Internet users across the globe are expected to face web connectivity failure for the next 48 hours. It began in select regions at 4 pm on Thursday and is expected to come back online this weekend.
Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit organisation responsible for coordinating the maintenance and procedures of several databases related to the namespaces (domain names) and numerical spaces (IP address) of the internet has taken up the routine maintenance work to change the cryptographic key in the next couple of days.
Why is it necessary to change the cryptographic key?
For those unaware, a cryptographic key is a string of bits used by a cryptographic algorithm to transform plain text into cypher text or vice versa. This key remains private and ensures secure communication on the Internet.
The cryptographic key is crucial in protecting information flow between the Domain Name System (DNS)s or the internet's address books. This is a necessary exercise to neutralise any cyber security threats to internet infrastructure.
This is akin to changing the password for the email, which you should do regularly at least once in two or three months so that your account stays secure, as it will be harder for cybercriminals or even known people with ill intentions to hack and steal sensitive information.
Coming back to the topic at hand, ICANN has done a preliminary test and we have come to learn that there will be minimal effect on internet service across the world. People might face slow loading of internet pages or access to the particular network if they use an outdated service provider.
Who will be affected and what issues will they face the most during Internet maintenance work?
When this failure happens, if the user has multiple resolvers configured (as most users do), their system software will try the other resolvers that the user has configured. This might slow down DNS resolution as their system keeps trying the resolver that is not prepared before switching to the resolver that is prepared, but the user will still get Domain Name System (DNS) resolution and might not even notice the slowdown, ICANN press note said.
If all of the user's resolvers are not prepared for the rollover (such as if they are all managed by one organization and that organization has not made any of their resolvers ready), the user will start seeing failure sometime in the 48 hours after the rollover.
Users will see different symptoms of failure depending on what program they are running and how that program reacts to failed DNS lookups.
In browsers, it is likely that a web page will become unavailable (or possibly only images on an already displayed web page might fail to appear).
In email programs, the user might not be able to get new mail, or parts of message bodies may show errors. The failures will cascade until no program is able to show new information from the internet.
It can be noted that the term "users" here does not just indicate humans. Automated systems that are also using unprepared resolvers for their DNS resolution will start to fail, possibly catastrophically.
We have come to know that more than 99 per cent of users whose resolvers are validating will be unaffected by the KSK rollover.