One of the 13 root servers DNS (c.root-sers.net), responsible for the operation of the root zone DNS, was found to be out of synchronization with the rest of the root DNS servers. The root DNS servers are distributed in different countries to ensure redundancy and stability.
During this period of unsynchronized operation, no changes were made to the root zone. However, plans were in place to update the DNSSEC digital signature for the first-level domain .GOV, as part of the transition to cryptographic keys based on the ECDSA algorithm. The current active algorithm for .GOV zone is 8 (RSA/Sha-256), but a transition to algorithm 13 (ECDSA P-256/Sha-256) was scheduled. The process was temporarily suspended due to identified issues with the root server “C”.
Root DNS server “C”, operated under an agreement with ICANN, is supported by a Tier 1 provider, Cogent Communications, with a presence in 53 countries. Prior to the incident, connectivity issues were reported with 1575 Autonomous Systems due to a routing problem with an Indian provider, Tata Communications.
The root DNS server “C” experienced synchronization issues due to a failure in the monitoring system responsible for tracking changes, following a routing change unrelated to the DNS server operation. While synchronization was disrupted, normal request processing continued. Full synchronization was restored on May 22 at 19:00 (MSK). Concerns arise about the accuracy of DNSSEC keys and DNS server addresses during prolonged desynchronization.