Internet

Why .gov went dark

error

Government domain websites were down for several hours Aug. 14, probably because of a technical problem related to security.

FierceGovernmentIT reported that the outage was "likely caused by a failure to update a cryptographic key necessary for DNSSEC," citing cybersecurity researcher Johannes Ullrich, who first blogged about the outage. Ullrich is the dean of research at the SANS Technology Institute.

DNSSEC stands for Domain Name System Security Extensions, and government websites have made use of them since 2009 for security purposes. DNSSEC uses "key signing keys" to validate "zone signing keys" to verify that the typed-in URL loads the correct Internet protocol address, according to the report.

In plain English, the zone signing keys, which are changed frequently, compute encoded "signatures" for the domain name server of a given website. The key signing key, changed much less often, "signs" the zone signing key. The two keys together establish that the website is the one it claims to be. (See this document at ICANN.org for more information.)

"I think they published a new [key signing key] but forgot to update the new [delegation of signing] record to the root zone," Ullrich told FierceGovernmentIT. "That likely meant that DNS resolvers were sending the wrong cryptographic hash to the government root, meaning that browser requests couldn't be resolved.

Ullrich said government webmasters probably reverted back to the old key signing key to prevent further outage.

A General Services Administration official confirmed the outage to FCW and acknowledged it was related to a DNSSEC error. The outage would have affected only users on unsecure networks, the official said.

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected