Kind regards,Alexander Maassen -------- Oorspronkelijk bericht --------Van: brian.john...@netgeek.us Datum: 15-03-2022 15:08 (GMT+01:00) Aan: Patrick Bryant <patr...@pbryant.com> Cc: "nanog@nanog.org list" <nanog@nanog.org> Onderwerp: Re: Dropping support for the .ru top level domain I think you need to understand that these actions will only prolong the situation and likely make things worse. Less info is always worse than more.- BrianOn Mar 15, 2022, at 4:07 AM, Patrick Bryant <patr...@pbryant.com> wrote:I propose dropping support of the .ru domains as an alternative to the other measures discussed here, such as dropping Russian ASNs -- which would have the counterproductive effect of isolating the Russian public from western news sources. Blocking those ASNs would also be futile as a network defense, if not implemented universally, since the bad actors in Russia usually exploit proxies in other countries as pivot points for their attacks. Preventing the resolution of the .ru TLD would not impact the Russian public's ability to resolve and access all other TLDs. As I noted, there are countermeasures, including Russia standing up its own root servers, but there are two challenges to countermeasure: 1) it would require modifying evey hints file on every resolver within Russia and, 2) "other measures" could be taken against whatever servers Russia implemented as substitutes. Dropping support for the .ru TLD action may incentivize the Russian State to bifurcate its national network, making it another North Korea, but that action is already underway. Other arguments are political, and I do not presume to set international political policy. I only offer a technical opinion, not a political one. The legalistic arguments of maintaining treaties is negated by the current state of war.On Tue, Mar 15, 2022 at 2:29 AM Fred Baker <fredbaker.i...@gmail.com> wrote:My viewpoint, and the reason I recommended against it, is that it gives Putin something he has wanted for a while, which is a Russia in which he is in control of information flows. We do for him what he has wanted for perhaps 20 years, and come out the bad guys - “the terrible west gut us off!”. I would rather have people in Russia have information flows that have a second viewpoint other than the Kremlin’s. I have no expectation that it will get through uncensored, but I would rather it was not in any sense “our fault” and therefore usable by Putin’s propaganda machine.Sent from my iPadOn Mar 14, 2022, at 2:14 PM, Brian R <briansupp...@hotmail.com> wrote:
I can understand governments wanting this to be an option but I would let them do blocking within their countries to their own people if that is their desire. This is another pandoras box. Its bad enough that some countries control this already to block free flow of information. If global DNS is no longer trusted then many actors will start maintaining their own broken lists (intentionally or unintentionally). This will not stop Russia, they will just run their own state sponsored DNS servers. We can imagine what else might be implemented on that concept...Countries or users that still want access will do the same with custom DNS servers. This will take us down another path of no return as a global standard that is not political or politically controlled. The belief that the internet is open and free (as much as possible) will be broken in one more way. This will also accelerate the advancement of crypto DNS like NameCoin (Years ago I liked the idea but I don't know how it is being run anymore.) or UnstoppableDomains for example. Similar to what is starting to happen to central banking as countries start shutting down bank accounts for political reasons. I am glad to see soo many people on here and many of the organizations running these services state as much. Brian From: NANOG <nanog-bounces+briansupport=hotmail....@nanog.org> on behalf of Patrick Bryant <patr...@pbryant.com> Sent: Saturday, March 12, 2022 2:47 AM To: nanog@nanog.org <nanog@nanog.org> Subject: Dropping support for the .ru top level domain I don't like the idea of disrupting any Internet service. But the current situation is unprecedented. The Achilles Heel of general public use of Internet services has always been the functionality of DNS. Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD can be accomplished without disrupting the Russian population's ability to access information and services in the West. The only countermeasure would be the distribution of Russian national DNS zones to a multiplicity of individual DNS resolvers within Russia. Russian operators are in fact implementing this countermeasure, but it is a slow and arduous process, and it will entail many of the operational difficulties that existed with distributing Host files, which DNS was implemented to overcome. The .ru TLD could be globally disrupted by dropping the .ru zone from the 13 DNS root servers. This would be the most effective action, but would require an authoritative consensus. One level down in DNS delegation are the 5 authoritative servers. I will leave it to the imagination of others to envision what action that could be taken there... ru nameserver = a.dns.ripn.net ru nameserver = b.dns.ripn.net ru nameserver = d.dns.ripn.net ru nameserver = e.dns.ripn.net ru nameserver = f.dns.ripn.net The impact of any action would take time (days) to propagate.
