Peace, TWIMC: the .ru TLD has issued a post mortem. A tl;dr version:
After a new key was crafted during an ordinary key update process, its key tag hash-collided with some other key, and due to a violation of the MUST NOT clause in the RFC 4034, Appendix B, the wrong key was deployed to the system. -- Töma On Wed, 31 Jan 2024, 9:59 am Bill Woodcock, <wo...@pch.net> wrote: > >>> On Tue, Jan 30, 2024 at 8:11 AM Bill Woodcock <wo...@pch.net> wrote: > >>> Not exactly down… they just busted their DNSSEC, or their domain got > hijacked or something. Bad DNSKEY records. > >> > >> On Jan 31, 2024, at 06:34, Eric Kuhnke <eric.kuh...@gmail.com> wrote: > >> Not necessarily saying these are related, but given the current > geopolitical situation, not beyond the realm of possibility that this is > the result of 'something else' gone wrong. > > Phil Kulin posted a more specific timeline on dns-ops: > > > Begin forwarded message: > > > > From: Phil Kulin <sch...@gmail.com> > > Subject: Re: [dns-operations] .RU zone failed ZSK rotation > > Date: January 31, 2024 at 03:34:40 GMT+1 > > To: Sergey Myasoedov <s...@netartgroup.com> > > Cc: dns-operati...@lists.dns-oarc.net > > > > Timeline: > > 2024-01-30 12:29:44 UTC: Last correct answer before outage (SOA SN: > > 4058855): https://dnsviz.net/d/ru/ZbjruA/dnssec/ > > 2024-01-30 15:27:27 UTC: First bad answer (SOA SN: 4058857): > > https://dnsviz.net/d/ru/ZbkVXw/dnssec/ > > 2024-01-30 17:27:35 UTC: Resigning attempt (SOA SN: 4058857 and > > 4058858): https://dnsviz.net/d/ru/Zbkxhw/dnssec/ > > 2024-01-30 17:59:46 UTC: Recovering process started (SOA SN: 4058857 > > and 4058857 and 4058858): https://dnsviz.net/d/ru/Zbk5Eg/dnssec/ > > 2024-01-30 19:07:29 UTC: First completely good answer (SOA SN: > > 4058856): https://dnsviz.net/d/ru/ZblI8Q/dnssec/ > > There’s no reason to think that any external parties influenced this. > Ockham’s razor. > > So many euphemisms suggest themselves in a situation like this… Own-goal, > one-car-accident, etc. Except that we all know that one small thing > overlooked and we’ll be in their shoes tomorrow. All geopolitics aside, my > empathy to the .RU operator. > > -Bill > >
