Use of DNSSec technology for domain names protection in the ukrainian segment of the Internet
Keywords:Security of information resources, domain name system, domain validation, DNSSEC, DNS transactions security.
The domain names system is an integral part of addressing in the Internet. Defects in the implementation of the DNS protocol allow to use it for malicious actions, during which the integrity and availability of data when exchanging data between the DNS client and the DNS server may be affected. DNSSEC technology, designed to protect the integrity of the DNS data exchange, prevents DNS clients from receiving false data. The base of technology is that every DNS server response must have an electronic digital signature that can be verified through a higher level DNS server. Although DNSSEC has been actively deployed for 10 years, the complete transition to DNSSEC is hampered by the relative complexity of setting up domain zones and the lack of ready-made user-level decisions. The article presents the current state, comparative analysis, problems and prospects of the implementation of this technology for the protection of information resources, the addresses of which are in the UA domain. The analysis results indicate that the validation is supported in UA domain, the trust anchor of the UA domain is recorded into the root domain zone, and therefore, for second level domains in the UA domain there are no administrative or technical barriers for the implementation of the DNSSEC technology. Its use will allow performing DNS server authentication and validating DNS responses. However, the relative complexity of the technology and the lack of ready solutions at the level of Internet users hamper the pace of implementation of DNSSEC. At the same time, this is due to the additional costs of telecommunications operators and service providers for administration, as well as the lack of support for DNSSEC in carrier-grade equipment.
.UA Domain Statistics by January 2017 summary. [Online]. Available: https://hostmaster.ua/news/?stat201701. Accessed on: Mar. 28, 2017.
DNS Best Practices, Network Protections, and Attack Identification. [Online]. Available: http://www.cisco.com/c/en/us/about/security-center/dns-best-practices.html. Accessed on: Mar. 20, 2017.
R. Arends, R. Austein, M. Larson, D. Massie and S. Rose, “DNS Security Introduction and Requirements”. [Online]. Available: https://www.ietf.org/rfc/rfc4033.txt. Accessed on: Mar. 20, 2017.
ICANN Research. TLD DNSSEC Report. [Online]. Available: http://stats.research.icann.org/dns/tld_report/. Accessed on: Mar. 20, 2017.
SecSpider Global DNSSEC deployment tracking. [Online]. Available: http://secspider.verisignlabs.com/stats.html. Accessed on: Mar. 18, 2017.
SecSpider Global DNSSEC deployment tracking. [Online]. Available: http://secspider.verisignlabs.com/stats.html. Accessed on: March 18, 2017.
Deploying DNSSEC [Online]. Available: https://www.icann.org/resources/pages/deployment-2012-02-25-en. Accessed on: Mar. 20, 2017.
DNSSEC Validation Rate by country. [Online]. Available: http://gronggrong.rand.apnic.net/ cgi-bin/worldmap. Accessed on: Mar. 20, 2017.
Internet Assigned Numbers Authority. Domain Name Services. [Online]. Available: https://www.iana.org/domains. Accessed on: Mar. 24, 2017.
P. Vixie, S. Thomson, Y. Rekhter and J. Bound, “Dynamic Updates in the Domain Name System (DNS UPDATE)”. [Online]. Available: https://www.ietf.org/rfc/rfc2136.txt. Accessed on: Mar. 20, 2017.
R. Arends, R. Austein, M. Larson, D. Massie and S. Rose, “Protocol Modifications for the DNS Security Extensions”. [Online]. Available: https://www.ietf.org/rfc/rfc4035.txt. Accessed on: Mar. 26, 2017.
How to Cite
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).