On Tuesday, March 8, the national domain of Fiji .FJ actually "fell out" from the global network. The problem affected all names in the domain zone without exception: requests to them from DNS servers using strict adherence to the DNSSEC protocol were rejected.
It took more than 12 hours to resolve the incident, but some domain names in the .FJ zone are still inaccessible due to caching mechanisms, according to Domain Incite.
Apparently, the cause of the problems was an error in configuring the DNSSEC keys: the specialists of the University of the South Pacific, which acts as the registry for the Fiji country code domain, carried out this procedure on their own for the first time and set the wrong value for one of the keys. DNS servers that strictly adhere to the DNSSEC protocol perceive this as a potential attack and automatically block queries.
Registry representatives said that it took so long to resolve the issues because the outage occurred in the morning local time, when it was still late night in the US, where the IANA support desk is located, and the IANA specialists did not immediately respond. However, IANA Chief Kim Davies already emphasized in a response message that IANA Help Desk is available 24/7. What in this case explains such a long time to troubleshoot, he did not specify. It is worth adding that problems of this kind occur from time to time, and even for structures that have serious experience in using DNSSEC. So, just a month ago, about 8 thousand names in the national domain of Sweden .SE were disconnected from the network for several hours due to the same error in the DNSSEC settings. At the same time, the Swedish national domain registry was the first to implement DNSSEC, back in 2005.
