Russia threatens to set up its 'own internet' with China, India and pals – let's take a closer look

El Reg dives into global DNS split threat


Back to your roots

Going deeper, the lead 'A' official root server – from which the other roots (they are labeled B through M) typically accept changes – is run by .com operator Verisign which has close ties to the US government. Not only that but Verisign also runs the J root and the US government runs another three (E, G and H). That leaves eight root servers outside the grasp of the US government. And if you want to be paranoid, only two (I and M) are based outside the United States.

So, for those taking Russia's line of impending US interference the worst case scenario is:

  • President Trump gets upset because he thinks someone insulted him and orders a country's top-level domain to be pointed elsewhere.
  • The military descend on all the main root server locations based in the United States and force the engineers to use their version of the root zone file (it would likely require a gun in the face because the operators are very unlikely to make such a change under just a legal threat; their lawyers would be all over it).
  • So 11 of the 13 root server servers have removed the country in question. The remaining official servers and the mirrors dotted across the globe might simply copy the updated file but chances are they would object wildly to an unauthorized change. So the root servers would have to start cutting off their mirrors to maintain a common response.
  • At this point, alarm bells would have gone off in every ISP headquarters on the planet. Even if the US government served every single ISP in the US with an injunction, there would almost certainly be an informal uprising as internet engineers shifted operations outside the country. And that would be only be within the US – the rest of the world would be free to do what they wanted.
  • As a result, after an enormous amount of effort and the complete destruction of trust at the top level of the internet, the best that could be achieved would be for most US citizens to not be able to access a foreign country's top-level domain. Everyone else would likely still have full access.
  • By the time the changes have fully propagated, internet engineers and governments across the globe would either have maintained their own version of the root zone file without the tampering, or disconnected from the system altogether. The internet would fragment and it would take years to be put it back together again.

All of which is a long way of saying: the US kicking a nation like Russia off the internet? Never gonna happen.

So, on the one hand, you've got Russia claiming to be worried about being thrown off the information superhighway and preparing for it. And on the other hand, it's incredibly unlikely America – even considering its bizarro political situation at the moment – would actually go that far. The policy document instead leaves people assuming Russia et al are forming a breakaway internet. In reality, it's basically calling for yet more root mirrors.

Those tests again

We were intrigued about the reference in the news reports to "exercises on the Russian Internet resilience to external threats," which appeared to describe Kremlin techies removing .ru from the global root zone file as an experiment, to see what would be the effects of ICANN, under orders from Uncle Sam, stripping the Russian TLD from the world's DNS.

We dug into the root zone file, and found no sign of any recent changes made to the .ru top-level domain, particular not the suggestion that it had been temporarily removed from the root as a test. We also spoke separately to three root zone experts, none of whom wanted to speak publicly but all of whom said that there is no way that the Russian government has done a live test on the root zone. It would have been noticed immediately, and would have been the subject of countless conference presentations since.

Which means that the tests must have been carried out by the Russian government in a virtual lab where they removed the .ru entries from a cloned root zone files, and then observed they were then unable to reach .ru domains. Not exactly earth shattering, which suggests someone's trying to make a lot of noise over nothing.

Getting back to the Russian government's "system of backup DNS root name servers, independent of the control of ICANN, IANA and VeriSign, and capable of servicing the requests of users from the listed countries in the case of faults or targeted intervention."

There is nothing to stop a government, or a gang of governments, from doing something like this. Some groups already do. If you have the resources, and fear that the US government would actually do something as reckless and self-defeating as booting a nation off the web, then, OK, go forth and configure your BIND boxes. But you're just doing what so many others have already done.

Politics

What this policy document boils down to is a pure political play by Putin and Russian officials who for more than a decade now have tried to gain greater influence over how the internet is governed.

The Russian and Chinese governments have tried very hard – and failed – to shift oversight of the DNS under the auspices of the United Nations, in particular the UN's International Telecommunications Union (ITU), where they have significant influence.

Those efforts have been beaten back largely by Western governments. And, crucially, the final leverage that the Russian and Chinese governments had over other world governments – that the US government retained overall control of ICANN and IANA – was annihilated when ICANN was granted autonomy this time last year.

It was a smart move on the US government's part even though some elements of Congress and some states fought it, and even though the internet community failed miserably in implementing adequate controls over the newly independent ICANN.

It left the Kremlin stranded in its efforts to impose its will, and so it is now trying different tactics, including: passing new restrictive internal laws on internet usage; the development of a parallel set of internet governance conferences in an effort to shift policy discussions to a more restrictive, government-led approach to the internet; and phony fear mongering efforts like this one over root servers in an effort to band together other powerful countries and create an alternate center of power to the one led by the United States and Europe.

Next?

Will Russia separate itself from the global internet? No, as Russia officials have repeatedly admitted even when expounding on the problems of today's internet governance. It has too much to lose and too little to gain.

Will it go the Chinese route of a controlled internet within its borders and closely monitored connections to the outside? Possibly, although Russia doesn't face the same kind of existential threat that China's one-party system does – at least not right now – so the expense and hassle is probably not worth it.

What will it do? More of this, most likely: paint the US and Europe as controlling bogeymen; push for greater governmental control over internet management; and harp on about the darker sides of society that the internet helps foster, such as terrorism, or activities it deems morally or ethically wrong like pornography, drug taking and so on. China will do the same.

But a parallel domain name system with a separate set of root zone servers? There's virtually no point. ®


Biting the hand that feeds IT © 1998–2020