nanog mailing list archives
Re: ru tld down?
From: Töma Gavrichenkov <ximaera () gmail com>
Date: Wed, 7 Feb 2024 20:58:08 +0200
Peace, TWIMC: the .ru TLD has issued a post mortem. A tl;dr version: After a new key was crafted during an ordinary key update process, its key tag hash-collided with some other key, and due to a violation of the MUST NOT clause in the RFC 4034, Appendix B, the wrong key was deployed to the system. -- Töma On Wed, 31 Jan 2024, 9:59 am Bill Woodcock, <woody () pch net> wrote:
On Tue, Jan 30, 2024 at 8:11 AM Bill Woodcock <woody () pch net> wrote: Not exactly down… they just busted their DNSSEC, or their domain gothijacked or something. Bad DNSKEY records.On Jan 31, 2024, at 06:34, Eric Kuhnke <eric.kuhnke () gmail com> wrote: Not necessarily saying these are related, but given the currentgeopolitical situation, not beyond the realm of possibility that this is the result of 'something else' gone wrong. Phil Kulin posted a more specific timeline on dns-ops:Begin forwarded message: From: Phil Kulin <schors () gmail com> Subject: Re: [dns-operations] .RU zone failed ZSK rotation Date: January 31, 2024 at 03:34:40 GMT+1 To: Sergey Myasoedov <s () netartgroup com> Cc: dns-operations () lists dns-oarc net Timeline: 2024-01-30 12:29:44 UTC: Last correct answer before outage (SOA SN: 4058855): https://dnsviz.net/d/ru/ZbjruA/dnssec/ 2024-01-30 15:27:27 UTC: First bad answer (SOA SN: 4058857): https://dnsviz.net/d/ru/ZbkVXw/dnssec/ 2024-01-30 17:27:35 UTC: Resigning attempt (SOA SN: 4058857 and 4058858): https://dnsviz.net/d/ru/Zbkxhw/dnssec/ 2024-01-30 17:59:46 UTC: Recovering process started (SOA SN: 4058857 and 4058857 and 4058858): https://dnsviz.net/d/ru/Zbk5Eg/dnssec/ 2024-01-30 19:07:29 UTC: First completely good answer (SOA SN: 4058856): https://dnsviz.net/d/ru/ZblI8Q/dnssec/There’s no reason to think that any external parties influenced this. Ockham’s razor. So many euphemisms suggest themselves in a situation like this… Own-goal, one-car-accident, etc. Except that we all know that one small thing overlooked and we’ll be in their shoes tomorrow. All geopolitics aside, my empathy to the .RU operator. -Bill
Current thread:
- Re: ru tld down? Töma Gavrichenkov (Feb 07)
- Re: ru tld down? Mark Andrews (Feb 07)
- Re: ru tld down? Töma Gavrichenkov (Feb 07)
- Re: ru tld down? Mark Andrews (Feb 08)
- Re: ru tld down? Töma Gavrichenkov (Feb 07)
- <Possible follow-ups>
- Re: ru tld down? darkdevil (Feb 08)
- Re: ru tld down? Bjørn Mork (Feb 08)
- Re: ru tld down? Mark Andrews (Feb 08)
- Re: ru tld down? Gaurav Kansal via NANOG (Feb 09)
- Re: ru tld down? Randy Bush (Feb 09)
- Re: ru tld down? Mark Andrews (Feb 07)