CN118041550A - Domain name resource data issuing method, domain name system, device and storage medium - Google Patents

Abstract

The embodiment of the application provides a domain name resource data publishing method, a domain name system, equipment and a storage medium, and relates to the technical field of communication. The method utilizes a first node key to obtain domain name signature data of domain name resource data; issuing domain name signature data, determining authority nodes, acquiring verification results of the authority nodes on the domain name signature data, storing the authority nodes as receiving nodes in a receiving list, and pushing the receiving list to the receiving nodes; and obtaining a record list by the receiving node according to the consistency identifier generated by the verification result, and determining the release result of the domain name resource data based on the record list. A flexible distributed trust management mechanism is constructed, a trust member list is autonomously maintained, and through multiple data interactions between a domain name publishing node and a domain name recording node and a digital signature confirmation and verification process, the common recognition mechanism is simplified to adapt to a weak trust environment, and data consistency and data credibility in the domain name resource data publishing process are ensured through digital signatures in a trust transfer process.

Description

Domain name resource data publishing method, domain name system, device and storage medium

Technical Field

The present application relates to the field of communication technology, and in particular to a domain name resource data publishing method, a domain name system, a device and a storage medium.

Background technique

The Domain Name System (DNS) is an important basic service facility in the Internet. The domain name resolution process relies on an "external loop" consisting of global root servers and generic top-level domain servers, in which the ownership of domain name resources is at risk of being unilaterally revoked, which may lead to the deletion/tampering of top-level domain name data or important domain name data, threatening the security and stability of the Internet. This requires extensive participation among parties related to the domain name system and the release of shared domain name resource data.

In the related technologies, domain name resources are mostly cross-regional cooperation. The protection of domain name resource ownership involves the release of domain name resource data. At this time, the resource publisher expects the data to be sufficiently public, and the resource receiver expects the data to be consistent with other receivers. Therefore, it is necessary to establish a mutual trust relationship between the resource publisher and the resource receiver. However, the domain name resource release process in the related technologies cannot adapt to the situation where the resource publisher and the resource receiver are in a weak trust environment.

Summary of the invention

The main purpose of the embodiments of the present application is to propose a domain name resource data publishing method, a domain name system, a device and a storage medium, which can realize the publishing of domain name resource data in a weak trust environment.

To achieve the above-mentioned purpose, a first aspect of an embodiment of the present application proposes a domain name resource data publishing method, which is applied to a domain name publishing node of a distributed domain name system; the distributed domain name system includes the domain name publishing node, a domain name record node and a key center node; the method includes:

The domain name resource data is signed using the first node key to obtain domain name signature data; the first node key is generated by the key center node according to the first node identifier of the domain name issuing node;

The domain name signature data is published, and the domain name record node used to pull the domain name signature data is determined as an authority node;

Obtaining a verification result of the domain name signature data by the authority node, storing the authority node as a receiving node in a receiving list, and pushing the receiving list to the receiving node based on the number of the receiving nodes;

A record list of the receiving node is obtained, and a publishing result of the domain name resource data is determined based on the record list; the record list includes a consistency identifier generated according to the verification result.

In some embodiments, the step of signing the domain name resource data using the first node key to obtain the domain name signature data includes:

Sending the first node identifier to the key center node;

Receiving the first node key and system encryption parameters obtained by the key center node encrypting the first node identifier using the master key;

Adding address identification information to the domain name resource data to obtain domain name identification data;

The domain name identification data is signed using the system encryption parameter and the first node key to obtain the domain name signature data.

In some embodiments, publishing the domain name signature data and determining the domain name record node used to pull the domain name signature data as an authority node includes:

Publishing the domain name signature data to a target server;

The authority node is selected from the domain name record node according to the trust information with the domain name record node; the authority node is used to obtain the domain name signature data from the target server.

In some embodiments, the authority node stores the first node identifier; and obtaining the verification result of the domain name signature data by the authority node and storing the authority node as a receiving node in a receiving list includes:

When the authority node verifies the domain name signature data by using the first node identifier, the domain name signature data is signed by using the second node identifier of the authority node to obtain an authority signature, and the domain name signature data and the authority signature are made public as a record announcement, and the record announcement is obtained according to the verification result;

The authority node corresponding to the record announcement is used as the receiving node, and the second node identifier of the receiving node and the authority signature are stored in the receiving list.

In some embodiments, the pushing the receiving list to the receiving node based on the number of the receiving nodes includes:

If the number of the receiving nodes is greater than or equal to a preset number, pushing the receiving list to the receiving nodes;

Otherwise, if it is determined that the creation time of the receiving list exceeds the preset time, the publishing of the receiving list is cancelled, and the receiving node is notified to clear the record announcement.

In some embodiments, obtaining the record list of the receiving node includes:

When the receiving node determines, based on the authority signatures of other receiving nodes in the receiving list, that the corresponding record announcement is consistent with its own record announcement, and writes the consistency identifier of the consistent announcement into the record list, the record list is obtained.

In some embodiments, determining the publishing result of the domain name resource data based on the record list includes:

Acquire a confirmation record message of the receiving node; the confirmation record message includes a Boolean value and a confirmation signature, the Boolean value is used to indicate that the receiving node has successfully received the domain name resource data, and the confirmation signature is the signature of the receiving node on the Boolean value;

The confirmation signature and the Boolean value are verified, and the receiving node that passes the verification is written into a public list; the domain name resource data is successfully published by the receiving node in the public list.

To achieve the above-mentioned purpose, a second aspect of an embodiment of the present application proposes a domain name resource data publishing method, which is applied to a domain name record node of a distributed domain name system; the method comprises:

Based on the authority list of the domain name publishing node, domain name signature data is pulled from the domain name publishing node, where the domain name signature data is obtained by the domain name publishing node signing the domain name resource data using the first node key;

Obtaining a verification result of the domain name signature data;

Receive a receiving list pushed by the domain name publishing node based on the verification result, generate a consistency identifier of the verification result based on the receiving list, and determine that the domain name resource data is successfully published based on the consistency identifier.

In some embodiments, obtaining the verification result of the domain name signature data includes:

Verifying the domain name signature data using the first node identifier of the domain name publishing node;

When the verification is passed, the domain name signature data is signed using the second node identifier to obtain an authority signature;

The domain name signature data and the authority signature are made public as a public announcement, and the verification result is verification passed.

In some embodiments, the receiving a reception list pushed by the domain name publishing node based on the verification result, and generating a consistency identifier of the verification result based on the reception list includes:

Obtain the authority signatures of other receiving nodes in the receiving list;

If it is determined that the public announcement corresponding to the authority signature is consistent with the public announcement itself, the generated consistency identifier is announcement consistency.

In some embodiments, determining that the domain name resource data is successfully published based on the consistency identifier includes:

When the consistency identifier is consistent with the announcement, it is determined that the domain name resource data is received successfully, and a Boolean value indicating successful reception is generated;

Signing the Boolean value using the second node identifier to obtain a confirmation signature;

The Boolean value and the confirmation signature are sent to the domain name publishing node as a confirmation record message. When the domain name publishing node verifies the confirmation signature, the domain name resource data is successfully published.

To achieve the above-mentioned purpose, a third aspect of the embodiment of the present application proposes a distributed domain name system, including: a domain name publishing node, a domain name recording node and a key center node;

The domain name issuing node is used to sign the domain name resource data using the first node key to obtain the domain name signature data; the first node key is generated by the key center node according to the first node identifier of the domain name issuing node;

The domain name publishing node is also used to publish the domain name signature data, and determine the domain name record node used to pull the domain name signature data as the authority node;

The authority node is used to pull the domain name signature data and verify the domain name signature data to obtain a verification result;

The domain name publishing node is further used to obtain the verification result, store the authority node as a receiving node in a receiving list, and push the receiving list to the receiving node based on the number of the receiving nodes;

The receiving node is used to generate a consistency identifier of the verification result based on the receiving list;

The domain name publishing node is further used to obtain the consistency identifier, generate a record list, and determine the publishing result of the domain name resource data based on the record list.

To achieve the above-mentioned purpose, the fourth aspect of an embodiment of the present application proposes an electronic device, which includes a memory and a processor, the memory stores a computer program, and the processor implements the method described in the first aspect or the second aspect when executing the computer program.

To achieve the above-mentioned purpose, the fifth aspect of an embodiment of the present application proposes a storage medium, which is a storage medium. The storage medium stores a computer program, and when the computer program is executed by a processor, the method described in the first aspect or the second aspect is implemented.

The domain name resource data publishing method, domain name system, device and storage medium proposed in the embodiment of the present application obtain domain name signature data by signing the domain name resource data with the first node key; publish the domain name signature data, and determine the domain name record node used to pull the domain name signature data as the authority node; obtain the verification result of the domain name signature data by the authority node, store the authority node as a receiving node in the receiving list, and push the receiving list to the receiving node based on the number of receiving nodes; obtain the consistency identifier generated by the receiving node according to the verification result, generate a record list, and determine the publishing result of the domain name resource data based on the record list. The embodiment of the present application constructs a flexible distributed trust management mechanism, the domain name publishing node can select the authority node, autonomously maintain the trust member list, and use the key center node to manage the key, through multiple data interactions between the domain name publishing node and the domain name record node and the digital signature confirmation verification process, simplify the consensus mechanism in the related technology, without the need for mutual trust between each node, each node only needs to select its own trust node, can adapt to weak trust environment, and in the trust transmission process, through digital signature to ensure data consistency and data credibility in the process of domain name resource data publishing.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG1 is a schematic diagram of a distributed domain name system provided in an embodiment of the present application.

FIG. 2 is an optional flowchart of a method for publishing domain name resource data provided in an embodiment of the present application.

FIG3 is a schematic diagram of a process for signing domain name resource data using a first node key to obtain domain name signature data, as provided in an embodiment of the present application.

FIG4 is a schematic diagram of the key generation process of the key center node provided in an embodiment of the present application.

FIG5 is a schematic diagram of generating domain name signature data provided in an embodiment of the present application.

FIG6 is a flowchart of an embodiment of the present application for publishing domain name signature data and determining a domain name record node for pulling domain name signature data as an authority node.

FIG. 7 is a schematic diagram of an authority node pulling data provided in an embodiment of the present application.

FIG8 is a schematic diagram of a receiving list provided in an embodiment of the present application.

FIG. 9 is a schematic diagram of a record list provided in an embodiment of the present application.

FIG. 10 is a schematic diagram of a public list provided in an embodiment of the present application.

FIG. 11 is a schematic diagram of the overall process of the domain name resource data publishing method provided in an embodiment of the present application.

FIG. 12 is another overall flow chart of the domain name resource data publishing method provided in an embodiment of the present application.

FIG. 13 is another overall flow chart of the domain name resource data publishing method provided in an embodiment of the present application.

FIG. 14 is an optional flowchart of a method for publishing domain name resource data provided in an embodiment of the present application.

FIG. 15 is another overall flow chart of the domain name resource data publishing method provided in an embodiment of the present application.

FIG. 16 is a schematic diagram of the hardware structure of the electronic device provided in an embodiment of the present application.

Detailed ways

In order to make the purpose, technical solution and advantages of the present application more clearly understood, the present application is further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present application and are not used to limit the present application.

It should be noted that although the functional modules are divided in the device schematic and the logical order is shown in the flowchart, in some cases, the steps shown or described may be performed in a different order than the module division in the device or the order in the flowchart.

Unless otherwise defined, all technical and scientific terms used herein have the same meaning as those commonly understood by those skilled in the art to which this application belongs. The terms used herein are only for the purpose of describing the embodiments of this application and are not intended to limit this application.

First, some nouns involved in this application are analyzed:

Domain Name System (DNS): It is a distributed database system used to resolve domain names into IP addresses on the Internet. It acts as a phone book on the Internet, converting easy-to-remember domain names into IP addresses that computers can understand. The way DNS works is by organizing domain names into domain name spaces in a hierarchical manner. Top-Level Domains (TLDs) such as .com, .org, .net, etc. are managed by specific organizations, while second-level domain names and subdomains are managed by domain name owners themselves. When a user enters a domain name in a browser, the operating system or browser sends a query request to the DNS server to obtain the IP address corresponding to the domain name. If the DNS server has a record for the domain name, it will return the corresponding IP address, allowing the browser to establish a connection and access the website. DNS not only provides mapping from domain names to IP addresses, but also undertakes other functions. For example, it can manage the MX records of email servers to deliver emails to the correct destination server; it can also implement load balancing and failover to distribute traffic to different servers.

Digital signature: It is a technical means for verifying and ensuring data integrity, identity authentication, and preventing data tampering. Digital signature is based on the principle of public key cryptography. It generates a unique digital signature by encrypting data with a private key. The verifier can use the corresponding public key to decrypt and verify the digital signature, thereby ensuring the source and integrity of the data. The digital signature process usually includes the following steps: Create a message digest, generate a unique message digest by using a hash algorithm to generate a unique message digest for the data to be signed. Encrypt the digest with a private key, encrypt the message digest with the sender's private key, and generate a digital signature. Send data and digital signature, send the original data and digital signature together to the receiver. Verify the digital signature, the receiver decrypts the digital signature with the sender's public key, and uses the same hash algorithm to generate a message digest of the received data. Compare the digest, compare the received message digest with the decrypted digital signature. If the two are consistent, it means that the data has not been tampered with and the sender's identity has been authenticated.

Private key and public key: are key pairs used in public key cryptography, which together constitute a mechanism for operations such as encryption and decryption, and identity authentication. Among them, the private key is a secret key generated and kept secret by the user. The private key is used to encrypt data and digitally sign. Only those who have the private key can decrypt the data encrypted by the private key or verify the digital signature generated by the private key. The public key is the public key corresponding to the private key and can be obtained and used by anyone. The public key is used to encrypt data and verify digital signatures. Data encrypted by the public key can only be decrypted using the corresponding private key, and for digital signatures generated using the private key, the public key can be used to verify its authenticity and integrity. The private key can generate the public key according to a specific algorithm, but the private key cannot be deduced from the public key. By using the public key to encrypt data, the sender can ensure that only the receiver with the corresponding private key can decrypt and read the data. By using the private key to generate a digital signature, the sender can ensure that the receiver can verify the source and integrity of the data.

The Domain Name System (DNS) is an important basic service facility in the Internet. The domain name resolution process relies on an "external loop" consisting of global root servers and generic top-level domain servers, in which the ownership of domain name resources is at risk of being unilaterally revoked, which may lead to the deletion/tampering of top-level domain name data or important domain name data, threatening the security and stability of the Internet. This requires extensive participation among parties related to the domain name system and the release of shared domain name resource data.

In the related technologies, domain name resources are mostly cross-regional cooperation. The protection of domain name resource ownership involves the release of domain name resource data. At this time, the resource publisher expects the data to be sufficiently public, and the resource receiver expects the data to be consistent with other receivers. Therefore, it is necessary to establish a mutual trust relationship between the resource publisher and the resource receiver. In the related technologies, there is a decentralized blockchain-based domain name resource data management method. This method uses a consortium blockchain to exchange each other's domain name resource data in the form of blockchain proposals and smart contracts, thereby realizing the release of domain name resource data. However, this method has the following shortcomings: First, the consortium chain essentially requires all members to trust each other, so there will be concerns when new members join. Secondly, all members share a set of blockchain ledgers, which requires strong consistency of data, resulting in insufficient autonomy. In addition, the blockchain architecture involves many components, resulting in a complex deployment and operation process. Finally, when cooperating across countries and regions, the cost of explanation is high, and it is easy to be blocked when it is widely promoted. Therefore, the release process of domain name resources in the related technologies cannot adapt to the situation where the resource publisher and the resource receiver are in a weak trust environment.

Based on this, the embodiments of the present application provide a domain name resource data publishing method, a domain name system, a device and a storage medium, and construct a flexible distributed trust management mechanism. The domain name publishing node can select an authority node, independently maintain a list of trusted members, and use a key center node to manage the key. Through multiple data interactions between the domain name publishing node and the domain name record node and the digital signature confirmation and verification process, the consensus mechanism in the related technology is simplified. There is no need for each node to trust each other. Each node only needs to select its own trusted node. It can adapt to a weak trust environment, and in the trust transmission process, the data consistency and data credibility in the domain name resource data publishing process are guaranteed through digital signatures.

The embodiments of the present application provide a domain name resource data publishing method, a domain name system, a device and a storage medium, which are specifically explained through the following embodiments. First, the domain name resource data publishing method in the embodiments of the present application is described.

The domain name resource data publishing method provided in the embodiment of the present application relates to the field of communication technology. The domain name resource data publishing method provided in the embodiment of the present application can be applied to a terminal, can also be applied to a server side, and can also be a computer program running in a terminal or a server side. For example, the computer program can be a native program or software module in an operating system; it can be a local (Native) application (APP, Application), that is, a program that needs to be installed in the operating system to run, such as a client that supports the release of domain name resource data, or it can be a small program, that is, a program that only needs to be downloaded to a browser environment to run. In short, the above-mentioned computer program can be any form of application, module or plug-in. Among them, the terminal communicates with the server through a network. The domain name resource data publishing method can be executed by a terminal or a server, or by a terminal and a server in collaboration.

In some embodiments, the terminal may be a smart phone, a tablet computer, a laptop computer, a desktop computer or a smart watch, etc. The server may be an independent server, or a cloud server that provides basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security services, content delivery networks (CDN), and big data and artificial intelligence platforms; or a service node in a blockchain system, wherein each service node in the blockchain system forms a peer-to-peer (P2P, PeerTo Peer, P2P) network, and the P2P protocol is an application layer protocol running on the Transmission Control Protocol (TCP) protocol. The terminal and the server may be connected via Bluetooth, Universal Serial Bus (USB) or a network, etc., which is not limited in this embodiment.

The present application can be used in many general or special computer system environments or configurations. For example: personal computers, server computers, handheld or portable devices, tablet devices, multiprocessor systems, microprocessor-based systems, set-top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments including any of the above systems or devices, etc. The present application can be described in the general context of computer executable instructions executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. The present application can also be practiced in distributed computing environments, in which tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.

The following describes the distributed domain name system in an embodiment of the present application.

Refer to Figure 1, which is a schematic diagram of a distributed domain name system provided in an embodiment of the present application.

The distributed domain name system in Figure 1 includes: domain name publishing nodes, domain name record nodes and key center nodes. Among them, the domain name publishing node is a node that participates in the protection of domain name resource ownership. The domain name publishing node is responsible for publishing a uniquely identifiable domain name resource data in the form of an announcement during the resource publishing process, and expects other nodes to receive the announcement as domain name record nodes. The domain name record node is responsible for receiving the announcement of the domain name resource data from the domain name publishing node, and expects other domain name record nodes to also record the same announcement to verify the consistency of the announcement. It can be understood that the nodes of the distributed domain name system can be both domain name publishing nodes and domain name record nodes.

In addition, each node, whether it is a domain name publishing node or a domain name record node, is connected to the key center node and can obtain the key of the node from the key center node. And each node can manage its own announcement-related data, trusted member list and key. Furthermore, each node has a corresponding node administrator to perform corresponding management operations.

The following describes the domain name resource data publishing method in the embodiment of the present application based on a distributed domain name system, and describes it from the perspective of a domain name publishing node.

FIG2 is an optional flow chart of a domain name resource data publishing method provided in an embodiment of the present application, and the method in FIG2 may include but is not limited to steps S110 to S140. It is also understood that the present embodiment does not specifically limit the order of steps S110 to S140 in FIG2, and the order of steps may be adjusted or some steps may be reduced or added according to actual needs.

Step S110: Use the first node key to sign the domain name resource data to obtain domain name signature data.

Among them, the domain name resource data refers to the domain name information that the domain name publishing node needs to publish. The first node key is the private key of the domain name publishing node, which is specifically generated by the key center node based on the first node identifier of the domain name publishing node. The first node identifier here can be the node name, the node IP address, the node email address, etc., which is used to distinguish different nodes in the distributed domain name system.

When a domain name publishing node publishes domain name resource data, it will edit the domain name resource data as "announcement" data. Domain name resource data is usually root zone data or important domain name data, which includes authoritative server name resource records (NS type) and IP address resource records (A/AAAA type). At the same time, the domain name publishing node can query and modify the "announcement" data.

In one embodiment, referring to FIG. 3 , FIG. 3 is a schematic diagram of a process of using a first node key to sign domain name resource data to obtain domain name signature data provided by an embodiment of the present application, specifically including steps S310 to S340:

Step S310: Send the first node identifier to the key center node.

In one embodiment, refer to FIG. 4, which is a schematic diagram of the key generation process of the key center node provided in the embodiment of the present application. In FIG. 4, the domain name publishing node (for example, node A) applies for the corresponding private key from the key center node, and at this time, the first node identifier is sent to the key center node. At the same time, the key center node generates a system encryption parameter and a master key based on a security parameter, and generates a first node key based on the master key as the private key of node A. The master key here is the encrypted private key of the key center node, which can only be known by the key center node. The security parameter can be a random number, and the system encryption parameter is a set of public parameters generated according to the random parameter, including encryption algorithm, hash function, prime number, polynomial and perturbation, etc. The system encryption parameter is generated by the key center node and publicly released on all nodes of the distributed domain name system for use by other nodes in the distributed domain name system. It can be understood that the system encryption parameter is sent by the key center node to all nodes of the distributed domain name system.

Step S320: Receive the first node key and system encryption parameters obtained by encrypting the first node identifier by the key center node using the master key.

4, the key center node encrypts the first node identifier based on the system encryption parameter and the master key to obtain the first node key, uses it as the private key of the domain name publishing node, and sends the first node key to the domain name publishing node. In addition, the domain name publishing node also uses the first node identifier as its public key to form a key pair with the private key.

Step S330: Adding address identification information to the domain name resource data to obtain domain name identification data.

In one embodiment, the domain name publishing system uses the domain name resource data as an "announcement" file and adds unique URL address identification information therein. At this time, the domain name resource data becomes domain name identification data. Other possible nodes can obtain the domain name identification data based on the URL address identification information, thereby obtaining the corresponding announcement file and the domain name resource data.

Step S340: Use the system encryption parameter and the first node key to sign the domain name identification data to obtain domain name signature data.

In one embodiment, after obtaining the domain name identification data, referring to FIG. 4 , the plaintext domain name identification data is signed using the system encryption parameter and the first node key to obtain an identification signature, and the identification signature and the plaintext domain name identification data are used as the domain name signature data.

Referring to Figure 5, Figure 5 is a schematic diagram of the generation of domain name signature data in an embodiment of the present application. First, node A acts as a domain name publishing node. During the domain name publishing process, the node administrator of the corresponding node performs announcement data management, trust member list and node key management. Among them, announcement data management mainly manages domain name resource data. The domain name publishing node can maintain a trust member list according to actual needs, wherein the trust member list can include an agreed domain name publishing record node. At this time, the domain name record node, as the authority node of the domain name publishing node, has the authority to obtain domain name signature data from the target server. It can be understood that since the domain name record node can also serve as a domain name publishing node, the domain name record node also includes a corresponding trust member list, and the two nodes that trust each other exist in each other's trust member list. The trust member list can include the IP address of the trusted node and the open port number, etc. The node can query the trust member list of this node or update and modify it.

In Figure 5, node A adds address identification information to the domain name resource data to obtain domain name identification data, and signs the domain name identification data, and announces the identification signature and domain name identification data as domain name signature data. At this time, the new announcement A obtained includes the corresponding version number.

Step S120: Publish the domain name signature data, and determine the domain name record node used to pull the domain name signature data as the authority node.

The domain name signature data is published on the target server in the form of an announcement, and the target server here can be a local server of the domain name publishing node. Referring to Figure 6, Figure 6 is a flowchart of publishing the domain name signature data in an embodiment of the present application, and determining the domain name record node used to pull the domain name signature data as the authority node, specifically including steps S610 to S620:

Step S610: Publish the domain name signature data to the target server.

Among them, when publishing, the version number of the domain name signature data needs to be published to the target server at the same time. The version number consists of a date and a number, for example, 20xx0829T01, which means that this announcement is the first "announcement" published by the domain name publishing node on August 29, 20xx. If a new "announcement" is published on the same day, the number after the letter T will increase by 1. It can be understood that the version number can be set according to actual needs.

Step S620: selecting an authority node from the domain name record node according to the trust information with the domain name record node.

In one embodiment, the authority nodes constitute a trust member list, which is constructed based on trust information with the domain name recording node. The nodes in the trust member list of the domain name publishing node are called authority nodes.

Step S130: Obtain the verification result of the authority node on the domain name signature data, store the authority node as a receiving node in the receiving list, and push the receiving list to the receiving node based on the number of receiving nodes.

In one embodiment, after the domain name publishing node publishes an announcement, the domain name recording node will actively detect the domain name publishing node, and then based on the trusted member list, only the corresponding authority node can pull the domain name signature data and the corresponding version number.

When the authority node determines to pull data, the domain name signature data is verified using the first node identifier. For example, in Figure 4, the authority node is node B. At this time, node B uses the first node identifier of node A, that is, the public key of node A to verify the domain name signature data. After the verification is passed, the domain name signature data is signed using the second node identifier of the authority node to obtain the authority signature, and the domain name signature data and the authority signature are made public as a record announcement. The record announcement is obtained according to the verification result. The authority node corresponding to the record announcement is used as the receiving node, and the second node identifier, node address and authority signature of the receiving node are stored in the receiving list.

The authority node will compare the latest version number of the domain name signature data with the current version number saved by this node. If the latest version number is higher than the current version number, it will determine whether to pull the data.

Refer to Figure 7, which is a schematic diagram of an authority node pulling data provided by an embodiment of the present application.

First, define node A as the domain name publishing node, and nodes B, C, and D as the authority nodes of node A. It can be seen that the trust member lists corresponding to nodes B, C, and D all include node A. At this time, node A publishes a new announcement A as the domain name signature data. The domain name signature data includes the identification signature of node A, domain name identification data, and version number. At this time, nodes B, C, and D pull the new announcement A and obtain the identification signature, domain name identification data, and version number of node A from it.

When signing, each node in the distributed domain name system needs to apply for its own private key in the key management center. Correspondingly, the domain name publishing system uses its own first node key to sign and obtain an identification signature. When the authority node verifies, since each node in the distributed domain name system knows each other's node identification, such as the node name, the node's IP address, the node's email address, etc., and the public key in the embodiment of the present application is the node identification, it is equivalent to each node knowing and exchanging the public key between each other. When verifying the signature, the other party's signature can be directly verified according to the other party's node identification. The signature can ensure that the domain name signature data is created by the expected domain name publishing node and has not been modified during the transmission process.

In Figure 7, nodes B, C, and D all need to use the public key of node A stored in this node to perform signature verification on the identification signature in the received domain name signature data. If the signature verification passes, the corresponding domain name record node uses its own second node key to add its own signature to the domain name signature data, and records the signature result as the verification result, and publishes the domain name signature data and the authority signature as a record announcement, such as the record announcement A in the figure, where A indicates that it is associated with the new announcement A. If the verification fails, the process is written into the exception log, and the record announcement is not made public.

At this time, the domain name publishing node, that is, node A, will obtain the record announcement published by each domain name record node that has passed the identification authority verification, and use the authority node that published the record announcement as the receiving node. The receiving node indicates that the authority node has passed the identification authority verification and has disclosed the received domain name signature data. At this time, the second node identification and authority signature of all receiving nodes are stored in the receiving list.

The domain name publishing node continuously counts the reception situation, updates the receiving list, and verifies the receiving list. Based on the number of receiving nodes, the receiving list is pushed to the receiving node, specifically including: if the number of receiving nodes is greater than or equal to the preset number, the receiving list is pushed to the receiving node. For example, the number of receiving nodes accounts for 1/2 of the authority nodes in the trusted node list, indicating that at least half of the authority nodes have received the corresponding domain name signature data. Otherwise, when it is determined that the creation time of the receiving list exceeds the preset time, it means that the response is abnormal, the receiving list is canceled, and the receiving node is notified to clear the record announcement, and the domain name data publishing process ends.

Refer to Figure 8, which is a schematic diagram of a receiving list provided by an embodiment of the present application. In Figure 8, node A maintains a receiving list as a domain name publishing node. If the authority nodes B, C, and D all publish record announcements A, different record announcements A are checked, and B, C, and D are updated in real time in the receiving list as receiving nodes according to the check results. At this time, the receiving list records:

B node: node identification, IP address, authority signature;

C node: node identification, IP address, and permission signature;

D node: node identification, IP address, and permission signature.

Step S140: Obtain a record list of the receiving node, and determine the publishing result of the domain name resource data based on the record list.

In one embodiment, when a receiving node determines that a corresponding record announcement is consistent with its own record announcement based on the authority signatures of other receiving nodes in the receiving list, the consistency identifier is consistent with the announcement, and the consistency identifier consistent with the announcement is written into the record list, and the record list is obtained.

Refer to Figure 9, which is a schematic diagram of a record list provided in an embodiment of the present application.

In Figure 9, the domain name publishing node is node A, and the receiving nodes are node B, node C, and node D. In Figure 9, the consistency judgment process of node C is taken as an example. First, node A pushes the receiving list to each corresponding receiving node in the receiving list. At this time, node B, node C, and node D will receive the receiving list, obtain the domain name signature data and the authority signatures of other receiving nodes in the receiving list, and each receiving node will verify the authority signature. Taking node C as an example, node C uses the public keys of node B and node D to verify the authority signature of node B and the authority signature of node D respectively. After both authority signatures are verified, it is judged that the domain name signature data received by node B and the domain name signature data received by node D are consistent with the domain name signature data received by itself, and the consistency mark is consistent with the announcement. Therefore, it is written in the record list of node C: node B is consistent with the announcement of this node, and node D is consistent with the announcement of this node. At the same time, the node identifiers of node B and node D and the corresponding IP addresses are also recorded in the record list. It can be understood that the record lists of node B and node D also record the consistency mark in the record list.

When the receiving node determines whether the number of nodes in the record list meets the requirements, it will generate a confirmation record message, which is used to indicate whether the announcement that the receiving node has confirmed meets the requirements. The confirmation record message includes a Boolean value and a confirmation signature, and the value of the Boolean value can be used to determine whether the announcement meets the requirements. The confirmation signature is obtained by the receiving node signing the Boolean value using the node's key.

For each receiving node, the record list includes all receiving nodes with consistent announcements. If the announcement of a certain receiving node is inconsistent with the announcement of this node, it will not be recorded in the record list. At this time, assuming that the number of receiving nodes in the receiving list is M, and the number of receiving nodes in the record list of a certain receiving node is F, there are f = M-F receiving nodes with inconsistent announcements. Assuming that the condition is met: F is greater than or equal to 3f+1, it means that the number of nodes in the record list with consistent announcements is large, and it can be considered that the domain name resource data is basically consistent during the transmission process. At this time, it is determined that the domain name resource data is successfully received, and a confirmation record message can be generated. The Boolean value can be 1, otherwise it is 0. It can be understood that this judgment condition can be actually set according to different receiving nodes.

In one embodiment, after receiving the confirmation record message from the receiving node, the domain name publishing node first verifies the confirmation signature, and then selects the receiving node that meets the requirements based on the Boolean value of the receiving node that has passed the verification, and writes it into the public list, wherein it is determined that the domain name resource data is successfully published by the receiving node in the public list.

Refer to Figure 10, which is a schematic diagram of a public list provided in an embodiment of the present application.

In Figure 10, node A serves as the domain name publishing node. Each receiving node generates a confirmation record message based on its record list and then sends it to the domain name publishing node. Node A obtains the confirmation record message of each receiving node, that is, the confirmation record messages of nodes B, C, and D. At this time, the confirmation signature in the confirmation record message is verified. After the verification is passed, the receiving nodes that meet the requirements are written into the public list based on the Boolean value in the confirmation record message. If the verification fails, the corresponding node is alarmed and the alarm is written into the exception log. At this time, the public list includes:

B-node: Node ID, IP address, B-node has been confirmed public;

C-node: Node ID, IP address, C-node has been confirmed public;

D node: node identification, IP address, D node has been confirmed public.

This indicates that the domain name resource data has been successfully published to the nodes on the public list, and the domain name resource data received by each node is consistent.

The following describes the overall process of the domain name resource data publishing method according to the embodiment of the present application. Referring to Figure 11, Figure 11 is a schematic diagram of the overall process of the domain name resource data publishing method according to the embodiment of the present application.

In FIG. 11 , node A is a domain name publishing node, and nodes B, C, and D are domain name recording nodes, among which nodes B, C, and D are all authority nodes.

Step 1: Node A publishes an announcement about domain name resource data. Node A places the announcement on the local server and makes it public, allowing authority nodes to actively obtain the announcement data by pulling.

Step 2: After the domain name record nodes, namely Node B, Node C and Node D, obtain the announcement, they will make their and their own node's authority signatures on the announcement public.

Step 3: Node A checks whether Node B, Node C, and Node D have published the record announcement, and stores the nodes corresponding to the record announcement in the receiving list. If the number of receiving nodes is greater than or equal to the preset number, the receiving list is pushed to Node B, Node C, and Node D.

Step 4: Node B, Node C, and Node D respectively check whether the announcements on the servers of other nodes in the receiving list are consistent with their own, write the consistency identifiers of the consistent announcements into their respective record lists, and generate confirmation record messages.

Step 5: Node A checks the confirmation record messages of each domain name record node. After verification, it generates a public list to confirm that the domain name resource data has been successfully published in the public list.

Referring to Figure 12, Figure 12 is another overall flow chart of the domain name resource data publishing method provided by an embodiment of the present application. The distributed domain name system of Figure 12 includes A node, B node, C node, D node and E node, wherein each node can independently maintain a list of trusted members and independently define its trusted member list, and the content of the trusted member list of each node can be different. Here, A node, B node, C node and D node trust each other, while E node does not trust A node.

The first is the announcement stage: Node A publishes the domain name resource data using the first node key to sign the domain name signature data, and publishes it as the new announcement A.

Next is the record announcement stage: Node B, Node C, and Node D can pull the new announcement A and verify it. After the verification is passed, the domain name signature data in the new announcement A is signed with the corresponding second node identifier to obtain the authority signature, and the domain name signature data and the authority signature are made public as a record announcement. At this time, Node B, Node C, and Node D publish the record announcement A respectively.

Entering the publisher confirmation reception stage: Node A takes the authority node corresponding to record announcement A as the receiving node and stores it in the receiving list based on record announcement A.

Next comes the recorder confirmation phase: Node B, Node C, and Node D check whether the announcement is available on the servers of other nodes in the receiving list, and verify the authority signatures of other nodes in the receiving list, and write the nodes whose record announcements in the verification results are consistent with their own record announcements into the record list.

The last is the publisher confirmation and disclosure stage: Node A obtains the confirmation record message of each receiving node according to the record list, generates a public list according to the confirmation record message, and confirms that the domain name resource data is successfully published by the receiving node in the public list.

Referring to FIG. 13, FIG. 13 is another overall flow chart of the domain name resource data publishing method provided by an embodiment of the present application. First, when the domain name publishing node publishes the domain name resource data, it is necessary to send a confirmation notification to the node administrator and wait for the node administrator's action. Then, after the node administrator completes the confirmation of the domain name resource data and agrees to disclose it, the domain name publishing node signs the domain name resource data to obtain the domain name signature data, writes it into the announcement, and adds a public mark. Then the domain name publishing node enters the waiting mode, waits for the authority node to return the disclosure status and the authority signature, and the timer confirms whether the first maximum waiting time has been reached. After the set first maximum waiting time, the domain name publishing node checks the reception status of the domain name record node, verifies the signature information, and writes the disclosure status into the receiving list. At the same time, it determines whether the current reception status meets the disclosure conditions. If it meets the conditions, the receiving list will be disclosed. If it does not meet the conditions, the protocol will be stopped and each domain name record node will be notified to clear the announcement. While the domain name publishing node discloses the receiving list, it pushes the receiving list to the domain name record node in the receiving list. The domain name publishing node re-enters the waiting mode, waits for the receiving node to return the confirmation record information and the confirmation signature, and the timer confirms whether the second maximum waiting time has been reached. After the second longest waiting time is set, check and count the confirmation record messages returned by the domain name record node, and verify the corresponding confirmation signature. Finally, based on the release of the domain name resource data this time, generate a public list of the domain name resource data release this time, and make it public.

The following describes the domain name resource data publishing method in the embodiment of the present application based on the distributed domain name system, and describes it from the perspective of the domain name record node.

FIG14 is an optional flow chart of a domain name resource data publishing method provided in an embodiment of the present application, and the method in FIG14 may include but is not limited to steps S1410 to S1430. It is also understood that the present embodiment does not specifically limit the order of steps S1410 to S1430 in FIG14, and the order of steps may be adjusted or some steps may be reduced or added according to actual needs.

Step S1410: Based on the authority list of the domain name publishing node, domain name signature data is pulled from the domain name publishing node.

The domain name signature data is obtained by the domain name publishing node signing the domain name resource data using the first node key.

Step S1420: Obtain the verification result of the domain name signature data.

In one embodiment, the domain name signature data is verified using the first node identifier of the domain name publishing node. When the verification is successful, the domain name signature data is signed using the second node identifier to obtain the authority signature. Finally, the domain name signature data and the authority signature are published as a public announcement, and the verification result is verification passed.

Step S1430: receiving a receiving list pushed by the domain name publishing node based on the verification result, generating a consistency identifier of the verification result based on the receiving list, and determining that the domain name resource data is successfully published based on the consistency identifier.

In one embodiment, the authority signatures of other receiving nodes in the receiving list are obtained, and it is determined that the public announcement corresponding to the authority signature is consistent with the public announcement of the node itself, and the generated consistency mark is consistent with the announcement. When the consistency mark is consistent with the announcement, it is determined that the domain name resource data is received successfully, and a Boolean value indicating successful reception is generated; the Boolean value is signed using the second node identifier to obtain a confirmation signature; the Boolean value and the confirmation signature are sent as a confirmation record message to the domain name publishing node, and when the domain name publishing node verifies the confirmation signature, the domain name resource data is successfully published.

Referring to FIG. 15 , FIG. 15 is another overall flow diagram of the domain name resource data publishing method provided by an embodiment of the present application, described from the perspective of a domain name record node. The domain name record node checks the list of trusted members of this node and periodically sends an "announcement" detection request to the trusted node. If the domain name publishing node has a new announcement, it detects the version number of the announcement and compares it with the version number saved by itself. If they are consistent, it ignores and continues to detect. If they are inconsistent, it performs an update operation. The domain name record node sends a pull request for the announcement to the domain name publishing node, obtains the announcement and verifies the signature. If the verification fails, the process is terminated. If the verification succeeds, the announcement is made public and signed. At the same time, the domain name record node notifies the domain name publishing node that it has been made public, and transmits the authority signature of the announcement back to the domain name publishing node. At this time, the domain name record node enters the waiting mode, waiting for the domain name publishing node to return the receiving list, and the timer confirms whether the third longest waiting time has been reached. Then the domain name record node receives the receiving list of the domain name publishing node and verifies the authority signatures of other domain name record nodes in the receiving list. When at most f domain name record nodes fail and the total number of domain name record nodes is at least 3f+1, the verification passes, the record list is written, and it is made public. At the same time, the domain name record node generates a confirmation record message and notifies the domain name publishing node.

The specific implementation of the domain name resource data publishing method of this embodiment from the perspective of the domain name record node is basically the same as the specific implementation of the domain name resource data publishing method described above from the perspective of the domain name publishing node, and will not be repeated here.

In one embodiment, a domain name publishing node in a distributed domain name system is used to sign domain name resource data using a first node key to obtain domain name signature data; the first node key is generated by a key center node according to a first node identifier of the domain name publishing node; the domain name publishing node is also used to publish the domain name signature data, and determine that the domain name record node used to pull the domain name signature data is an authority node; the authority node is used to pull the domain name signature data, and verify the domain name signature data to obtain a verification result; the domain name publishing node is also used to obtain the verification result, store the authority node as a receiving node in a receiving list, and push the receiving list to the receiving node based on the number of receiving nodes; the receiving node is used to generate a consistency identifier of the verification result based on the receiving list; the domain name publishing node is also used to obtain a consistency identifier, generate a record list, and determine the publishing result of the domain name resource data based on the record list. Wherein the authority node and the receiving node are both domain name record nodes.

The technical solution provided by the embodiment of the present application is to obtain domain name signature data by signing the domain name resource data with the first node key; publish the domain name signature data, and determine the domain name record node used to pull the domain name signature data as the authority node; obtain the verification result of the domain name signature data by the authority node, store the authority node as a receiving node in a receiving list, and push the receiving list to the receiving node based on the number of receiving nodes; obtain the consistency identifier generated by the receiving node according to the verification result, generate a record list, and determine the publishing result of the domain name resource data based on the record list.

The embodiment of the present application is to meet the autonomous, flexible and reliable resource publishing requirements required by the parties involved in the domain name system when participating in the protection of domain name resource ownership. In this scenario, the parties involved only have a certain weak trust basis, and need to ensure the consistency and credibility of the domain name resource publishing data. The embodiment of the present application builds a flexible distributed trust management mechanism to enable the relevant nodes in the distributed domain name system to have a flexible joining and exit mechanism. The domain name publishing node can select the authority node, autonomously maintain the list of trusted members, and use the key center node to manage the key. Through multiple data interactions between the domain name publishing node and the domain name record node and the digital signature confirmation verification process, the consensus mechanism in the relevant technology is simplified. There is no need for mutual trust between each node. Each node only needs to select its own trusted node. It can adapt to the weak trust environment, and in the trust transmission process, it can achieve the effect of being understandable, easy to promote, and easy to operate and maintain. The data consistency and data credibility in the process of domain name resource data release are guaranteed by digital signatures.

The present application also provides an electronic device, including:

at least one memory;

at least one processor;

at least one program;

The program is stored in the memory, and the processor executes the at least one program to implement the domain name resource data publishing method implemented in the present application. The electronic device can be any intelligent terminal including a mobile phone, a tablet computer, a personal digital assistant (PDA), a car computer, etc.

Please refer to FIG. 16 , which schematically shows the hardware structure of an electronic device according to another embodiment. The electronic device includes:

The processor 1601 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), or one or more integrated circuits, and is used to execute relevant programs to implement the technical solutions provided in the embodiments of the present application;

The memory 1602 can be implemented in the form of ROM (Read Only Memory), static storage device, dynamic storage device or RAM (Random Access Memory). The memory 1602 can store operating systems and other applications. When the technical solutions provided in the embodiments of this specification are implemented by software or firmware, the relevant program codes are stored in the memory 1602, and the processor 1601 calls and executes the domain name resource data publishing method of the embodiment of this application;

Input/output interface 1603, used to implement information input and output;

Communication interface 1604, used to realize communication interaction between the device and other devices, which can be realized by wired means (such as USB, network cable, etc.) or wireless means (such as mobile network, WIFI, Bluetooth, etc.); and

A bus 1605 that transmits information between the various components of the device (e.g., the processor 1601, the memory 1602, the input/output interface 1603, and the communication interface 1604);

The processor 1601 , the memory 1602 , the input/output interface 1603 and the communication interface 1604 are connected to each other in communication within the device via the bus 1605 .

An embodiment of the present application also provides a storage medium, which is a storage medium that stores a computer program. When the computer program is executed by a processor, the above-mentioned domain name resource data publishing method is implemented.

As a non-transient storage medium, the memory can be used to store non-transient software programs and non-transient computer executable programs. In addition, the memory may include a high-speed random access memory, and may also include a non-transient memory, such as at least one disk storage device, a flash memory device, or other non-transient solid-state storage device. In some embodiments, the memory may optionally include a memory remotely arranged relative to the processor, and these remote memories may be connected to the processor via a network. Examples of the above-mentioned network include, but are not limited to, the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof.

The domain name resource data publishing method, domain name system, device and storage medium proposed in the embodiment of the present application obtain domain name signature data by signing the domain name resource data with the first node key; publish the domain name signature data, and determine the domain name record node used to pull the domain name signature data as the authority node; obtain the verification result of the domain name signature data by the authority node, store the authority node as a receiving node in the receiving list, and push the receiving list to the receiving node based on the number of receiving nodes; obtain the consistency identifier generated by the receiving node according to the verification result, generate a record list, and determine the publishing result of the domain name resource data based on the record list. The embodiment of the present application constructs a flexible distributed trust management mechanism, the domain name publishing node can select the authority node, autonomously maintain the trust member list, and use the key center node to manage the key, through multiple data interactions between the domain name publishing node and the domain name record node and the digital signature confirmation verification process, simplify the consensus mechanism in the related technology, without the need for mutual trust between each node, each node only needs to select its own trust node, can adapt to weak trust environment, and in the trust transmission process, through digital signature to ensure data consistency and data credibility in the process of domain name resource data publishing.

The embodiments described in the embodiments of the present application are intended to more clearly illustrate the technical solutions of the embodiments of the present application and do not constitute a limitation on the technical solutions provided in the embodiments of the present application. Those skilled in the art will appreciate that with the evolution of technology and the emergence of new application scenarios, the technical solutions provided in the embodiments of the present application are also applicable to similar technical problems.

Those skilled in the art will appreciate that the technical solutions shown in the figures do not constitute a limitation on the embodiments of the present application, and may include more or fewer steps than shown in the figures, or a combination of certain steps, or different steps.

The device embodiments described above are merely illustrative, and the units described as separate components may or may not be physically separated, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

Those skilled in the art will appreciate that all or some of the steps in the methods disclosed above, and the functional modules/units in the systems and devices may be implemented as software, firmware, hardware, or a suitable combination thereof.

The terms "first", "second", "third", "fourth", etc. (if any) in the specification of the present application and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence. It should be understood that the data used in this way can be interchangeable where appropriate, so that the embodiments of the present application described herein can be implemented in an order other than those illustrated or described herein. In addition, the terms "including" and "having" and any of their variations are intended to cover non-exclusive inclusions, for example, a process, method, system, product or device comprising a series of steps or units is not necessarily limited to those steps or units clearly listed, but may include other steps or units that are not clearly listed or inherent to these processes, methods, products or devices.

It should be understood that in the present application, "at least one (item)" means one or more, and "plurality" means two or more. "And/or" is used to describe the association relationship of associated objects, indicating that three relationships may exist. For example, "A and/or B" can mean: only A exists, only B exists, and A and B exist at the same time, where A and B can be singular or plural. The character "/" generally indicates that the objects associated before and after are in an "or" relationship. "At least one of the following" or similar expressions refers to any combination of these items, including any combination of single or plural items. For example, at least one of a, b or c can mean: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", where a, b, c can be single or multiple.

In the several embodiments provided in the present application, it should be understood that the disclosed devices and methods can be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the above units is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interfaces, indirect coupling or communication connection of devices or units, which can be electrical, mechanical or other forms.

The units described above as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above-mentioned integrated unit may be implemented in the form of hardware or in the form of software functional units.

If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application is essentially or the part that contributes to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including multiple instructions to enable a computer device (which can be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods of various embodiments of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (Read-Only Memory, referred to as ROM), random access memory (Random Access Memory, referred to as RAM), disk or optical disk and other media that can store programs.

The preferred embodiments of the present application are described above with reference to the accompanying drawings, but the scope of the rights of the present application is not limited thereto. Any modification, equivalent substitution and improvement made by a person skilled in the art without departing from the scope and essence of the present application should be within the scope of the rights of the present application.

Claims (14)

1. A domain name resource data publishing method, characterized in that it is applied to a domain name publishing node of a distributed domain name system; the distributed domain name system includes the domain name publishing node, the domain name record node and the key center node; the method includes: The domain name resource data is signed using the first node key to obtain domain name signature data; the first node key is generated by the key center node according to the first node identifier of the domain name issuing node; The domain name signature data is published, and the domain name record node used to pull the domain name signature data is determined as an authority node; Obtaining a verification result of the domain name signature data by the authority node, storing the authority node as a receiving node in a receiving list, and pushing the receiving list to the receiving node based on the number of the receiving nodes; A record list of the receiving node is obtained, and a publishing result of the domain name resource data is determined based on the record list; the record list includes a consistency identifier generated according to the verification result. 2. The method for publishing domain name resource data according to claim 1, characterized in that the step of using the first node key to sign the domain name resource data to obtain the domain name signature data comprises: Sending the first node identifier to the key center node; Receiving the first node key and system encryption parameters obtained by the key center node encrypting the first node identifier using the master key; Adding address identification information to the domain name resource data to obtain domain name identification data; The domain name identification data is signed using the system encryption parameter and the first node key to obtain the domain name signature data. 3. The domain name resource data publishing method according to claim 1, characterized in that the domain name signature data is published and the domain name record node used to pull the domain name signature data is determined as an authority node, comprising: Publishing the domain name signature data to a target server; The authority node is selected from the domain name record node according to the trust information with the domain name record node; the authority node is used to obtain the domain name signature data from the target server. 4. The domain name resource data publishing method according to claim 3 is characterized in that the authority node stores the first node identifier; the obtaining the verification result of the domain name signature data by the authority node and storing the authority node as a receiving node in a receiving list comprises: When the authority node verifies the domain name signature data by using the first node identifier, the domain name signature data is signed by using the second node identifier of the authority node to obtain an authority signature, and the domain name signature data and the authority signature are made public as a record announcement, and the record announcement is obtained according to the verification result; The authority node corresponding to the record announcement is used as the receiving node, and the second node identifier of the receiving node and the authority signature are stored in the receiving list. 5. The domain name resource data publishing method according to claim 4, characterized in that the step of pushing the receiving list to the receiving node based on the number of the receiving nodes comprises: If the number of the receiving nodes is greater than or equal to a preset number, pushing the receiving list to the receiving nodes; Otherwise, if it is determined that the creation time of the receiving list exceeds the preset time, the publishing of the receiving list is cancelled, and the receiving node is notified to clear the record announcement. 6. The domain name resource data publishing method according to claim 4, characterized in that the step of obtaining the record list of the receiving node comprises: When the receiving node determines, based on the authority signatures of other receiving nodes in the receiving list, that the corresponding record announcement is consistent with its own record announcement, and writes the consistency identifier of the consistent announcement into the record list, the record list is obtained. 7. The method for publishing domain name resource data according to claim 1, wherein determining the publishing result of the domain name resource data based on the record list comprises: Acquire a confirmation record message of the receiving node; the confirmation record message includes a Boolean value and a confirmation signature, the Boolean value is used to indicate that the receiving node has successfully received the domain name resource data, and the confirmation signature is the signature of the receiving node on the Boolean value; The confirmation signature and the Boolean value are verified, and the receiving node that passes the verification is written into a public list; the domain name resource data is successfully published by the receiving node in the public list. 8. A method for publishing domain name resource data, characterized in that it is applied to a domain name record node of a distributed domain name system; the method comprises: Based on the authority list of the domain name publishing node, domain name signature data is pulled from the domain name publishing node, where the domain name signature data is obtained by the domain name publishing node signing the domain name resource data using the first node key; Obtaining a verification result of the domain name signature data; Receive a receiving list pushed by the domain name publishing node based on the verification result, generate a consistency identifier of the verification result based on the receiving list, and determine that the domain name resource data is successfully published based on the consistency identifier. 9. The method for publishing domain name resource data according to claim 8, wherein obtaining the verification result of the domain name signature data comprises: Verifying the domain name signature data using the first node identifier of the domain name publishing node; When the verification is passed, the domain name signature data is signed using the second node identifier to obtain an authority signature; The domain name signature data and the authority signature are made public as a public announcement, and the verification result is verification passed. 10. The domain name resource data publishing method according to claim 9, characterized in that the receiving of the receiving list pushed by the domain name publishing node based on the verification result and the generating of the consistency mark of the verification result based on the receiving list include: Obtain the authority signatures of other receiving nodes in the receiving list; If it is determined that the public announcement corresponding to the authority signature is consistent with the public announcement itself, the generated consistency identifier is announcement consistency. 11. The method for publishing domain name resource data according to claim 10, wherein determining that the domain name resource data is successfully published based on the consistency identifier comprises: When the consistency identifier is consistent with the announcement, it is determined that the domain name resource data is received successfully, and a Boolean value indicating successful reception is generated; Signing the Boolean value using the second node identifier to obtain a confirmation signature; The Boolean value and the confirmation signature are sent to the domain name publishing node as a confirmation record message. When the domain name publishing node verifies the confirmation signature, the domain name resource data is successfully published. 12. A distributed domain name system, characterized by comprising: a domain name publishing node, a domain name recording node and a key center node; The domain name issuing node is used to sign the domain name resource data using the first node key to obtain the domain name signature data; the first node key is generated by the key center node according to the first node identifier of the domain name issuing node; The domain name publishing node is also used to publish the domain name signature data, and determine the domain name record node used to pull the domain name signature data as the authority node; The authority node is used to pull the domain name signature data and verify the domain name signature data to obtain a verification result; The domain name publishing node is further used to obtain the verification result, store the authority node as a receiving node in a receiving list, and push the receiving list to the receiving node based on the number of the receiving nodes; The receiving node is used to generate a consistency identifier of the verification result based on the receiving list; The domain name publishing node is further used to obtain the consistency identifier, generate a record list, and determine the publishing result of the domain name resource data based on the record list. 13. An electronic device, characterized in that the electronic device comprises a memory and a processor, the memory stores a computer program, and the processor implements the domain name resource data publishing method according to any one of claims 1 to 11 when executing the computer program. 14. A storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the domain name resource data publishing method according to any one of claims 1 to 11.