Hi Robert, On May 22, 2024, at 17:17, Robert Story <rstory@ant.isi.edu> wrote:
On Wed 2024-05-22 20:06:14+0900 Wataru wrote:
As you may already know, c-root is reported to be experiencing routing and XFR issue, affecting ongoing DNSSEC algorythm rollover of gov. and int.
In my opinion this issue itself is not a material impact for the entire RSS, however, if our security incident reporting document were taking effect at this time, is this eligeble to be reported?
Without more details, my personal opinion (ie no hats) is that it would not be. I spent a few minutes googling to try to find any references to this, but couldn't. So it seems there is no material impact to the RSS.
It seems like the problems with c.root-servers.org (note, .org) have no material impact to the root server system. However, the fact that C-Root has been failing to keep up with new revisions of the root zone as they are published for some period of time seems material. On the DNS-OARC dns-operations mailing list there are reports of two top-level domain DNSSEC algorithm rolls whose timing have been impacted, for example, so it doesn't seem to be much of a stretch to say that there's potential for security-related consequences of whatever this mishap turns out to be, even if they are minor. I am not familiar with the work that Wataru mentioned and I don't know how "security incident" is defined, but I think Wataru's question is reasonable. I know you didn't mean to suggest that spending a few minutes searching for impact is sufficient as criteria for judging whether an incident has occured, but we have metrics defined in RSSAC002 that relate directly to serving stale data; those metrics for C are surely well beyond the expected values over this event. Perhaps it's an idea to use those metrics as quantitative measures of impact? Joe