It’s all about domains…| Dmitry Kohmanyuk (.ua)
The Ukrainian ccTLD is true proof of resilience. Dmitry Kohmanyuk talks about domain defense in critical times and protecting what we all care about most: the people behind domains!
Published by
Simone Catania
Date
We are all familiar with the tragic news by now. The military invasion of Ukraine has been underway for months, resulting in horrifying events for the Ukrainian people, to whom we express our deepest sympathy. We got in touch with Dmitry Kohmanyuk from Hostmaster, the registry operator of the Ukrainian ccTLD .ua. Dmitry and the entire Hostmaster team are safe and continue to work with a high sense of duty, keeping the DNS server infrastructure they are responsible for up and running.
Dmitry Kohmanyuk is one of the founders of the registry operator. He has been leading the technical operations for more than 20 years. We are very grateful for the opportunity to talk with Dmitry, to learn about the history of the Ukrainian ccTLD and discover how people as well as its infrastructure can be a model of resilience and strength.
We are fighting to counterattack the invasion and I hope the war will end very soon. I’m amazed by the resiliency of the internet infrastructure in Ukraine and I’m proud to be doing my part with Hostmaster, the registry of the Ukrainian ccTLD.
1. What is the story of the Ukrainian ccTLD .ua?
The Ukrainian ccTLD .ua was introduced in the root zone on 1 December 1992, based on the ISO 3166 standard. It is formed from the first and last letter of the country’s name in the local language: Україна (romanized: Ukraïna). The code could technically also have been .uk, but this was already allocated to the United Kingdom, which was also given the ending .gb (for Great Britain).
Today, this creates confusion as the two-letter Ukrainian language’s ISO code is “uk”. However, UA has become a truly well-recognized brand among Ukrainians. You can often find these two letters on products, packaging or ads. It doesn’t always mean they use the national ccTLD for their website, but it is a way of expressing the origin of a product or that something is intended for Ukrainians.
Unlike some countries in which academics, associations or government bodies manage their ccTLD registry, .ua was born as a volunteer project in the early ’90s. I’m glad to say I was one of the founders, together with some other experts coming from the Ukrainian DNS and ISP ecosystem.
Find perfect domains
For the first ten years, there was no real company behind it. In the ’90s, domains were registered for free. We were not charging any fees. The first registrants were exclusively government bodies. After a while, the first big companies became interested. We were working during our spare time or allocating some resources from our companies.
After more than 20 years, we are still running the ccTLD. We’ve had a continuity that is rare in the online business. We remain a small, profitable company running DNS servers for our society without any foreign investment. Even during these unforeseen and critical circumstances.
2. How did you get to work for the national ccTLD registry operator and what is your task within the organization?
As already mentioned, I am one of the registry founders, so I’ve been here from the very beginning. Before working at Hostmaster, I worked for one of the first ISPs in Kyiv and then moved to the United States for a couple of years. I returned to Ukraine to set up the national registry with some friends and colleagues. I’ve always coordinated the technical projects but have also worked on the registry policy in the past.
For example, I worked on creating the two-letter geographical domains for our oblast’, the Ukrainian municipalities and their abbreviations. You can register the shortcode kh.ua for kharkiv.ua or zp.ua for zaporizhzhe.ua. We’re now working to mirror kiev.ua with the new Ukrainian version, kyiv.ua.
So, my personal story is strictly connected to .ua. Today, after ensuring that all members of our staff are safe, my main goal is to protect the Ukrainian infrastructure with respect to the part that I’m responsible for.
3. As we sadly know, Ukraine was invaded on 24 February 2022. What have you and your staff done to keep .ua running?
The outbreak of war struck us unexpectedly. We found ourselves unprepared. We were well aware that there was a tense situation around us, but a warning of a possible military attack was not announced on a specific time and day. The Ukrainian government had not issued any information about a large-scale invasion.
Of course, I cannot blame our government since knowing every move of the enemy is not always possible. Someone in the military security departments might have known more, but we were not alerted as a private company. In short, the attack came as a heavy and tremendous shock.
As a tech company, we had redundancy plans, spare locations and other standard measures to prevent operations from breaking down in the event of natural disasters or power failure. For example, we rely on emergency electricity generators or other secondary servers in such cases.
Our infrastructure, and we as people, were not ready to withstand a military attack with bombings that damaged our infrastructure and homes. And when attacks are large-scale across the country, no redundancy can be guaranteed. Once we found a safer place, we worked on keeping data secure and organizing the infrastructure. It was hard work because there was no precedent and we had to operate under tremendous pressure and stress.
4. Have you been forced to outsource some services abroad?
Exactly, we had to. Our ccTLD .ua is relatively small in numbers, with around 0,5 million registered domains. This made things somewhat easier. By February, we had migrated our primary systems abroad while maintaining the old systems in Ukraine. Now, .ua keeps 50% of the infrastructure in Ukraine and 50% abroad. And this is because everything is at risk in our country at the moment! We have given up some systems only in those cities particularly affected by the invasion.
We are outsourcing hardware, the data center and some virtual servers. All registry databases, DNSSEC signing, EPP and WHOIS operations remain exclusively in our hands. We migrated the systems to the cloud thanks to the support of many of our international partners and friends. We have received support from people in and around the ICANN and RIPE community, to whom I’m very grateful.
5. The internet is playing an unprecedented role in the war. Although there is damage all over the country, the internet infrastructure is working. How is this possible?
I have many friends working for local ISPs who are doing their best and thanks to them, Ukrainian internet infrastructure is fully operational today. I know of attacked territories in which even fiber cables have been restored. Still, service disruptions might occur in those territories most affected by the war and currently occupied.
Today, the internet is a crucial means of communication in a time when war also includes cyber war. The work of ISPs is both crucial and strategic. Sometimes they store confidential or particularly important information.
I spoke to friends working for local ISPs in the occupied territories and they told me they had been subjected to physical violence. Russians wanted to infiltrate Ukrainian networks and gain access to information. Those people are “hidden heroes” of this war. They are risking their lives to keep our country online.
6. There has been an increasing number of DDoS attacks on .ua. How has .ua been affected and how are you protecting yourself?
The volume of DDoS attacks has been massive. It all started one week before the invasion when we received an unprecedented, huge attack on our DNS servers. The initial attack was an attempt to bring down the gov.ua domain. It didn’t succeed, but it warned us of what would follow.
Further attacks tried to take down military infrastructure, radio and other critical communication infrastructure in Ukraine. The highest level was during the first couple of weeks. Since late March, the volume of such attacks has decreased. Nonetheless, I expect the attacks will continue.
Of course, we already had all the necessary measures to protect .ua from DDoS attacks, but you must provision a lot of capacity when you are attacked 24/7. Even bigger providers are not ready to withstand war attacks. Our strategy was to provide more protection in critical systems or those that need more redundancy. We had a few short disruptions and it took a couple of hours for our systems to react but we never had a full day offline. Our infrastructure and systems proved to be resilient!
7. What is the situation of .ua today in a country at war?
The registry situation is stable now and I’m proud of our work to maintain the .ua infrastructure. As of today, we are still getting new domain registrations, as our statistics show. The numbers might be inflated as we are not deleting domains. When you are in war, you do not think about your domains too much.
You keep your systems as they are. This is why we have been suspending domains but do not delete them – in order to protect .ua registrants. The website might not be working but the domain ownership remains in place and we give registrants one year to renew it. We understand that this situation is critical and therefore offer a longer period. Doin so also helps us to avoid all those cases of cybersquatting that could be perpetrated against Ukrainian domain name holders.
Unfortunately, I can’t say I hold the same positive attitude with regard to the future. Moving data might be possible, but the same does not apply to people. The economy is in bad shape and many people have left the country. The crack created in our society is enormous. We will not be able to solve the problems any time soon. The war is a real threat to the Ukrainian state’s existence. If we lose territories temporarily, the ccTLD .ua should still exist as before.
We are fighting to counterattack the invasion and I hope the war will end very soon. I’m amazed by the resiliency of the internet infrastructure in Ukraine and I’m proud to be doing my part with Hostmaster, the registry of the Ukrainian ccTLD.
Register your .ua domain in AutoDNS