TY - JOUR AU - Zubok, Vitalii PY - 2017/12/31 Y2 - 2024/03/28 TI - Use of DNSSec technology for domain names protection in the ukrainian segment of the Internet JF - Collection "Information Technology and Security" JA - ITS VL - 5 IS - 2 SE - NETWORK AND APPLICATION SECURITY DO - 10.20535/2411-1031.2017.5.2.136956 UR - https://its.iszzi.kpi.ua/article/view/136956 SP - 43-50 AB - <p align="justify">The domain names system is an integral part of addressing in the Internet. Defects in the implementation of the DNS protocol allow to use it for malicious actions, during which the integrity and availability of data when exchanging data between the DNS client and the DNS server may be affected. DNSSEC technology, designed to protect the integrity of the DNS data exchange, prevents DNS clients from receiving false data. The base of technology is that every DNS server response must have an electronic digital signature that can be verified through a higher level DNS server. Although DNSSEC has been actively deployed for 10 years, the complete transition to DNSSEC is hampered by the relative complexity of setting up domain zones and the lack of ready-made user-level decisions. The article presents the current state, comparative analysis, problems and prospects of the implementation of this technology for the protection of information resources, the addresses of which are in the UA domain. The analysis results indicate that the validation is supported in UA domain, the trust anchor of the UA domain is recorded into the root domain zone, and therefore, for second level domains in the UA domain there are no administrative or technical barriers for the implementation of the DNSSEC technology. Its use will allow performing DNS server authentication and validating DNS responses. However, the relative complexity of the technology and the lack of ready solutions at the level of Internet users hamper the pace of implementation of DNSSEC. At the same time, this is due to the additional costs of telecommunications operators and service providers for administration, as well as the lack of support for DNSSEC in carrier-grade equipment.</p> ER -