Dropping support for the .ru top level domain

Denys Fedoryshchenko nuclearcat at nuclearcat.com
Mon Mar 14 20:24:56 UTC 2022

As bad as it is to break an internet service, it's even worse technical 
side of your idea.
Given that there is an agency in Russia that has the ability to 
intercept and modify all DNS queries,
countering your "idea" is trivial. They will just route root servers 
locally and setup their own zones.
And even if they aren't, replacing root hints in recursor is trivial.
It will take a lot less time than reaching a "authoritative consensus".

But the colossal harm that a violation of neutrality will cause when 
each country starts
making sovereign root servers "just in case", their own DNSSEC, RIR, CA 
and etc -
will cause much more significant harm to the rest of world.

Please, people who generate such delusional ideas, stop trying to 
disrupt neutrality of the
If you want to get involved in a war, go there, do not drag the rest of 
the world into the conflict.

On 2022-03-12 12:47, Patrick Bryant wrote:
> I don't like the idea of disrupting any Internet service. But the
> current situation is unprecedented.
> The Achilles Heel of general public use of Internet services has
> always been the functionality of DNS.
> Unlike Layer 3 disruptions, dropping or disrupting support for the .ru
> TLD can be accomplished without disrupting the Russian population's
> ability to access information and services in the West.
> The only countermeasure would be the distribution of Russian national
> DNS zones to a multiplicity of individual DNS resolvers within Russia.
> Russian operators are in fact implementing this countermeasure, but it
> is a slow and arduous process, and it will entail many of the
> operational difficulties that existed with distributing Host files,
> which DNS was implemented to overcome.
> The .ru TLD could be globally disrupted by dropping the .ru zone from
> the 13 DNS root servers. This would be the most effective action, but
> would require an authoritative consensus. One level down in DNS
> delegation are the 5 authoritative servers. I will leave it to the
> imagination of others to envision what action that could be taken
> there...
> ru      nameserver = a.dns.ripn.net [1]
> ru      nameserver = b.dns.ripn.net [2]
> ru      nameserver = d.dns.ripn.net [3]
> ru      nameserver = e.dns.ripn.net [4]
> ru      nameserver = f.dns.ripn.net [5]
> The impact of any action would take time (days) to propagate.
> Links:
> ------
> [1] http://a.dns.ripn.net
> [2] http://b.dns.ripn.net
> [3] http://d.dns.ripn.net
> [4] http://e.dns.ripn.net
> [5] http://f.dns.ripn.net

More information about the NANOG mailing list