On January 24, 2025, netizens report several websites ending in .edu.ph going ‘dark’ (inaccessible). This sudden and widespread outage raised concerns among users. Some thought an army of hackers had successfully breached all of these .edu.ph sites. However, paradoxically, it appears that an effort to enhance security may have inadvertently caused the problem.
Single Point of Failure: PHNET
First, the Philippine Educational institutions affected by the outage pointed to PHNET, the registrar responsible for managing the .edu.ph domains, as the likely source of the issue. The situation makes sense because if PHNET service goes down, all edu.ph will be similarly affected. You see, to access a .edu.ph website, users’ devices first need to resolve its domain name through a system called DNS (Domain Name System). PHNET plays a crucial role in this process by directing DNS queries to the correct servers. If this step fails, users encounter a “Not Found” error.
Once it was established that PHNET was central to the outage, attention turned to what had gone wrong there. Reports from various news sources indicated that a Denial of Service (DoS) attacks targeted PHNET. This type of attack overwhelms servers with excessive requests, making it difficult for legitimate users to access services. PHNET may have overloaded demand. However, some experts expressed uncertainty about this DoS attack without being able to examine and confirm it from the actual logs.
I attempted to contact Bombim Cadiz (PHNET) for further clarification but did not receive a response before publication. Meanwhile, unnamed sources mentioned that PHNET planned to add more servers to manage the “increased load”.
DNSSEC Misconfigured or Exploited?
Secondly, An independent DNS expert, Giancarlo Guiao identified a “broken trust error” during his investigation. He discovered that PHNET incorrectly configured DNSSEC (Domain Name System Security Extensions). This DNSSEC may have backfired and could have cause the outage. See this error below:
DNSSEC uses cryptographic keys for added security, but issues like expired keys or misconfigurations can disrupt service. In addition, DNSSEC also increases complexity and likewise increases the chances of human error during setup and maintenance. Such failures can prevent users from connecting to websites and applications relying on DNS. Mr Guiao’s further digging showed this:
Moreover, there are concerns that DNSSEC itself has vulnerabilities that hackers could exploit. A report from APNIC highlighted a critical flaw known as “KeyTrap,” which can be triggered by a single malicious DNS packet. This flaw can exhaust server resources and disrupt internet access for systems using DNSSEC. https://blog.apnic.net/2024/02/19/keytrap-algorithmic-complexity-attacks-exploit-fundamental-design-flaw-in-dnssec/
However, it’s essential to note that these observations are speculative until PHNET itself provides an official explanation on the outage. Thankfully, as of this writing, the PHNET is operational and so are the .edu.ph sites using it. Here’s to hoping there won’t be a repeat of this in the future.