Re: Dropping support for the .ru top level domain

[Tom Beecher <beecher () beecher cc>]

> Other arguments are political, and I do not presume to set international
> political policy. I only offer a technical opinion, not a political one.

Your technical opinion is what everyone is responding to.

Dropping support for any TLD in the root zone DB is a terrible idea,
period. Proposing technical measures to futz with standards based
infrastructure functionality is a terrible idea, period.



On Tue, Mar 15, 2022 at 8:13 AM Patrick Bryant <patrick () pbryant com> wrote:

> I propose dropping support of the .ru domains as an alternative to the
> other measures discussed here, such as dropping Russian ASNs -- which
> *would* have the counterproductive effect of isolating the Russian public
> from western news sources. Blocking those ASNs would also be futile as a
> network defense, if not implemented universally, since the bad actors in
> Russia usually exploit proxies in other countries as pivot points for their
> attacks.
>
> Preventing the resolution of the .ru TLD would not impact the Russian
> public's ability to resolve and access all other TLDs. As I noted, there
> are countermeasures, including Russia standing up its own root servers, but
> there are two challenges to countermeasure: 1) it would require modifying
> evey hints file on every resolver within Russia and, 2) "other measures"
> could be taken against whatever servers Russia implemented as substitutes.
> Dropping support for the .ru TLD action may incentivize the Russian State
> to bifurcate its national network, making it another North Korea, but that
> action is already underway.
>
> Other arguments are political, and I do not presume to set international
> political policy. I only offer a technical opinion, not a political one.
> The legalistic arguments of maintaining treaties is negated by the current
> state of war.
>
> On Tue, Mar 15, 2022 at 2:29 AM Fred Baker <fredbaker.ietf () gmail com>
> wrote:
>
> > My viewpoint, and the reason I recommended against it, is that it gives
> > Putin something he has wanted for a while, which is a Russia in which he is
> > in control of information flows. We do for him what he has wanted for
> > perhaps 20 years, and come out the bad guys - “the terrible west gut us
> > off!”.  I would rather have people in Russia have information flows that
> > have a second viewpoint other than the Kremlin’s. I have no expectation
> > that it will get through uncensored, but I would rather it was not in any
> > sense “our fault” and therefore usable by Putin’s propaganda machine.
> >
> > Sent from my iPad
> >
> > On Mar 14, 2022, at 2:14 PM, Brian R <briansupport () hotmail com> wrote:
> >
> > 
> > I can understand governments wanting this to be an option but I would let
> > them do blocking within their countries to their own people if that is
> > their desire.  This is another pandoras box.  Its bad enough that some
> > countries control this already to block free flow of information.
> > If global DNS is no longer trusted then many actors will start
> > maintaining their own broken lists (intentionally or unintentionally).
> >
> >    - This will not stop Russia, they will just run their own state
> >    sponsored DNS servers.  We can imagine what else might be implemented on
> >    that concept...
> >    - Countries or users that still want access will do the same with
> >    custom DNS servers.
> >    - This will take us down another path of no return as a global
> >    standard that is not political or politically controlled.
> >    - The belief that the internet is open and free (as much as possible)
> >    will be broken in one more way.
> >    - This will also accelerate the advancement of crypto DNS like
> >    NameCoin (Years ago I liked the idea but I don't know how it is being
> >    run anymore.) or UnstoppableDomains for example.   Similar to what is
> >    starting to happen to central banking as countries start shutting down bank
> >    accounts for political reasons.
> >
> > I am glad to see soo many people on here and many of the organizations
> > running these services state as much.
> >
> > Brian
> >
> >
> > ------------------------------
> > *From:* NANOG <nanog-bounces+briansupport=hotmail.com () nanog org> on
> > behalf of Patrick Bryant <patrick () pbryant com>
> > *Sent:* Saturday, March 12, 2022 2:47 AM
> > *To:* nanog () nanog org <nanog () nanog org>
> > *Subject:* Dropping support for the .ru top level domain
> >
> > I don't like the idea of disrupting any Internet service. But the current
> > situation is unprecedented.
> >
> > The Achilles Heel of general public use of Internet services has always
> > been the functionality of DNS.
> >
> > Unlike Layer 3 disruptions, dropping or disrupting support for the .ru
> > TLD can be accomplished without disrupting the Russian population's ability
> > to access information and services in the West.
> >
> > The only countermeasure would be the distribution of Russian national DNS
> > zones to a multiplicity of individual DNS resolvers within Russia. Russian
> > operators are in fact implementing this countermeasure, but it is a slow
> > and arduous process, and it will entail many of the operational
> > difficulties that existed with distributing Host files, which DNS was
> > implemented to overcome.
> >
> > The .ru TLD could be globally disrupted by dropping the .ru zone from the
> > 13 DNS root servers. This would be the most effective action, but would
> > require an authoritative consensus. One level down in DNS delegation are
> > the 5 authoritative servers. I will leave it to the imagination of others
> > to envision what action that could be taken there...
> >
> > ru      nameserver = a.dns.ripn.net
> > ru      nameserver = b.dns.ripn.net
> > ru      nameserver = d.dns.ripn.net
> > ru      nameserver = e.dns.ripn.net
> > ru      nameserver = f.dns.ripn.net
> >
> > The impact of any action would take time (days) to propagate.