Incorrect signature settings disrupted the operation of the .ru zone

Websites hosted on .ru domains have become inaccessible to Internet users in Russia and the world due to incorrect DNSSEC settings. Similar incidents have previously occurred in other segments of the network, for example in Australia. The problem, according to Kommersant, occurred due to the actions of the zone administrator, the Coordination Center for .RU/.РФ domains or its contractors. The naming system created under the law on “sovereign RuNet” was restored faster than the global one, but this may be explained by the fact that it is easier to make changes to it.

On the evening of January 30, the domain name servers (DNS), which are responsible for the performance of sites in the top-level domain .ru, received incorrect DNSSEC settings, it follows from the site data DNSViz. This led to some sites hosted on domains in the .ru zone becoming inaccessible. A Kommersant source in the telecom industry reported that problems occurred at the stage of checking information received by providers from DNS servers of the .ru top-level domain. According to cloud provider Yandex Cloud, problems with DNS top-level domains were observed from 19:43 Moscow time and were corrected at 21:41.

Failures were observed in the operation of most mobile applications of the largest banks, as evidenced by numerous reviews from their clients. At 21:05, most large banks restored the functionality of their applications. According to Kommersant’s interlocutors in the banking market, the difficulties that arose in the operation of the applications did not lead to monetary risks, but for some time clients lost the opportunity to use mobile applications for making transfers and paying using QR codes through SBP.

In response to inquiries from Kommersant, problems with user access to their sites were acknowledged by Bookmate (owned by Yandex) and the online cinema Start – they, however, indicated that this was due to general failures in the network, and not to the operation of services . The Ozon marketplace reported that the deadline for issuing orders that should have been picked up on January 30 will be extended by two days due to an Internet failure; Wildberries reported that they will extend the shelf life of orders lying on the shelf.

MTS declined to comment. MegaFon told Kommersant that they had recorded a decrease in traffic volumes in the Russian segment of the Internet. “The problem is not with MegaFon’s network, our network is working normally.” VimpelCom stated that their network is operating normally. “Possible disruptions in the operation of Internet resources outside the area of ​​responsibility of Beeline.”

Three organizations are responsible for the operation of .ru domains: the .RU/.RF Coordination Center (CC) is the zone administrator, MSK-IX maintains the infrastructure and DNS servers, and the Internet Technical Center (TCI) maintains the .ru domain registry. At 20:14, the CC told Kommersant that specialists from two other structures were working to eliminate the problem and “restoration work is underway.”

At the same time, they noted that for those who connected to the national domain name system (NSDI, an alternative DNS infrastructure provided for by the law on the “sovereign RuNet”), the problem has already been resolved.

Roskomnadzor, whose structure (TsMU SSOP GRCHTS) is responsible for the work of the NSDI, also announced the normal operation of the “sovereign” system, and redirected questions about the work of the DNS to TCI, where they did not respond to the request. MSK-IX, in response to a request, said that they “understand the situation” and asked to rely on information from the Ministry of Digital Development (the ministry duplicated it in its Telegram channel CC information).

Incorrect DNSSEC settings can lead to the inaccessibility of entire areas of the Internet: such cases, in particular, are documented by the IANIX Internet project. The last time a similar problem occurred was on September 18, 2023: then about 15 thousand domains in the .au zone (Australia) were not working for about an hour. This happened across an entire top-level domain on March 9, 2022 with .fj (Fiji).

The availability of sites, according to a Kommersant source, depends on each specific element of the Internet: “Small operators who do not have the resources or expertise to promptly stop caching erroneous DNS records are more susceptible to failures.” He believes that the problems arose due to the actions of the .RU/.RF Coordination Center as the zone administrator or its contractors – MSK-IX or TCI: “One way or another, it is the coordination center that signs the changes.” He considered Roskomnadzor’s involvement in the failure unlikely, since it does not have direct access to the global infrastructure. He explains the fact that failures in NSDI were eliminated faster by the fact that it is easier to make changes to this system.

Yuri Litvinenko, Nikita Korolev, Yulia Yurasova, Anatoly Kostyrev, Ksenia Dementieva, Alexey Zhabin