NZ websites experience downtime – Security update leads to widespread internet Outages
New Zealand Internet Outages anomaly caused certain users to be unable to access banking apps and various .co.nz websites on Tuesday morning.
This incident appears to be linked to an initiative by InternetNZ, a non-profit organization responsible for managing local web domains. Their aim was to implement an enhanced system that safeguards users against counterfeit websites.
We sincerely apologize for the inconvenience caused. We are aware that certain Internet Service Providers are encountering difficulties this morning. Consequently, some of our customers may experience difficulties accessing FastNet Classic and ASB mobile, ASB communicated via their Facebook page earlier today.
After Sheri Ngaha expressed frustration on Kiwibank’s Facebook page, stating, Why can’t we access the app or reach you by phone this morning? This is incredibly frustrating as I need to make a money transfer, the bank responded, saying, We are presently encountering an issue affecting some customers who are attempting to access our app or internet banking services. Our teams are actively investigating this matter, and we expect a resolution shortly.
On Twitter, Hamish Mack posted, NZ sites RNZ, New World’s online shopping, and Kiwibank sites aren’t functioning. What on earth is going on?
Rebecca McMillan noted that govt.nz seemed unaffected by the outage, but all the apps and websites she utilized within New Zealand were down.
I am unable to even listen to @radionz due to the mobile app being non-functional. This is distressing. I suppose it’s time to resort to a transistor radio, she remarked.
Late yesterday, InternetNZ issued a service bulletin acknowledging technical difficulties that initially impacted .ac.nz (education) domains on Monday evening and subsequently spread to other local domains from 10:45 pm.
InternetNZ confirmed on Tuesday that all categories of local internet domains experienced disruptions. An update at 9:21 am stated, The issue will be resolved over time.
In response to an inquiry from the New Zealand Herald on Twitter, cloud computing engineer Simon Lyall stated, InternetNZ was modifying the key used to sign .nz and made an error. As a result, DNS [domain name server] queries are encountering a certificate error.
In essence, it appears that a security enhancement effort by InternetNZ encountered complications, rendering certain websites inaccessible. This adjustment was seemingly related to a measure aimed at preventing ‘DNS spoofing,’ which involves maliciously redirecting users to fraudulent versions of websites.
InternetNZ acknowledged the issue when contacted by the Herald; however, further details are pending.
Mack confirmed that his internet connection was fully functional by 10:30 am.
Stuart Laing posted earlier in the morning, Is anyone else having difficulty accessing .co.nz sites? It seems that .nz sites are functioning fine. However, Laing informed the Herald shortly after 9 am that his connections had been restored.
A customer of One NZ (formerly Vodafone NZ) reported encountering issues accessing multiple .co.nz websites from approximately 11:30 pm.
A spokesperson for One NZ informed the Herald, During the early hours, we experienced an issue where certain customers were unable to access .nz domains while utilizing a fixed connection. However, this matter has been resolved.
Major internet service providers and banks have been contacted for comments. 2degrees and One directed the Herald to InternetNZ.
What transpired?
So, what was the change that InternetNZ sought to implement?
Technology writer Juha Saarinen explained, The original domain name system (DNS), responsible for translating links such as http://nzherald.co.nz into Internet Protocol (IP) addresses like 104.18.2.137 assigned to network hosts, lacked security features.
This deficiency resulted in significant security vulnerabilities, such as DNS ‘cache poisoning,’ enabling malicious individuals to redirect users to fraudulent websites.
The modifications implemented overnight aimed to simplify the authentication process for verifying the legitimacy of websites. These alterations involved the utilization of Domain Name System Security Extensions (DNSSEC).
Some individuals reported that clearing their web browser’s cache resolved the issue. However, Lyall cautioned that this may not be effective if underlying issues persist. It is advisable to wait until internet service providers have followed InternetNZ’s instructions to clear their respective caches (temporary storage of websites and associated data, designed to expedite loading).
Read More: WhatsApp Beta Testing Screen Share Feature for Video Calls | Latest Update
