> > Other arguments are political, and I do not presume to set international > political policy. I only offer a technical opinion, not a political one. >
Your technical opinion is what everyone is responding to. Dropping support for any TLD in the root zone DB is a terrible idea, period. Proposing technical measures to futz with standards based infrastructure functionality is a terrible idea, period. On Tue, Mar 15, 2022 at 8:13 AM Patrick Bryant <patr...@pbryant.com> wrote: > I propose dropping support of the .ru domains as an alternative to the > other measures discussed here, such as dropping Russian ASNs -- which > *would* have the counterproductive effect of isolating the Russian public > from western news sources. Blocking those ASNs would also be futile as a > network defense, if not implemented universally, since the bad actors in > Russia usually exploit proxies in other countries as pivot points for their > attacks. > > Preventing the resolution of the .ru TLD would not impact the Russian > public's ability to resolve and access all other TLDs. As I noted, there > are countermeasures, including Russia standing up its own root servers, but > there are two challenges to countermeasure: 1) it would require modifying > evey hints file on every resolver within Russia and, 2) "other measures" > could be taken against whatever servers Russia implemented as substitutes. > Dropping support for the .ru TLD action may incentivize the Russian State > to bifurcate its national network, making it another North Korea, but that > action is already underway. > > Other arguments are political, and I do not presume to set international > political policy. I only offer a technical opinion, not a political one. > The legalistic arguments of maintaining treaties is negated by the current > state of war. > > On Tue, Mar 15, 2022 at 2:29 AM Fred Baker <fredbaker.i...@gmail.com> > wrote: > >> My viewpoint, and the reason I recommended against it, is that it gives >> Putin something he has wanted for a while, which is a Russia in which he is >> in control of information flows. We do for him what he has wanted for >> perhaps 20 years, and come out the bad guys - “the terrible west gut us >> off!”. I would rather have people in Russia have information flows that >> have a second viewpoint other than the Kremlin’s. I have no expectation >> that it will get through uncensored, but I would rather it was not in any >> sense “our fault” and therefore usable by Putin’s propaganda machine. >> >> Sent from my iPad >> >> On Mar 14, 2022, at 2:14 PM, Brian R <briansupp...@hotmail.com> wrote: >> >> >> I can understand governments wanting this to be an option but I would let >> them do blocking within their countries to their own people if that is >> their desire. This is another pandoras box. Its bad enough that some >> countries control this already to block free flow of information. >> If global DNS is no longer trusted then many actors will start >> maintaining their own broken lists (intentionally or unintentionally). >> >> - This will not stop Russia, they will just run their own state >> sponsored DNS servers. We can imagine what else might be implemented on >> that concept... >> - Countries or users that still want access will do the same with >> custom DNS servers. >> - This will take us down another path of no return as a global >> standard that is not political or politically controlled. >> - The belief that the internet is open and free (as much as possible) >> will be broken in one more way. >> - This will also accelerate the advancement of crypto DNS like >> NameCoin (Years ago I liked the idea but I don't know how it is being >> run anymore.) or UnstoppableDomains for example. Similar to what is >> starting to happen to central banking as countries start shutting down >> bank >> accounts for political reasons. >> >> I am glad to see soo many people on here and many of the organizations >> running these services state as much. >> >> Brian >> >> >> ------------------------------ >> *From:* NANOG <nanog-bounces+briansupport=hotmail....@nanog.org> on >> behalf of Patrick Bryant <patr...@pbryant.com> >> *Sent:* Saturday, March 12, 2022 2:47 AM >> *To:* nanog@nanog.org <nanog@nanog.org> >> *Subject:* Dropping support for the .ru top level domain >> >> I don't like the idea of disrupting any Internet service. But the current >> situation is unprecedented. >> >> The Achilles Heel of general public use of Internet services has always >> been the functionality of DNS. >> >> Unlike Layer 3 disruptions, dropping or disrupting support for the .ru >> TLD can be accomplished without disrupting the Russian population's ability >> to access information and services in the West. >> >> The only countermeasure would be the distribution of Russian national DNS >> zones to a multiplicity of individual DNS resolvers within Russia. Russian >> operators are in fact implementing this countermeasure, but it is a slow >> and arduous process, and it will entail many of the operational >> difficulties that existed with distributing Host files, which DNS was >> implemented to overcome. >> >> The .ru TLD could be globally disrupted by dropping the .ru zone from the >> 13 DNS root servers. This would be the most effective action, but would >> require an authoritative consensus. One level down in DNS delegation are >> the 5 authoritative servers. I will leave it to the imagination of others >> to envision what action that could be taken there... >> >> ru nameserver = a.dns.ripn.net >> ru nameserver = b.dns.ripn.net >> ru nameserver = d.dns.ripn.net >> ru nameserver = e.dns.ripn.net >> ru nameserver = f.dns.ripn.net >> >> The impact of any action would take time (days) to propagate. >> >>
