Auto-translation used

DNSSEC incident in the RU zone: possible threats and recovery

On January 30, 2024, we all witnessed a serious technical incident that engulfed the RU zone, where domain name resolution problems arose due to a DNSSEC malfunction. The coordination center of the *.RU and *.RF domains confirmed that the root of the problem lay in the erroneous signature of the DNSSEC zone, which led to the unavailability of many web resources for several hours.

Two hours after the incident occurred, the Coordination Center released information about a "technical problem" related to the global DNSSEC infrastructure. This event not only revealed vulnerabilities in the existing security system, but also raised questions about preparedness for such incidents (including in Kazakhstan).

According to unofficial information, in the process of troubleshooting the problem, the specialists of the Center for Monitoring and Management of the Public Communications Network advised to temporarily disable DNSSEC. However, such a step is fraught with risks, including an increase in the number of phishing attacks and the appearance of fraudulent sites, and is also not a solution for ordinary users who have lost access to services for several hours.

The emergency situation lasted for almost four hours, until at midnight (Astana time) it was announced that the transition to the recovery stage was underway. The incident was eliminated by signing the zone with a second key, which allowed access to the sites to be restored.

The Coordination Center of the *.RU and *.RF domains assured the public that a technical malfunction related to the global DNSSEC infrastructure has been eliminated, and access to sites in the zone.RU has been restored.

However, some time after the recovery, there may be minor problems in the DNS operation due to the need to distribute updated data through the domain name system.

What happened seriously raises the question of how prepared various government agencies and providers in Kazakhstan are for such failures and what measures should be taken to prevent such incidents in our region and the national domain zone .KZ.