聚焦于国家和地区顶级域名服务器。【目的】本研究旨在为优化ccTLD部署实践与运行维护提供数据与理论支撑，助力提升其安全性与稳定性。【方法】通过主动探测方式，深入探究其在起始授权机构（SOA）配置、查询设置、域名系统安全扩展应用等方面存在的不规范与隐患。【结果】研究发现，ccTLD在多方面存在问题，包括SOA字段配置、服务地址配置、查询配置以及DNSSEC部署实施等。

关键词: ccTLD, 域名服务器, DNSSEC, 运行情况

Abstract:

[Background] This study focuses on the domain name servers of Country Code Top-level Domains (ccTLDs). [Objective] The aim of this study is to provide data and theoretical support for optimizing the deployment practices, operation, and maintenance of ccTLDs, thereby enhancing their security and stability. [Methods] Using active detection methods, this study investigates irregularities and potential risks existing in aspects such as the Start of Authority (SOA) configuration, query settings, and the application of Domain Name System Security Extensions (DNSSEC). [Conclusions] The research finds that ccTLDs have problems in multiple aspects, including the configuration of SOA fields, service address configuration, query configuration, and the deployment and implementation of DNSSEC.

Key words: ccTLD, domain name server, DNSSEC, operating status

何峥, 谢杰灵, 李汉明, 赵琦, 冷峰. ccTLD域名服务器运行状况深度剖析[J]. 数据与计算发展前沿, 2025, 7(3): 202-212.

HE Zheng, XIE Jieling, LI Hanming, ZHAO Qi, LENG Feng. In-Depth Analysis of the Operation Status of ccTLD Domain Name Servers[J]. Frontiers of Data and Computing, 2025, 7(3): 202-212, https://cstr.cn/32002.14.jfdc.CN10-1649/TP.2025.03.017.

图/表 8

表1

表2

表3

表4

表5

图1

表6

表7

参考文献 12

[1]	IANA_Resource_Registry. Resource Record(RR) TY- PEs[EB/OL]. [2024-01-01]. https://www.iana.org/assignments/dns-parameters.
[2]	MOCKAPETRIS P. Domain Names - Concepts and facilities[S]. RFC1034, 1987.
[3]	MOCKAPETRIS P. Domain Names - Implementation and specification[S]. RFC1035, 1987.
[4]	BARR D. Common DNS Operational and Configuration Errors[S]. RFC1912, 1996.
[5]	ELZ R, BUSH R. Serial Number Arithmetic[S]. RFC1982, 1996.
[6]	ANDREWS M. Negative Caching of DNS Queries (DNS NCACHE)[S]. RFC2308, 1998.
[7]	IANA. Nameserver-request[EB/OL]. [2024-01-01].
[8]	ABLEY J, GUDMUNDSSON O, MAJKOWSKI M, et al. Providing Minimal-Sized Responses to DNS Queries That Have QTYPE=ANY[S]. RFC8482, 2019.
[9]	VIXIE P. Extension Mechanisms for DNS (EDNS0)[S]. RFC2671, 1999.
[10]	DAMAS J, GRAFF M, VIXIE P. Extension Mechanisms for DNS (EDNS(0))[S]. RFC6891, 2013.
[11]	WOUTERS P, SURY O. Algorithm Implementation Requirements and Usage Guidance for DNSSEC[S]. RFC8624, 2019.
[12]	LIU W F, ZHANG Y, ZHANG H L, FANG BX. Survey on Domain Name System Measurement Research[J]. Journal of Software, 2022, 33(1): 211-232.

异常情况	ccTLD数量
无法响应SOA查询	26
无法解析出IP地址	25
小于从域名服务器的SOA值	14
查询SOA响应码不正确	5
解析为127.0.0.1	2

ccTLD	Serial（min）	Serial（max）	Serial（diff）
xn--node	2,267,371,742	2,305,565,642	37,430,999
ye	2,023,090,427	2,024,011,007	920,580
lb	1,705,528,363	1,705,621,356	92,993
ba	1,705,636,801	1,705,642,201	5,400
tk	1,704,623,314	1,704,628,199	4,885
cf	1,705,644,411	1,705,647,576	3,165
im	1,704,540,601	1,704,542,401	1,800
sc	1,704,622,713	1,704,623,356	643
hm	2,024,010,209	2,024,010,601	392
ls	1,705,645,801	1,705,646,105	304

序号	TTL值/秒	TLD数量	序号	TTL值/秒	TLD数量
1	172,800	370	11	14,400	20
2	108,000	1	12	10,800	11
3	86,400	365	13	7,200	13
4	43,200	6	14	3,600	580
5	38,400	2	15	1,800	4
6	28,800	4	16	1,440	2
7	21,600	50	17	1,440	1
8	18,081	1	18	1,200	1
9	18,000	5	19	900	3
10	17,600	1	20	600	2

ccTLD	IP类型	AS号
ax	IPv4、IPv6	3238
cd、mv、vi、xn--wgbh1c	IPv6	42
cg	IPv6	1653
er、mc	IPv6	197000
et	IPv4	24757
gb、im	IPv6	786
gh	IPv6	22548
kh	IPv6	18366
km	IPv6	37177
kp	IPv4	131279
mh	IPv6	24439
ni	IPv6	263779
pf	IPv4	9471
pg	IPv6	9464
sr	IPv4、IPv6	27775
ws、xn--j1amh	IPv6	8674
ye	IPv6	30873

ccTLD	NS
cd	ns-root-22.scpt-network.net、ns-root-23.scpt-network.net
er	sawanew.noc.net.er
fj	ns1.fj、ns2.fj
gn	ns1.gn
gp	ns2.nic.gp
mw	domwe.sdn.mw
ni	ns.ideay.net.ni
xn--54b7fta0cc	bayanno.btcl.net.bd

ccTLD域名服务器运行状况深度剖析

In-Depth Analysis of the Operation Status of ccTLD Domain Name Servers

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 12

相关文章 0

编辑推荐

Metrics

本文评价

类型	算法	密钥长度	数量	未提交DS
5	RSASHA1	1,024	2	-
7	RSASHA1-NSEC3-SHA1	1,024	3	1
8	RSASHA256	1,024	69	3
		1,280	23	1
		2,048	63	2
10	RSASHA512	2,048	1	-
13	ECDSAP256SHA256	256	51	3

异常情况	数量	占比
摘要更新不及时	152	76%
密钥运行时间过长	127	63.5%
未提交DS	10	5%
RRSIG过期	3	1.5%