MSK-IX / News / Security of DNS infrastructure discussed at Russian Association of Networks and Services conference
March 3, 2016

Security of DNS infrastructure discussed at Russian Association of Networks and Services conference

Moscow hosted the 14th International Conference "Providing Confidence and Security in the Use of Information and Communication Technologies" held by the Russian Association of Networks and Services. MSK-IX was the conference's partner and an active participant.

The first day of the conference featured a meeting on the security of the DNS infrastructure, which was chaired by MSK-IX chief project engineer Valery Temnikov. Participants in the meeting discussed DNS infrastructure security as well as threats Russian providers might face and how to counteract them. Representatives from ICANN, MSK-IX and the Technical Center of Internet spoke at the meeting.

When opening the meeting, Valery Temnikov delivered a review report describing the contemporary state of DNS networks. He said that the DNS network of MSK-IX servers has 19 hubs worldwide and is well protected from network failures and attacks with the help of AnyCast technology. "In the MSK-IX network, there is optimal connectivity of the DNS nodes with Russian and foreign networks due to the presence on popular Russian and foreign Internet exchange points. The response time to DNS queries is no longer than five milliseconds," Temnikov said. He also spoke about the threats to the very existence of DNS. Among them he pointed to the active development of social media and search engines, the growing use of IPv6 protocol and the Internet of Things. All these factors contribute to the declining importance of the domain for the end user in the traditional DNS system. DNS will continue to function as a basic technical backend system to support the operation of the Internet.

Pavel Khramtsov, DNS projects head at MSK-IX, spoke about the MSK-IX test zone. It was created after the notorious attacks on the DNS root servers on November 30 and December 1, 2015. A test zone allows for collecting statistics of such attacks, conducting experiments and developing protective solutions. MSK-IX is taking part in the Yeti international experiment dedicated to research on DNS service operation in the IPv6 environment. Khramtsov also described the work to collect data and monitor malware activity in national domains. In Russia, the Netoscope project is in charge of this. "For the three years of the project's existence, a large volume of data has been collected on the distribution of malware, phishing and spam. This data is currently being used by all project participants in their everyday work. Moreover, the information about domain names which have been spotted in illegal activity is public and helps us clean the Russian domain space," Khramtsov said.

Leading IT specialist of the Technical Center of Internet Dmitry Belyavsky delivered a report on the features of TLS functioning; the center's leading analyst Alexander Venedyukhin spoke about the future prospects for DNS development and the trend towards decentralizing the network at protocol level. A video link-up was held with ICANN Senior Technologist Edward Lewis, who described the current situation around the use and development of DNSSEC.