Unexpected Behaviour Observed With DNS Root Servers After Cryptographic Change

By CircleID Reporter

The DNS root servers were reported by Verisign to be under unexpected attack from name servers across the Internet following ICANN's recent changes to their cryptographic master keys. Kevin Murphy reporting in Domain Incite writes: "The company, which runs the A and J root servers, said it saw requests for DNSSEC data at the root increase from 15 million a day in October to 1.15 billion a day a week ago. The cause was the October 11 root Key Signing Key rollover, the first change ICANN had made to the 'trust anchor' of DNSSEC since it came online at the root in 2010."

Verisign's Principal Research Scientist at Verisign in his post Unexpected Effects of the 2018 Root Zone KSK Rollover, says: "March 22, 2019, saw the completion of the final important step in the Key Signing Key (KSK) rollover — a process which began about a year and half ago. What may be less well known is that post rollover, and until just a couple days ago, Verisign was receiving a dramatically increasing number of root DNSKEY queries, to the tune of 75 times higher than previously observed, and accounting for ~7 percent of all transactions at the root servers we operate."

With the removal of the revoked key, DNSKEY query rates are now returning to pre-revocation levels, says Verisign.

Editor's Note: The title of this post was edited to omit the previously misused phrase "dns root servers came under attack" as per feedback received from the community.

Related topics: Cyberattack, Cybersecurity, DNS, DNS Security


This clickbait title is false, misleading and Stephane Bortzmeyer  –  Mar 28, 2019 1:33 AM PDT

This clickbait title is false, misleading and irresponsible. There was no attack at all.

False Chris Buijs  –  Mar 28, 2019 12:34 PM PDT