Russia DNS
Peter N Limberg shared a link.
16 February 2019 ·
Fragmented internets = Effective reality tunnel management?
"Otherwise, more and more countries will go their own way. The net might truly fragment into separate and even disconnected internets, controlled by states with fundamentally different views of how the online sphere ought to function. Just this week, Russia has taken steps to create what could eventually become a separate Russian network."
The Internet Civil War - Techonomy
TECHONOMY.COM
The internet is in jeopardy. A small band of global technology companies have achieved a scale and influence that dwarfs most countries, and an existential split over the internet has emerged between nations. If we are going to retain the internet's extraordinary social, economic, and democratic pow...
4Thomas W Choate and 3 others
17 comments
Richard Sexton
"Russia has taken steps to create what could eventually become a separate Russian network."
HAHAHAHAHAHA.
No. Not even close. Please learn how DNS works.
Here's a summary.
The US controls the "root" of the DNS tree used to look up all names on the internet.
It does this via the US Root Server network.
The Russians now have their own root server network.
THEY ALL USE THE SAME FILE.
If you look up say example.com, you'll get the same answer whether you use the US or Russian root servers.
In fact it's possible for evrybody to just download a copy of the root zone themselves. Have they all "disconnected from the internet" too? Despite the fact a) it all still works b) it's faster c) it's not reliant on any US goverment servers?
Stupid article.
The file can be found here:
ftp://ftp.internic.net
There are poeple here that know far more about this than me.
EXAMPLE.COM
1
Richard Sexton
Look at it another way, if you can ping Russian sites and the Russian root servers how care they "disconnected" from the internet?
Why is it anti Russian bigotry is the only acceptable politically correct form these days?
2
David Gault
I'm beginning to think it's the only product that keeps MSNBC afloat.
1
Nick Taylor
@Richard Sexton
That article wasn't about Russia - just a single sentence. It talked about China more.
As to Anti-Russian bigotry... nobody is being bigoted against Russians... there is however a ton of evidence that the Russian state is attacking Western Democracies via disinformation campaigns though, and people are quite rightly concerned about that. That is about the actions of a state though - it isn't to do with Russians themselves.
2
Carlos E. Perez
Just insane that people are arguing that the bias against the Russian government is unfair. Hello?????!
1
Nick Taylor
Carlos E. Perez The word was "bigotry" not "bias" - and those two are completely different things.
Hello!!!??!?!
You should take a look at Timothy Snyder's take on this - he is qualified to opine, and I find him quite convincing - with regards trump being the payload of a Russian attack.
Peter Wang
Richard Sexton I'm afraid your assessment is quite incorrect. The DNS system is hierarchical and does have some "roots", but those roots are a global consensus by convention right now.
It's very simple for Russia to simply change how recursive DNS queries are handled at every Russian ISP.
But DNS isn't even the main issue - that's just looking up IP addresses for names. The bigger issue is the *routing* table itself, i.e. how those IP addresses are handled.
There's nothing that says that a country can't force its ISPs to route externally-bound traffic through a series of edge routers that then scan every packet, and blackhole various things. That's how the Great Firewall of China works.
We call it an "internet", but if you're within a country, you live on that country's *intra*net. The linkages between different sovereign intranets are just BGP and DNS, and those are both configurable.
2
Richard Sexton
Snicker.
Sorry, but you don't know what you're talking about. I did what the Russians just did 15 years ago.
There are people here that know more about that period than I do, maybe they'll want to say something, maybe they wont.
I suggest you have a look through Milton Muller's "Ruling thr root", anything I have to say I've already said in there. 😉
https://mitpress.mit.edu/books/ruling-root
Ruling the Root
MITPRESS.MIT.EDU
Peter Wang
Unfortunately it's out of print. I skimmed through the sample chapter that's available and didn't really learn anything new.
Ultimately, I don't particularly care about the kind of netsplit that can occur by people abusing DNS or even IP. In the long run, both of these are way too fragile and centralized to be robustly used by a collective intelligence network that actually threatens the political or economic status quo. Hence, I support the initiatives that push for p2p data web, with transport (eventually) orthogonal to identity and namespace.
1
Richard Sexton
Oh you skimmed an academic work that was written by a professor of Telecommunications History and because of this you know better than me who talked to thr Russians doing this ad infoed you the Chinese just installed another thousand root servers.
Sur… See more
Ruling the Root: Internet Governance and the Taming of Cyberspace (The MIT Press)
AMAZON.CA
Jim Rutt
Alternative roots have been around for a long time. Trivial to set one up. The very big hurdle is getting people to point their DNS revolvers to an IP address that services that alt-root.
Indeed our most powerful strategic weapon when I was the chief negotiator for Network Solutions in which we seceded oversight of com net and org (and few others) to ICANN, was the fact that we "owned" the IP addresses for the 13 root servers. HUGE hammer if we wanted to be assholes. We didn't but at times we hinted that we might be. For example, we set up and publicized to tech insiders an "alt root' right in the middle of the negotiations. It was nominally for "Y2K testing" but we slipped in a few new Top Level Domains. The 300 people in the world who mattered saw that and their sphincters clenched.
Peter Wang
LOL
Turns out that he who routes the packets, owns the traffic. "Open Protocols" are vulnerable to capture from below in an end-to-end architecture.
We see the same thing happening in the open source world, but across a different set of dimensions. OSS didn't think that any single entity could come up from below and capture all the computational substrate that it ran on.... but the cloud-vs-OSS-licensing wars of late 2018 show how existential of a problem this is.
Richard Sexton
1) "Turns out that he who routes the packets, owns the traffic. "
You don't get to route what won't resolve. There is more than one gating factor here.
2) ""Open Protocols" are vulnerable to capture from below in an end-to-end architecture."
ICANN was captured. ICANN was born captured as Jock Gill pointed out at the Harvard Meeting that introduced ICANN to an unsuspecting world.
3) "We see the same thing happening in the open source world, "
No, you don't. Poeple can fork and not be labeled criminal are a danger the stability to the universe.
You do not have the government saying you should not use a certain thing.
You do not have unregistered foreign lobbyist like Bob Shaw of the ITU telling US federal agencies to stop doing things a certain way, then wearing them to secrecy.
Actually there was one time in 1991 when the USG ordered all network communication with the usG were to be with ITU protofolf and not TCP/IP. This was rescinded in 93. Consumer internet came in 96.
4) " but the cloud-vs-OSS-licensing wars of late 2018 show how existential of a problem this is."
Not sure what this means, or how it applies in any way to the move the Russians just did pr how US media is spinning it.
Jim was CEO of Network Solutions during the time administration of .COM has commanded by the USG, (really Ira Magaziner, the Clinton gangs perpetual fuckup aand bullshit artist). Netsol (or "NSI") was universally loathed by the internet community, one of the very few things everybody agreed on, for two reasons: 1) they began charging for domains (which affected evrybody) 2) the "horribly flawed NSI domain dispute policy" which affects about one in 400,000 poeple, mot of who were intentionally provocative.
2) really only mattered to trademark attorneys and other domain name criminals. 1) was the big deal. Why did they do this? Well, they were told to.Technical the Federal Network Advisory Council ("FNCAC") advides the NSF (National science foundation") to instruct their contractor NSI to begin charging.
This ws consistent with the issue at the famous IETF meeting in Montreal, which I believe where the IAB was fired for insisting ITU protocols owuld displace TCP/IP and a flan at the time was floated for ISOC to run the names and numbers which appeared to be a retirement plan.
This was all the work of one guy, who Bob Metcalf (who invented ethernet at PARC) called "Darth Cerf" for his earlier plan to charge for all email while at MCI.
So, NSI were never really the bad guys we were told they were. Of course, NSI was told equally slandering things about me, I think I was referred to in DC as "the antichrist" for a while if not an out ant out criminal a charge which appeared in public and the media. All for opposing what they inventor of the spreadsheet has called "a rest extraction scheme that 404'd half the net".
The DNS is defined by RFC 1591 and the only thing ever to allude to a succession of this was Draft-Higgs. Simon has a good memory and might be a worthwhile addition here, he's on my friends list.
Now, tensions between NSI and ICANN came to a Pique when Jim showed NSI was also running an alternative root server network, it was bad enough poeple like me were doing this, that was NSI.
This, ICANN and NSI were ordered to be locked in a room and to not come out until they agree. Because they were all under NDA at chr concliusd, the intellectual property attorney for IBM (who insisted on this meeting, not the USG) bragged IBM has spent two years of its intellectual properly lobbying budget to prevent the creation of new tlds. Roger Cochetti from IBM was orchestrating all this and became an ICANN bigwin right away. Esther Dyson, the Paris Hilton of the tech world according to slashdot, became CEO, she was also working for IBM.
All this came out of a set of interagency meetings to decide what NSF was going to do with the internic project which held all the DNS root stuff and com. Have a look and see who was there.
Its gone downhill ever since.
Except, the Russians of all peope just did what Jim and I did in the last century. That's different, that takes half the world out from under USG control. And this time all the USG can do is complain. Except it's not them that are complaining. You'll note in the federal register the present administration asked "how to get rid of ican" not "if we should. it's axed but they do not know it yet".
Russia just did.
Jim Rutt
Actually, the REAL reason NSOL was so widely loathed was it's GROSS incompetence. Had it been even a marginally competent monopolist it likely could have maintained its hold.
When I came on board as CEO in June of 1999 50% of all template transactions failed and 100% of the new Worldnet transactions failed at least in part.
And that's just the highlights! Before I took the job I concluded that NSOL was the worst run company I'd ever seen, and I'd done due diligence on maybe 80 companies as Thomson-Reuters (Thomson then) CTO.
We quickly fixed the worst problems and negotiated a reasonably profitable deal with ICANN but we could have done much better if we weren't operating from such a deservedly shitty reputation.
Jim Rutt
Interestingly I was hired to fix all the technical, operational, and sales and marketing problems, being assured that our policy and US Commerce Dept and ICANN negotiations were in good hands and i could ignore that area. Well 2 weeks into the job I determined that they were worse than useless, and so I took control and formulated an explicit warfighting strategy.
The root of the problem was that ALL of the players had vested interests and reputations that they cared about all through the US Government both legislative and executive.
Me, I didn't give a shit about that stuff. I hoped never to deal with those asswipes again so I could play as hard of ball as was necessary to win without worrying about collateral damage elsewhere.
Didn't make our largest shareholder, SAIC, happy. but it sure made them a lot of money!
Richard Sexton
The real internet civil war happened, but nobody noticed and we lost.
The 13 root servers all get theit copy of the root zone from the "A" root, which NSI ran. It got the root zone file itself from the IANA, a name jon postel made up for his part time task funded by Darpa, yet it had no legal personality.
Some folks (not me!) had the idea since there were only 13 root servers all that had to be done is convince them real answer was to not take the root zone from the A root at NSI but a different one, Then the USG is out of the loop.
So this was done. A couple ddn't go along, most did. Gordon Cook, a tech journalist happened to be in the room with Postel that day and wrote that two guys came in and screamed at him that if he didn't put it back he'd be taken away in a black car and never heard of again. I saw jon in Geneva that summer or next and he could barely walk - he had a heart condition and had to sit between halls because he couldn't walk the whole distance. I've seen other people with the same thing, they're like that. So it seems weird that jon died right before icann came in by taking a hike out in the desert by himself then died of a heart attack. Tha's always bothered me. He wasn't fit enough to walk across the road, but went on a desert hike?
Anyway, that was the point where the poeple that built and ran the network tried ot take their toy back but it didn't work, and what the USG says goes now, something the present administration doesn't want.
The thing is the Russian Root Server Confederation is going to be faster.
The threat of "oh they may do something funny" it bullshit:
1) The US already did something funny
2) Poeple only use these things if they work.
So, people in the US now have a choice, they can use the US or RU root servers. With the US root there's no hope of any sort of real democracy, it's already been captured, wounded, killed and buried.
Maybe the Russians will be the wort pack of pricks ever. But given the ITU and DC they'd have to be pretty bad to beat that and there is always the nonzero chance they're acting in good faith in trying to do what so many poeple before hav tired. To fix USG control of all names on the internet and their resolution service.
Hey it's presidents day.
https://www.eff.org/cyberspace-independence
A Declaration of the Independence of Cyberspace
EFF.ORG