On Monday, names in the Australian ccTLD .AU disappeared from the Internet for almost an hour. From approximately 00:05 to 00:52 UTC, Australian domains remained unavailable: browsers displayed a connection error. As it turned out, the cause of the problems was a failure in the DNSSEC protocol settings. A message from the auDA registry, which manages the domain zone, published yesterday, said that during the process of re-signing the key, the system generated an incorrect record. As a result, users whose ISPs enforce DNSSEC were unable to access Australian URLs.
With more than 4 million Australian country code registrations, the current incident is likely the largest outage caused by DNSSEC configuration issues, Domain Incite reports. Unfortunately, problems of this kind are not that uncommon. So, just a year and a half ago, several thousand names, all in the same .AU domain, “fell out” of the Internet for several hours due to a protocol configuration error. And already this year, the national domains of Mexico .MX, New Zealand .NZ and Venezuela .VE have faced similar troubles. Thus, we have to admit that the DNSSEC protocol, designed to improve the security of the DNS system and eliminate the possibility of man-in-the-middle attacks, has itself become a source of problems due to the difficulties associated with its correct configuration.
