Internet

Why .gov went dark

error

Government domain websites were down for several hours Aug. 14, probably because of a technical problem related to security.

FierceGovernmentIT reported that the outage was "likely caused by a failure to update a cryptographic key necessary for DNSSEC," citing cybersecurity researcher Johannes Ullrich, who first blogged about the outage. Ullrich is the dean of research at the SANS Technology Institute.

DNSSEC stands for Domain Name System Security Extensions, and government websites have made use of them since 2009 for security purposes. DNSSEC uses "key signing keys" to validate "zone signing keys" to verify that the typed-in URL loads the correct Internet protocol address, according to the report.

In plain English, the zone signing keys, which are changed frequently, compute encoded "signatures" for the domain name server of a given website. The key signing key, changed much less often, "signs" the zone signing key. The two keys together establish that the website is the one it claims to be. (See this document at ICANN.org for more information.)

"I think they published a new [key signing key] but forgot to update the new [delegation of signing] record to the root zone," Ullrich told FierceGovernmentIT. "That likely meant that DNS resolvers were sending the wrong cryptographic hash to the government root, meaning that browser requests couldn't be resolved.

Ullrich said government webmasters probably reverted back to the old key signing key to prevent further outage.

A General Services Administration official confirmed the outage to FCW and acknowledged it was related to a DNSSEC error. The outage would have affected only users on unsecure networks, the official said.

About the Author

Frank Konkel is a former staff writer for FCW.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Thu, Aug 15, 2013 OccupyIT

This was not a general outage. Might want to follow up and correct the article with which .govs were impacted. I know several that did not experience such an outage. Which agencies? Which vendors?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group