Artificial intelligence can prevent some of the threats to DNS

04.12.2018

The Eastern European DNS Forum 2018 (EE DNS Forum 2018) has opened in Moscow. The forum is being held for the third time and for the first time in Moscow. The organizers are ICANN and the Coordination Center for TLD .RU/.РФ.

December 4 is so-called TechDay, which brings together technical experts specializing in domains, cyber security and DNS infrastructure. Participants were welcomed by the Alexandra Kulikova, Head of ICANN Global Stakeholder Engagement, Eastern Europe and Central Asia, and Coordination Center Director Andrey Vorobyev. “The forum is hosted by the Coordination Center for TLD .RU/.РФ, one of the most reliable ICANN partners in Eastern Europe,” Kulikova said.

Andrey Vorobyev noted that the year 2018 was rich in international events: “This year, the Coordination Center together with CENTR held the Jamboree conference; ICANN President Göran Marby visited Russia in May; and in September, we hosted the TLDCON 2018 conference. Now we are hosting the Eastern European DNS Forum, which is a great honor for the Coordination Center. Although the weather in Moscow in December is cold, I hope that we will be compensated by heated discussions that are still to come.”

The forum’s working program was opened by Alexey Lukatsky from Cisco, one of the renowned experts in cyber security. He spoke about how AI technology is used to detect and prevent various threats in the DNS system. “The intruders understand users’ psychology very well and create fake domains that look very much like the real ones. There are numerous ways to do this: for instance, you can omit a dot after “www” or replace one letter of the domain name with a similar one or the one that is located close on the keyboard,” the expert explained. He also spoke about what users should pay attention to when they see an unknown link. “For instance, the word “update” in the domain name is suspicious, for this word is often used together with a brand name,” Lukatsky said.

Representatives of ICANN, telecom-operators and DNS service providers spoke at the plenary session, Root Zone Service Evolution. They discussed the evolution of the infrastructure that supports the activity of the DNS root zone.
Patrick Jones from ICANN spoke about how the root server system is organized. According to Jones, at the moment there are 929 root zone mirrors. In all, there are 12 organizations that maintain the root zone and all of them are very different: they include business companies and research institutions to name a few. Jones also described in detail the work of the Root Server System Advisory Committee (RSSAC) and noted that members of the committee are constantly analyzing new promising technology for DNS.

Olga Makarova from MTS told the audience about how the company installed an L-root mirror inside its network and why. “The L-root mirror in the MTS network processes some 20%−25% of requests processed by this server’s mirrors in Russia. At the same time, the installation of the root server mirror inside the network helps solve internal tasks of a company, for instance, to find resources on the net faster and provide users with information quickly,” Makarova said.

David Conrad from ICANN mentioned an interesting topic to do with DNS hyper localization in his report. He said that for a long time root servers had worked smoothly, but today the risks for root servers have grown significantly: the number and force of attacks are growing at an exponential rate.  There are three ways to lower the risks: to cut the traffic volume, to increase the number of root servers or to focus on creating hyper resolvers, that is, focus on hyper localization and decentralization of the internet. Hyper localized root zone services will make it easier for the entire community, therefore ICANN finances the creation of the software for resolvers with the hyper localization function, and it has already brought good results.

Conrad also said that they are not sure that the hyper localization approach is necessary to protect DNS, but it would be a shame if DNS collapsed because no hyper localized services were built. He also expressed concern about a significant growth of the number of IoT items on the net, because it bears a potential threat to the DNS stability and makes the network vulnerable to cyber-attacks. He joked that the letter S in the abbreviation IoT means security.

The first section of the forum was concluded by a report by Pavel Khramtsov from MSK-IX about the development of DNS functions. He spoke about the trend to use resolvers of large corporations, and not standard ones. “The survey by APNIC says that 86% of internet users use the Google DNS resolver, and most of them do not even know that. This is somewhat scary: is there something besides trusting “good corporations” that makes people so confident in relying on their resolvers?” he asked.

The EE DNS Forum 2018 continues its work, please follow our publications.

Online broadcasts are available via: eednsforum.org