Dropping support for the .ru top level domain

Tue Mar 15 19:05:57 UTC 2022

>
> Other arguments are political, and I do not presume to set international
> political policy. I only offer a technical opinion, not a political one.
>

Your technical opinion is what everyone is responding to.

Dropping support for any TLD in the root zone DB is a terrible idea,
period. Proposing technical measures to futz with standards based
infrastructure functionality is a terrible idea, period.

On Tue, Mar 15, 2022 at 8:13 AM Patrick Bryant <patrick at pbryant.com> wrote:

> I propose dropping support of the .ru domains as an alternative to the
> other measures discussed here, such as dropping Russian ASNs -- which
> *would* have the counterproductive effect of isolating the Russian public
> from western news sources. Blocking those ASNs would also be futile as a
> network defense, if not implemented universally, since the bad actors in
> Russia usually exploit proxies in other countries as pivot points for their
> attacks.
>
> Preventing the resolution of the .ru TLD would not impact the Russian
> public's ability to resolve and access all other TLDs. As I noted, there
> are countermeasures, including Russia standing up its own root servers, but
> there are two challenges to countermeasure: 1) it would require modifying
> evey hints file on every resolver within Russia and, 2) "other measures"
> could be taken against whatever servers Russia implemented as substitutes.
> Dropping support for the .ru TLD action may incentivize the Russian State
> to bifurcate its national network, making it another North Korea, but that
> action is already underway.
>
> Other arguments are political, and I do not presume to set international
> political policy. I only offer a technical opinion, not a political one.
> The legalistic arguments of maintaining treaties is negated by the current
> state of war.
>
> On Tue, Mar 15, 2022 at 2:29 AM Fred Baker <fredbaker.ietf at gmail.com>
> wrote:
>
>> My viewpoint, and the reason I recommended against it, is that it gives
>> Putin something he has wanted for a while, which is a Russia in which he is
>> in control of information flows. We do for him what he has wanted for
>> perhaps 20 years, and come out the bad guys - “the terrible west gut us
>> off!”.  I would rather have people in Russia have information flows that
>> have a second viewpoint other than the Kremlin’s. I have no expectation
>> that it will get through uncensored, but I would rather it was not in any
>> sense “our fault” and therefore usable by Putin’s propaganda machine.
>>
>> Sent from my iPad
>>
>> On Mar 14, 2022, at 2:14 PM, Brian R <briansupport at hotmail.com> wrote:
>>
>> 
>> I can understand governments wanting this to be an option but I would let
>> them do blocking within their countries to their own people if that is
>> their desire.  This is another pandoras box.  Its bad enough that some
>> countries control this already to block free flow of information.
>> If global DNS is no longer trusted then many actors will start
>> maintaining their own broken lists (intentionally or unintentionally).
>>
>>    - This will not stop Russia, they will just run their own state
>>    sponsored DNS servers.  We can imagine what else might be implemented on
>>    that concept...
>>    - Countries or users that still want access will do the same with
>>    custom DNS servers.
>>    - This will take us down another path of no return as a global
>>    standard that is not political or politically controlled.
>>    - The belief that the internet is open and free (as much as possible)
>>    will be broken in one more way.
>>    - This will also accelerate the advancement of crypto DNS like
>>    NameCoin (Years ago I liked the idea but I don't know how it is being
>>    run anymore.) or UnstoppableDomains for example.   Similar to what is
>>    starting to happen to central banking as countries start shutting down bank
>>    accounts for political reasons.
>>
>> I am glad to see soo many people on here and many of the organizations
>> running these services state as much.
>>
>> Brian
>>
>>
>> ------------------------------
>> *From:* NANOG <nanog-bounces+briansupport=hotmail.com at nanog.org> on
>> behalf of Patrick Bryant <patrick at pbryant.com>
>> *Sent:* Saturday, March 12, 2022 2:47 AM
>> *To:* nanog at nanog.org <nanog at nanog.org>
>> *Subject:* Dropping support for the .ru top level domain
>>
>> I don't like the idea of disrupting any Internet service. But the current
>> situation is unprecedented.
>>
>> The Achilles Heel of general public use of Internet services has always
>> been the functionality of DNS.
>>
>> Unlike Layer 3 disruptions, dropping or disrupting support for the .ru
>> TLD can be accomplished without disrupting the Russian population's ability
>> to access information and services in the West.
>>
>> The only countermeasure would be the distribution of Russian national DNS
>> zones to a multiplicity of individual DNS resolvers within Russia. Russian
>> operators are in fact implementing this countermeasure, but it is a slow
>> and arduous process, and it will entail many of the operational
>> difficulties that existed with distributing Host files, which DNS was
>> implemented to overcome.
>>
>> The .ru TLD could be globally disrupted by dropping the .ru zone from the
>> 13 DNS root servers. This would be the most effective action, but would
>> require an authoritative consensus. One level down in DNS delegation are
>> the 5 authoritative servers. I will leave it to the imagination of others
>> to envision what action that could be taken there...
>>
>> ru      nameserver = a.dns.ripn.net
>> ru      nameserver = b.dns.ripn.net
>> ru      nameserver = d.dns.ripn.net
>> ru      nameserver = e.dns.ripn.net
>> ru      nameserver = f.dns.ripn.net
>>
>> The impact of any action would take time (days) to propagate.
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220315/075cb0e8/attachment.html>