Abstract: Provided are a method and an apparatus for resolving a domain name based on a co-governance chain. The method includes: determining data distribution nodes, and constructing a root domain name co-governance chain based on the data distribution nodes; obtaining trusted root zone data based on the root domain name co-governance chain, and constructing a co-governance root service based on the trusted root zone data; and resolving a domain name by applying a recursive resolution mode based on the co-governance root service and corresponding data in the root domain name co-governance chain, in response to receiving a domain name resolution request. With the root domain name co-governance chain, a decentralized processing mode is used, nodes are equal, and it is only required to make an adjustment in a certain node upon resolving a domain name, thereby avoiding risks such as single point management and centralization.

Abstract: Provided are a method and an apparatus for resolving a domain name based on a co-governance chain. The method includes: determining data distribution nodes, and constructing a root domain name co-governance chain based on the data distribution nodes; obtaining trusted root zone data based on the root domain name co-governance chain, and constructing a co-governance root service based on the trusted root zone data; and resolving a domain name by applying a recursive resolution mode based on the co-governance root service and corresponding data in the root domain name co-governance chain, in response to receiving a domain name resolution request. With the root domain name co-governance chain, a decentralized processing mode is used, nodes are equal, and it is only required to make an adjustment in a certain node upon resolving a domain name, thereby avoiding risks such as single point management and centralization.

Abstract: Provided in the present application are a blockchain and DNSSEC-based user authentication method, a system, a device, and a medium, the method comprising: when an encrypted connection over Internet need to be performed between a server and a client, authenticating, by the server, the identity of the client by means of a blockchain-based authentication mechanism, and authenticating, by the client, the identity of the server by means of a DNSSEC-based mechanism. According to the blockchain and DNSSEC-based user authentication method provided in the present application, mutual authentication for an encrypted connection process over Internet is achieved by means of blockchain and DNSSEC-based validation mechanisms without relying on CA authentication. Thus, there are no problems of CA single point of failure or multi-CA mutual trust risk. In addition, the blockchain and DNSSEC-based user authentication method according to the present application is relatively convenient to be implemented.

Abstract: Provided by the present invention is a responding and processing method for a domain name system security extensions (DNSSEC) negative response. The responding method comprises the following steps: step A1, an authoritative domain name system (DNS) server loading DNS data by means of zone files; step A3, the authoritative DNS server conducting SHA1 encryption and base32 coding calculation on all loaded domain names and saving calculation results; and step A5, the authoritative DNS server receiving a DNS query. By means of the present invention, the responding speed of a DNSSEC negative response does not obviously decrease compared to ordinary queries. According to a characteristic, wherein the length of the DNSSEC negative response message increases a lot compared to a normal response message, the present invention may detect a distributed denial-of-service (DDOS) attack against a DNSSEC negative response query.