Use of DNSSec technology for domain names protection in the ukrainian segment of the Internet

Authors

  • Vitalii Zubok Institute of special communication and information protection National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv,, Ukraine

DOI:

https://doi.org/10.20535/2411-1031.2017.5.2.136956

Keywords:

Security of information resources, domain name system, domain validation, DNSSEC, DNS transactions security.

Abstract

The domain names system is an integral part of addressing in the Internet. Defects in the implementation of the DNS protocol allow to use it for malicious actions, during which the integrity and availability of data when exchanging data between the DNS client and the DNS server may be affected. DNSSEC technology, designed to protect the integrity of the DNS data exchange, prevents DNS clients from receiving false data. The base of technology is that every DNS server response must have an electronic digital signature that can be verified through a higher level DNS server. Although DNSSEC has been actively deployed for 10 years, the complete transition to DNSSEC is hampered by the relative complexity of setting up domain zones and the lack of ready-made user-level decisions. The article presents the current state, comparative analysis, problems and prospects of the implementation of this technology for the protection of information resources, the addresses of which are in the UA domain. The analysis results indicate that the validation is supported in UA domain, the trust anchor of the UA domain is recorded into the root domain zone, and therefore, for second level domains in the UA domain there are no administrative or technical barriers for the implementation of the DNSSEC technology. Its use will allow performing DNS server authentication and validating DNS responses. However, the relative complexity of the technology and the lack of ready solutions at the level of Internet users hamper the pace of implementation of DNSSEC. At the same time, this is due to the additional costs of telecommunications operators and service providers for administration, as well as the lack of support for DNSSEC in carrier-grade equipment.

Author Biography

Vitalii Zubok, Institute of special communication and information protection National technical university of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Kyiv,

candidate of technical sciences,
associate professor at the cybersecurity
and application of information systems
and technologies academic department

References

.UA Domain Statistics by January 2017 summary. [Online]. Available: https://hostmaster.ua/news/?stat201701. Accessed on: Mar. 28, 2017.

DNS Best Practices, Network Protections, and Attack Identification. [Online]. Available: http://www.cisco.com/c/en/us/about/security-center/dns-best-practices.html. Accessed on: Mar. 20, 2017.

R. Arends, R. Austein, M. Larson, D. Massie and S. Rose, “DNS Security Introduction and Requirements”. [Online]. Available: https://www.ietf.org/rfc/rfc4033.txt. Accessed on: Mar. 20, 2017.

ICANN Research. TLD DNSSEC Report. [Online]. Available: http://stats.research.icann.org/dns/tld_report/. Accessed on: Mar. 20, 2017.

SecSpider Global DNSSEC deployment tracking. [Online]. Available: http://secspider.verisignlabs.com/stats.html. Accessed on: Mar. 18, 2017.

SecSpider Global DNSSEC deployment tracking. [Online]. Available: http://secspider.verisignlabs.com/stats.html. Accessed on: March 18, 2017.

Deploying DNSSEC [Online]. Available: https://www.icann.org/resources/pages/deployment-2012-02-25-en. Accessed on: Mar. 20, 2017.

DNSSEC Validation Rate by country. [Online]. Available: http://gronggrong.rand.apnic.net/ cgi-bin/worldmap. Accessed on: Mar. 20, 2017.

Internet Assigned Numbers Authority. Domain Name Services. [Online]. Available: https://www.iana.org/domains. Accessed on: Mar. 24, 2017.

P. Vixie, S. Thomson, Y. Rekhter and J. Bound, “Dynamic Updates in the Domain Name System (DNS UPDATE)”. [Online]. Available: https://www.ietf.org/rfc/rfc2136.txt. Accessed on: Mar. 20, 2017.

R. Arends, R. Austein, M. Larson, D. Massie and S. Rose, “Protocol Modifications for the DNS Security Extensions”. [Online]. Available: https://www.ietf.org/rfc/rfc4035.txt. Accessed on: Mar. 26, 2017.

Downloads

Published

2017-12-31

How to Cite

Zubok, V. (2017). Use of DNSSec technology for domain names protection in the ukrainian segment of the Internet. Collection "Information Technology and Security", 5(2), 43–50. https://doi.org/10.20535/2411-1031.2017.5.2.136956

Issue

Vol. 5 No. 2 (2017)

Section

NETWORK AND APPLICATION SECURITY

License

Copyright (c) 2020 Collection "Information technology and security"

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The authors that are published in this collection, agree to the following terms:

  1. The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
     
  2. The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
     
  3. Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).