ru tld down?

• Previous message (by thread): Instagram - Anyone here who can contact me off-list?
• Next message (by thread): ru tld down?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Peace,

TWIMC: the .ru TLD has issued a post mortem. A tl;dr version:

After a new key was crafted during an ordinary key update process, its key
tag hash-collided with some other key, and due to a violation of the MUST
NOT clause in the RFC 4034, Appendix B, the wrong key was deployed to the
system.

--
Töma

On Wed, 31 Jan 2024, 9:59 am Bill Woodcock, <woody at pch.net> wrote:

> >>> On Tue, Jan 30, 2024 at 8:11 AM Bill Woodcock <woody at pch.net> wrote:
> >>> Not exactly down…  they just busted their DNSSEC, or their domain got
> hijacked or something.  Bad DNSKEY records.
> >>
> >> On Jan 31, 2024, at 06:34, Eric Kuhnke <eric.kuhnke at gmail.com> wrote:
> >> Not necessarily saying these are related, but given the current
> geopolitical situation, not beyond the realm of possibility that this is
> the result of 'something else' gone wrong.
>
> Phil Kulin posted a more specific timeline on dns-ops:
>
> > Begin forwarded message:
> >
> > From: Phil Kulin <schors at gmail.com>
> > Subject: Re: [dns-operations] .RU zone failed ZSK rotation
> > Date: January 31, 2024 at 03:34:40 GMT+1
> > To: Sergey Myasoedov <s at netartgroup.com>
> > Cc: dns-operations at lists.dns-oarc.net
> >
> > Timeline:
> > 2024-01-30 12:29:44 UTC: Last correct answer before outage (SOA SN:
> > 4058855): https://dnsviz.net/d/ru/ZbjruA/dnssec/
> > 2024-01-30 15:27:27 UTC: First bad answer (SOA SN: 4058857):
> > https://dnsviz.net/d/ru/ZbkVXw/dnssec/
> > 2024-01-30 17:27:35 UTC: Resigning attempt (SOA SN: 4058857 and
> > 4058858): https://dnsviz.net/d/ru/Zbkxhw/dnssec/
> > 2024-01-30 17:59:46 UTC: Recovering process started (SOA SN: 4058857
> > and 4058857 and 4058858): https://dnsviz.net/d/ru/Zbk5Eg/dnssec/
> > 2024-01-30 19:07:29 UTC: First completely good answer (SOA SN:
> > 4058856): https://dnsviz.net/d/ru/ZblI8Q/dnssec/
>
> There’s no reason to think that any external parties influenced this.
> Ockham’s razor.
>
> So many euphemisms suggest themselves in a situation like this…  Own-goal,
> one-car-accident, etc.  Except that we all know that one small thing
> overlooked and we’ll be in their shoes tomorrow.  All geopolitics aside, my
> empathy to the .RU operator.
>
>                                 -Bill
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20240207/2aa6ac53/attachment.html>

• Previous message (by thread): Instagram - Anyone here who can contact me off-list?
• Next message (by thread): ru tld down?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]