Ukraine request yikes

David Conrad drc at
Tue Mar 1 20:08:30 UTC 2022

On Mar 1, 2022, at 12:16 AM, George Herbert <george.herbert at> wrote:
> Ukraine (I think I read as) want ICANN to turn root nameservers off, revoke address delegations, and turn off TLDs for Russia.

More or less.  The Government Advisory Committee member from Ukraine has asked ICANN to:
- Revoke .RU, .рф, and .SU (all Russian-managed ccTLDs)

As the GAC member undoubtedly knows, that’s not how ICANN works. Barring a court/executive order in ICANN’s jurisdiction (and even then, it gets a bit sticky see <>), ICANN essentially treats ccTLDs as national sovereign resources. A third party, no matter how justified, requesting a change of this nature will not go anywhere. Simply put, ICANN is NOT a regulator in the forma sense, it is a private entity incorporated in California. The powers that it has are the result of mutual contractual obligations and it’s a bit unlikely the Russian government has entered into any contracts with ICANN, particularly those that would allow ICANN to unilaterally revoke any of the Russian ccTLDs.

- "Contribute to the revoking for SSL certificates for the abovementioned domains.”

I’m not sure what this even means.

- Shutdown the root server instances operated by ICANN that are within Russia

ICANN could conceivably do this unilaterally, but there are a lot more root server instances operated by other RSOs (including RIPE NCC, Verisign, ISC, and NASA). Even if all the RSOs shut down their instances, it’d merely increase latency for root queries by a small amount unless all DNS traffic to the RSO IPs were blocked at Russian borders.  And even then, Russia has been “testing” operating in a disconnected mode, so it’s highly likely there are root server equivalents in Russia that would continue to resolve root queries.

However, as mentioned, the UA GAC member probably knows all this and I imagine the intent of this letter was less to cause the requested actions to actually occur than it was to raise the profile of the conflict in the Internet governance context.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <>

More information about the NANOG mailing list