<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">I’m reminded of a quote from “2010 The year we make contact”:<div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>“Just because our governments are behaving like asses doesn’t mean we have to.” (Roy Scheider as Dr. Heywood Floyd)</div><div class=""><br class=""></div><div class="">Breaking any communications facility is, IMHO, counterproductive to all sides. Communication is almost always the key to ending conflict.</div><div class="">In this case, it might require more than just communications, but breaking the .RU domain almost certainly isn’t going to help resolve the situation.<br class=""><div><br class=""></div><div>The internet should, ideally, continue to treat governments behaving like asses as damage and route around them.</div><div><br class=""></div><div>Owen</div><div><br class=""><blockquote type="cite" class=""><div class="">On Mar 15, 2022, at 02:07 , Patrick Bryant <<a href="mailto:patrick@pbryant.com" class="">patrick@pbryant.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">I propose dropping support of the .ru domains as an alternative to the other measures discussed here, such as dropping Russian ASNs -- which <i class="">would</i> have the counterproductive effect of isolating the Russian public from western news sources. Blocking those ASNs would also be futile as a network defense, if not implemented universally, since the bad actors in Russia usually exploit proxies in other countries as pivot points for their attacks. <div class=""><br class=""></div><div class="">Preventing the resolution of the .ru TLD would not impact the Russian public's ability to resolve and access all other TLDs. As I noted, there are countermeasures, including Russia standing up its own root servers, but there are two challenges to countermeasure: 1) it would require modifying evey hints file on every resolver within Russia and, 2) "other measures" could be taken against whatever servers Russia implemented as substitutes. Dropping support for the .ru TLD action may incentivize the Russian State to bifurcate its national network, making it another North Korea, but that action is already underway. <div class=""><br class=""></div><div class="">Other arguments are political, and I do not presume to set international political policy. I only offer a technical opinion, not a political one. The legalistic arguments of maintaining treaties is negated by the current state of war.</div></div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 15, 2022 at 2:29 AM Fred Baker <<a href="mailto:fredbaker.ietf@gmail.com" class="">fredbaker.ietf@gmail.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto" class="">My viewpoint, and the reason I recommended against it, is that it gives Putin something he has wanted for a while, which is a Russia in which he is in control of information flows. We do for him what he has wanted for perhaps 20 years, and come out the bad guys - “the terrible west gut us off!”. I would rather have people in Russia have information flows that have a second viewpoint other than the Kremlin’s. I have no expectation that it will get through uncensored, but I would rather it was not in any sense “our fault” and therefore usable by Putin’s propaganda machine.<br class=""><br class=""><div dir="ltr" class="">Sent from my iPad</div><div dir="ltr" class=""><br class=""><blockquote type="cite" class="">On Mar 14, 2022, at 2:14 PM, Brian R <<a href="mailto:briansupport@hotmail.com" target="_blank" class="">briansupport@hotmail.com</a>> wrote:<br class=""><br class=""></blockquote></div><blockquote type="cite" class=""><div dir="ltr" class="">
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; background-color: rgb(255, 255, 255);" class="">
I can understand governments wanting this to be an option but I would let them do blocking within their countries to their own people if that is their desire. This is another pandoras box. Its bad enough that some countries control this already to block free
flow of information.</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; background-color: rgb(255, 255, 255);" class="">
If global DNS is no longer trusted then many actors will start maintaining their own broken lists (intentionally or unintentionally).</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; background-color: rgb(255, 255, 255);" class="">
<ul class="">
<li class="">This will not stop Russia, they will just run their own state sponsored DNS servers. We can imagine what else might be implemented on that concept...</li><li class="">Countries or users that still want access will do the same with custom DNS servers.</li><li style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; background-color: rgb(255, 255, 255);" class="">
This will take us down another path of no return as a global standard that is not political or politically controlled.</li><li style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; background-color: rgb(255, 255, 255);" class="">
The belief that the internet is open and free (as much as possible) will be broken in one more way.</li><li style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; background-color: rgb(255, 255, 255);" class="">
This will also accelerate the advancement of crypto DNS like NameCoin (<span style="background-color: rgb(255, 255, 255); display: inline;" class="">Years ago I liked the idea but I don't know how it is being run anymore.)</span> or UnstoppableDomains
for example. Similar to what is starting to happen to central banking as countries start shutting down bank accounts for political reasons.</li></ul>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; background-color: rgb(255, 255, 255);" class="">
I am glad to see soo many people on here and many of the organizations running these services state as much.</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; background-color: rgb(255, 255, 255);" class="">
<br class="">
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; background-color: rgb(255, 255, 255);" class="">
Brian</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; background-color: rgb(255, 255, 255);" class="">
<br class="">
</div>
<div id="gmail-m_6195242954093616602appendonsend" class=""></div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt;" class="">
<br class="">
</div>
<hr style="display:inline-block;width:98%" class="">
<div id="gmail-m_6195242954093616602divRplyFwdMsg" dir="ltr" class=""><font face="Calibri, sans-serif" style="font-size:11pt" class=""><b class="">From:</b> NANOG <nanog-bounces+briansupport=<a href="mailto:hotmail.com@nanog.org" target="_blank" class="">hotmail.com@nanog.org</a>> on behalf of Patrick Bryant <<a href="mailto:patrick@pbryant.com" target="_blank" class="">patrick@pbryant.com</a>><br class="">
<b class="">Sent:</b> Saturday, March 12, 2022 2:47 AM<br class="">
<b class="">To:</b> <a href="mailto:nanog@nanog.org" target="_blank" class="">nanog@nanog.org</a> <<a href="mailto:nanog@nanog.org" target="_blank" class="">nanog@nanog.org</a>><br class="">
<b class="">Subject:</b> Dropping support for the .ru top level domain</font>
<div class=""> </div>
</div>
<div class="">
<div dir="ltr" class="">I don't like the idea of disrupting any Internet service. But the current situation is unprecedented.
<div class=""><br class="">
</div>
<div class="">The Achilles Heel of general public use of Internet services has always been the functionality of DNS.
<div class=""><br class="">
</div>
<div class="">Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD can be accomplished without disrupting the Russian population's ability to access information and services in the West.</div>
<div class=""><br class="">
</div>
<div class="">The only countermeasure would be the distribution of Russian national DNS zones to a multiplicity of individual DNS resolvers within Russia. Russian operators are in fact implementing this countermeasure, but it is a slow and arduous process, and it will
entail many of the operational difficulties that existed with distributing Host files, which DNS was implemented to overcome. <br clear="all" class="">
<div class=""><br class="">
</div>
<div class="">The .ru TLD could be globally disrupted by dropping the .ru zone from the 13 DNS root servers. This would be the most effective action, but would require an authoritative consensus. One level down in DNS delegation are the 5 authoritative servers. I will
leave it to the imagination of others to envision what action that could be taken there...</div>
<div class=""><br class="">
</div>
<div class="">ru nameserver = <a href="http://a.dns.ripn.net/" target="_blank" class="">a.dns.ripn.net</a><br class="">
ru nameserver = <a href="http://b.dns.ripn.net/" target="_blank" class="">b.dns.ripn.net</a><br class="">
ru nameserver = <a href="http://d.dns.ripn.net/" target="_blank" class="">d.dns.ripn.net</a><br class="">
ru nameserver = <a href="http://e.dns.ripn.net/" target="_blank" class="">e.dns.ripn.net</a><br class="">
ru nameserver = <a href="http://f.dns.ripn.net/" target="_blank" class="">f.dns.ripn.net</a><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">The impact of any action would take time (days) to propagate.</div>
<div class=""><br class="">
</div>
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class="">
<div dir="ltr" class=""></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div></blockquote></div></blockquote></div>
</div></blockquote></div><br class=""></div></body></html>