Use of DNSSec technology for domain names protection in the ukrainian segment of the Internet
The domain names system is an integral part of addressing in the Internet. Defects in the implementation of the DNS protocol allow to use it for malicious actions, during which the integrity and availability of data when exchanging data between the DNS client and the DNS server may be affected. DNSSEC technology, designed to protect the integrity of the DNS data exchange, prevents DNS clients from receiving false data. The base of technology is that every DNS server response must have an electronic digital signature that can be verified through a higher level DNS server. Although DNSSEC has been actively deployed for 10 years, the complete transition to DNSSEC is hampered by the relative complexity of setting up domain zones and the lack of ready-made user-level decisions. The article presents the current state, comparative analysis, problems and prospects of the implementation of this technology for the protection of information resources, the addresses of which are in the UA domain. The analysis results indicate that the validation is supported in UA domain, the trust anchor of the UA domain is recorded into the root domain zone, and therefore, for second level domains in the UA domain there are no administrative or technical barriers for the implementation of the DNSSEC technology. Its use will allow performing DNS server authentication and validating DNS responses. However, the relative complexity of the technology and the lack of ready solutions at the level of Internet users hamper the pace of implementation of DNSSEC. At the same time, this is due to the additional costs of telecommunications operators and service providers for administration, as well as the lack of support for DNSSEC in carrier-grade equipment.
Full Text:PDF (Українська)
.UA Domain Statistics by January 2017 summary. [Online]. Available: https://hostmaster.ua/news/?stat201701. Accessed on: Mar. 28, 2017.
DNS Best Practices, Network Protections, and Attack Identification. [Online]. Available: http://www.cisco.com/c/en/us/about/security-center/dns-best-practices.html. Accessed on: Mar. 20, 2017.
R. Arends, R. Austein, M. Larson, D. Massie and S. Rose, “DNS Security Introduction and Requirements”. [Online]. Available: https://www.ietf.org/rfc/rfc4033.txt. Accessed on: Mar. 20, 2017.
ICANN Research. TLD DNSSEC Report. [Online]. Available: http://stats.research.icann.org/dns/tld_report/. Accessed on: Mar. 20, 2017.
SecSpider Global DNSSEC deployment tracking. [Online]. Available: http://secspider.verisignlabs.com/stats.html. Accessed on: Mar. 18, 2017.
SecSpider Global DNSSEC deployment tracking. [Online]. Available: http://secspider.verisignlabs.com/stats.html. Accessed on: March 18, 2017.
Deploying DNSSEC [Online]. Available: https://www.icann.org/resources/pages/deployment-2012-02-25-en. Accessed on: Mar. 20, 2017.
DNSSEC Validation Rate by country. [Online]. Available: http://gronggrong.rand.apnic.net/ cgi-bin/worldmap. Accessed on: Mar. 20, 2017.
Internet Assigned Numbers Authority. Domain Name Services. [Online]. Available: https://www.iana.org/domains. Accessed on: Mar. 24, 2017.
P. Vixie, S. Thomson, Y. Rekhter and J. Bound, “Dynamic Updates in the Domain Name System (DNS UPDATE)”. [Online]. Available: https://www.ietf.org/rfc/rfc2136.txt. Accessed on: Mar. 20, 2017.
R. Arends, R. Austein, M. Larson, D. Massie and S. Rose, “Protocol Modifications for the DNS Security Extensions”. [Online]. Available: https://www.ietf.org/rfc/rfc4035.txt. Accessed on: Mar. 26, 2017.
ISSN 2411-1031 (Print), ISSN 2518-1033 (Online)