Re: Dropping support for the .ru top level domain

[Tom Beecher]

>
> Other arguments are political, and I do not presume to set international
> political policy. I only offer a technical opinion, not a political one.
>

Your technical opinion is what everyone is responding to.

Dropping support for any TLD in the root zone DB is a terrible idea,
period. Proposing technical measures to futz with standards based
infrastructure functionality is a terrible idea, period.



On Tue, Mar 15, 2022 at 8:13 AM Patrick Bryant  wrote:

> I propose dropping support of the .ru domains as an alternative to the
> other measures discussed here, such as dropping Russian ASNs -- which
> *would* have the counterproductive effect of isolating the Russian public
> from western news sources. Blocking those ASNs would also be futile as a
> network defense, if not implemented universally, since the bad actors in
> Russia usually exploit proxies in other countries as pivot points for their
> attacks.
>
> Preventing the resolution of the .ru TLD would not impact the Russian
> public's ability to resolve and access all other TLDs. As I noted, there
> are countermeasures, including Russia standing up its own root servers, but
> there are two challenges to countermeasure: 1) it would require modifying
> evey hints file on every resolver within Russia and, 2) "other measures"
> could be taken against whatever servers Russia implemented as substitutes.
> Dropping support for the .ru TLD action may incentivize the Russian State
> to bifurcate its national network, making it another North Korea, but that
> action is already underway.
>
> Other arguments are political, and I do not presume to set international
> political policy. I only offer a technical opinion, not a political one.
> The legalistic arguments of maintaining treaties is negated by the current
> state of war.
>
> On Tue, Mar 15, 2022 at 2:29 AM Fred Baker 
> wrote:
>
>> My viewpoint, and the reason I recommended against it, is that it gives
>> Putin something he has wanted for a while, which is a Russia in which he is
>> in control of information flows. We do for him what he has wanted for
>> perhaps 20 years, and come out the bad guys - “the terrible west gut us
>> off!”.  I would rather have people in Russia have information flows that
>> have a second viewpoint other than the Kremlin’s. I have no expectation
>> that it will get through uncensored, but I would rather it was not in any
>> sense “our fault” and therefore usable by Putin’s propaganda machine.
>>
>> Sent from my iPad
>>
>> On Mar 14, 2022, at 2:14 PM, Brian R  wrote:
>>
>> 
>> I can understand governments wanting this to be an option but I would let
>> them do blocking within their countries to their own people if that is
>> their desire.  This is another pandoras box.  Its bad enough that some
>> countries control this already to block free flow of information.
>> If global DNS is no longer trusted then many actors will start
>> maintaining their own broken lists (intentionally or unintentionally).
>>
>>- This will not stop Russia, they will just run their own state
>>sponsored DNS servers.  We can imagine what else might be implemented on
>>that concept...
>>- Countries or users that still want access will do the same with
>>custom DNS servers.
>>- This will take us down another path of no return as a global
>>standard that is not political or politically controlled.
>>- The belief that the internet is open and free (as much as possible)
>>will be broken in one more way.
>>- This will also accelerate the advancement of crypto DNS like
>>NameCoin (Years ago I liked the idea but I don't know how it is being
>>run anymore.) or UnstoppableDomains for example.   Similar to what is
>>starting to happen to central banking as countries start shutting down 
>> bank
>>accounts for political reasons.
>>
>> I am glad to see soo many people on here and many of the organizations
>> running these services state as much.
>>
>> Brian
>>
>>
>> --
>> *From:* NANOG  on
>> behalf of Patrick Bryant 
>> *Sent:* Saturday, March 12, 2022 2:47 AM
>> *To:* nanog@nanog.org 
>> *Subject:* Dropping support for the .ru top level domain
>>
>> I don't like the idea of disrupting any Internet service. But the current
>> situation is unprecedented.
>>
>> The Achilles Heel of general public use of Internet services has always
>> been the functionality of DNS.
>>
>> Unlike Layer 3 disruptions, dropping or disrupting support for the .ru
>> TLD can be accomplished without disrupting the Russian population's ability
>> to access information and services in the West.
>>
>> The only countermeasure would be the distribution of Russian national DNS
>> zones to a multiplicity of individual DNS resolvers within Russia. Russian
>> operators are in fact implementing this countermeasure, but it is a slow
>> and arduous process, and it will entail many of the operational
>> difficulties that existed with distributing Host files, which 

Re: Dropping support for the .ru top level domain

[Mel Beckman]

Owen is spot on, and for people who say dropping .ru you won’t affect citizens, 
they are forgetting about email addresses. I have a friend at a .ru domain who 
hosts his email out of country, which leaves me with a reliable way to give him 
real news.

 -mel

On Mar 15, 2022, at 12:08 PM, Owen DeLong via NANOG  wrote:

 I’m reminded of a quote from “2010 The year we make contact”:
“Just because our governments are behaving like asses doesn’t mean we have to.” 
(Roy Scheider as Dr. Heywood Floyd)

Breaking any communications facility is, IMHO, counterproductive to all sides. 
Communication is almost always the key to ending conflict.
In this case, it might require more than just communications, but breaking the 
.RU domain almost certainly isn’t going to help resolve the situation.

The internet should, ideally, continue to treat governments behaving like asses 
as damage and route around them.

Owen

On Mar 15, 2022, at 02:07 , Patrick Bryant 
mailto:patr...@pbryant.com>> wrote:

I propose dropping support of the .ru domains as an alternative to the other 
measures discussed here, such as dropping Russian ASNs -- which would have the 
counterproductive effect of isolating the Russian public from western news 
sources. Blocking those ASNs would also be futile as a network defense, if not 
implemented universally, since the bad actors in Russia usually exploit proxies 
in other countries as pivot points for their attacks.

Preventing the resolution of the .ru TLD would not impact the Russian public's 
ability to resolve and access all other TLDs. As I noted, there are 
countermeasures, including Russia standing up its own root servers, but there 
are two challenges to countermeasure: 1) it would require modifying evey hints 
file on every resolver within Russia and, 2) "other measures" could be taken 
against whatever servers Russia implemented as substitutes. Dropping support 
for the .ru TLD action may incentivize the Russian State to bifurcate its 
national network, making it another North Korea, but that action is already 
underway.

Other arguments are political, and I do not presume to set international 
political policy. I only offer a technical opinion, not a political one. The 
legalistic arguments of maintaining treaties is negated by the current state of 
war.

On Tue, Mar 15, 2022 at 2:29 AM Fred Baker 
mailto:fredbaker.i...@gmail.com>> wrote:
My viewpoint, and the reason I recommended against it, is that it gives Putin 
something he has wanted for a while, which is a Russia in which he is in 
control of information flows. We do for him what he has wanted for perhaps 20 
years, and come out the bad guys - “the terrible west gut us off!”.  I would 
rather have people in Russia have information flows that have a second 
viewpoint other than the Kremlin’s. I have no expectation that it will get 
through uncensored, but I would rather it was not in any sense “our fault” and 
therefore usable by Putin’s propaganda machine.

Sent from my iPad

On Mar 14, 2022, at 2:14 PM, Brian R 
mailto:briansupp...@hotmail.com>> wrote:


I can understand governments wanting this to be an option but I would let them 
do blocking within their countries to their own people if that is their desire. 
 This is another pandoras box.  Its bad enough that some countries control this 
already to block free flow of information.
If global DNS is no longer trusted then many actors will start maintaining 
their own broken lists (intentionally or unintentionally).

  *   This will not stop Russia, they will just run their own state sponsored 
DNS servers.  We can imagine what else might be implemented on that concept...
  *   Countries or users that still want access will do the same with custom 
DNS servers.
  *   This will take us down another path of no return as a global standard 
that is not political or politically controlled.
  *   The belief that the internet is open and free (as much as possible) will 
be broken in one more way.
  *   This will also accelerate the advancement of crypto DNS like NameCoin 
(Years ago I liked the idea but I don't know how it is being run anymore.) or 
UnstoppableDomains for example.   Similar to what is starting to happen to 
central banking as countries start shutting down bank accounts for political 
reasons.

I am glad to see soo many people on here and many of the organizations running 
these services state as much.

Brian



From: NANOG 
mailto:hotmail@nanog.org>>
 on behalf of Patrick Bryant mailto:patr...@pbryant.com>>
Sent: Saturday, March 12, 2022 2:47 AM
To: nanog@nanog.org 
mailto:nanog@nanog.org>>
Subject: Dropping support for the .ru top level domain

I don't like the idea of disrupting any Internet service. But the current 
situation is unprecedented.

The Achilles Heel of general public use of Internet services has always been 
the functionality of DNS.

Unlike Layer 3 disruptions, dropping or disrupting support 

Re: Dropping support for the .ru top level domain

[Owen DeLong via NANOG]

I’m reminded of a quote from “2010 The year we make contact”:
“Just because our governments are behaving like asses doesn’t mean we 
have to.” (Roy Scheider as Dr. Heywood Floyd)

Breaking any communications facility is, IMHO, counterproductive to all sides. 
Communication is almost always the key to ending conflict.
In this case, it might require more than just communications, but breaking the 
.RU domain almost certainly isn’t going to help resolve the situation.

The internet should, ideally, continue to treat governments behaving like asses 
as damage and route around them.

Owen

> On Mar 15, 2022, at 02:07 , Patrick Bryant  wrote:
> 
> I propose dropping support of the .ru domains as an alternative to the other 
> measures discussed here, such as dropping Russian ASNs -- which would have 
> the counterproductive effect of isolating the Russian public from western 
> news sources. Blocking those ASNs would also be futile as a network defense, 
> if not implemented universally, since the bad actors in Russia usually 
> exploit proxies in other countries as pivot points for their attacks. 
> 
> Preventing the resolution of the .ru TLD would not impact the Russian 
> public's ability to resolve and access all other TLDs. As I noted, there are 
> countermeasures, including Russia standing up its own root servers, but there 
> are two challenges to countermeasure: 1) it would require modifying evey 
> hints file on every resolver within Russia and, 2) "other measures" could be 
> taken against whatever servers Russia implemented as substitutes. Dropping 
> support for the .ru TLD action may incentivize the Russian State to bifurcate 
> its national network, making it another North Korea, but that action is 
> already underway. 
> 
> Other arguments are political, and I do not presume to set international 
> political policy. I only offer a technical opinion, not a political one. The 
> legalistic arguments of maintaining treaties is negated by the current state 
> of war.
> 
> On Tue, Mar 15, 2022 at 2:29 AM Fred Baker  > wrote:
> My viewpoint, and the reason I recommended against it, is that it gives Putin 
> something he has wanted for a while, which is a Russia in which he is in 
> control of information flows. We do for him what he has wanted for perhaps 20 
> years, and come out the bad guys - “the terrible west gut us off!”.  I would 
> rather have people in Russia have information flows that have a second 
> viewpoint other than the Kremlin’s. I have no expectation that it will get 
> through uncensored, but I would rather it was not in any sense “our fault” 
> and therefore usable by Putin’s propaganda machine.
> 
> Sent from my iPad
> 
>> On Mar 14, 2022, at 2:14 PM, Brian R > > wrote:
>> 
>> 
>> I can understand governments wanting this to be an option but I would let 
>> them do blocking within their countries to their own people if that is their 
>> desire.  This is another pandoras box.  Its bad enough that some countries 
>> control this already to block free flow of information.
>> If global DNS is no longer trusted then many actors will start maintaining 
>> their own broken lists (intentionally or unintentionally).
>> This will not stop Russia, they will just run their own state sponsored DNS 
>> servers.  We can imagine what else might be implemented on that concept...
>> Countries or users that still want access will do the same with custom DNS 
>> servers.
>> This will take us down another path of no return as a global standard that 
>> is not political or politically controlled.
>> The belief that the internet is open and free (as much as possible) will be 
>> broken in one more way.
>> This will also accelerate the advancement of crypto DNS like NameCoin (Years 
>> ago I liked the idea but I don't know how it is being run anymore.) or 
>> UnstoppableDomains for example.   Similar to what is starting to happen to 
>> central banking as countries start shutting down bank accounts for political 
>> reasons.
>> I am glad to see soo many people on here and many of the organizations 
>> running these services state as much.
>> 
>> Brian
>> 
>> 
>> From: NANOG > > on behalf of Patrick Bryant 
>> mailto:patr...@pbryant.com>>
>> Sent: Saturday, March 12, 2022 2:47 AM
>> To: nanog@nanog.org  > >
>> Subject: Dropping support for the .ru top level domain
>>  
>> I don't like the idea of disrupting any Internet service. But the current 
>> situation is unprecedented.
>> 
>> The Achilles Heel of general public use of Internet services has always been 
>> the functionality of DNS. 
>> 
>> Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD 
>> can be accomplished without disrupting the Russian population's ability to 
>> access information and services in the West.
>> 
>> The only countermeasure would be the distribution of 

Re: Dropping support for the .ru top level domain

[Alexander Maassen]

 Kind regards,Alexander Maassen
 Oorspronkelijk bericht Van: brian.john...@netgeek.us Datum: 
15-03-2022  15:08  (GMT+01:00) Aan: Patrick Bryant  Cc: 
"nanog@nanog.org list"  Onderwerp: Re: Dropping support for 
the .ru top level domain I think you need to understand that these actions will 
only prolong the situation and likely make things worse. Less info is always 
worse than more.- BrianOn Mar 15, 2022, at 4:07 AM, Patrick Bryant 
 wrote:I propose dropping support of the .ru domains as an 
alternative to the other measures discussed here, such as dropping Russian ASNs 
-- which would have the counterproductive effect of isolating the Russian 
public from western news sources. Blocking those ASNs would also be futile as a 
network defense, if not implemented universally, since the bad actors in Russia 
usually exploit proxies in other countries as pivot points for their attacks. 
Preventing the resolution of the .ru TLD would not impact the Russian public's 
ability to resolve and access all other TLDs. As I noted, there are 
countermeasures, including Russia standing up its own root servers, but there 
are two challenges to countermeasure: 1) it would require modifying evey hints 
file on every resolver within Russia and, 2) "other measures" could be taken 
against whatever servers Russia implemented as substitutes. Dropping support 
for the .ru TLD action may incentivize the Russian State to bifurcate its 
national network, making it another North Korea, but that action is already 
underway. Other arguments are political, and I do not presume to set 
international political policy. I only offer a technical opinion, not a 
political one. The legalistic arguments of maintaining treaties is negated by 
the current state of war.On Tue, Mar 15, 2022 at 2:29 AM Fred Baker 
 wrote:My viewpoint, and the reason I recommended 
against it, is that it gives Putin something he has wanted for a while, which 
is a Russia in which he is in control of information flows. We do for him what 
he has wanted for perhaps 20 years, and come out the bad guys - “the terrible 
west gut us off!”.  I would rather have people in Russia have information flows 
that have a second viewpoint other than the Kremlin’s. I have no expectation 
that it will get through uncensored, but I would rather it was not in any sense 
“our fault” and therefore usable by Putin’s propaganda machine.Sent from my 
iPadOn Mar 14, 2022, at 2:14 PM, Brian R  wrote:






I can understand governments wanting this to be an option but I would let them 
do blocking within their countries to their own people if that is their desire. 
 This is another pandoras box.  Its bad enough that some countries control this 
already to block free
 flow of information.

If global DNS is no longer trusted then many actors will start maintaining 
their own broken lists (intentionally or unintentionally).


This will not stop Russia, they will just run their own state sponsored DNS 
servers.  We can imagine what else might be implemented on that 
concept...Countries or users that still want access will do the same with 
custom DNS servers.
This will take us down another path of no return as a global standard that is 
not political or politically controlled.
The belief that the internet is open and free (as much as possible) will be 
broken in one more way.
This will also accelerate the advancement of crypto DNS like NameCoin (Years 
ago I liked the idea but I don't know how it is being run anymore.) or 
UnstoppableDomains
 for example.   Similar to what is starting to happen to central banking as 
countries start shutting down bank accounts for political reasons.


I am glad to see soo many people on here and many of the organizations running 
these services state as much.




Brian








From: NANOG  on behalf of 
Patrick Bryant 
Sent: Saturday, March 12, 2022 2:47 AM
To: nanog@nanog.org 
Subject: Dropping support for the .ru top level domain
 


I don't like the idea of disrupting any Internet service. But the current 
situation is unprecedented.


The Achilles Heel of general public use of Internet services has always been 
the functionality of DNS. 


Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD can 
be accomplished without disrupting the Russian population's ability to access 
information and services in the West.


The only countermeasure would be the distribution of Russian national DNS zones 
to a multiplicity of individual DNS resolvers within Russia. Russian operators 
are in fact implementing this countermeasure, but it is a slow and arduous 
process, and it will
 entail many of the operational difficulties that existed with distributing 
Host files, which DNS was implemented to overcome. 


The .ru TLD could be globally disrupted by dropping the .ru zone from the 13 
DNS root servers. This would be the most effective action, but would require an 
authoritative consensus. One level down in DNS 

Re: Dropping support for the .ru top level domain

[brian . johnson]

I think you need to understand that these actions will only prolong the 
situation and likely make things worse. Less info is always worse than more.

- Brian

> On Mar 15, 2022, at 4:07 AM, Patrick Bryant  wrote:
> 
> I propose dropping support of the .ru domains as an alternative to the other 
> measures discussed here, such as dropping Russian ASNs -- which would have 
> the counterproductive effect of isolating the Russian public from western 
> news sources. Blocking those ASNs would also be futile as a network defense, 
> if not implemented universally, since the bad actors in Russia usually 
> exploit proxies in other countries as pivot points for their attacks. 
> 
> Preventing the resolution of the .ru TLD would not impact the Russian 
> public's ability to resolve and access all other TLDs. As I noted, there are 
> countermeasures, including Russia standing up its own root servers, but there 
> are two challenges to countermeasure: 1) it would require modifying evey 
> hints file on every resolver within Russia and, 2) "other measures" could be 
> taken against whatever servers Russia implemented as substitutes. Dropping 
> support for the .ru TLD action may incentivize the Russian State to bifurcate 
> its national network, making it another North Korea, but that action is 
> already underway. 
> 
> Other arguments are political, and I do not presume to set international 
> political policy. I only offer a technical opinion, not a political one. The 
> legalistic arguments of maintaining treaties is negated by the current state 
> of war.
> 
> On Tue, Mar 15, 2022 at 2:29 AM Fred Baker  > wrote:
> My viewpoint, and the reason I recommended against it, is that it gives Putin 
> something he has wanted for a while, which is a Russia in which he is in 
> control of information flows. We do for him what he has wanted for perhaps 20 
> years, and come out the bad guys - “the terrible west gut us off!”.  I would 
> rather have people in Russia have information flows that have a second 
> viewpoint other than the Kremlin’s. I have no expectation that it will get 
> through uncensored, but I would rather it was not in any sense “our fault” 
> and therefore usable by Putin’s propaganda machine.
> 
> Sent from my iPad
> 
>> On Mar 14, 2022, at 2:14 PM, Brian R > > wrote:
>> 
>> 
>> I can understand governments wanting this to be an option but I would let 
>> them do blocking within their countries to their own people if that is their 
>> desire.  This is another pandoras box.  Its bad enough that some countries 
>> control this already to block free flow of information.
>> If global DNS is no longer trusted then many actors will start maintaining 
>> their own broken lists (intentionally or unintentionally).
>> This will not stop Russia, they will just run their own state sponsored DNS 
>> servers.  We can imagine what else might be implemented on that concept...
>> Countries or users that still want access will do the same with custom DNS 
>> servers.
>> This will take us down another path of no return as a global standard that 
>> is not political or politically controlled.
>> The belief that the internet is open and free (as much as possible) will be 
>> broken in one more way.
>> This will also accelerate the advancement of crypto DNS like NameCoin (Years 
>> ago I liked the idea but I don't know how it is being run anymore.) or 
>> UnstoppableDomains for example.   Similar to what is starting to happen to 
>> central banking as countries start shutting down bank accounts for political 
>> reasons.
>> I am glad to see soo many people on here and many of the organizations 
>> running these services state as much.
>> 
>> Brian
>> 
>> 
>> From: NANOG > > on behalf of Patrick Bryant 
>> mailto:patr...@pbryant.com>>
>> Sent: Saturday, March 12, 2022 2:47 AM
>> To: nanog@nanog.org  > >
>> Subject: Dropping support for the .ru top level domain
>>  
>> I don't like the idea of disrupting any Internet service. But the current 
>> situation is unprecedented.
>> 
>> The Achilles Heel of general public use of Internet services has always been 
>> the functionality of DNS. 
>> 
>> Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD 
>> can be accomplished without disrupting the Russian population's ability to 
>> access information and services in the West.
>> 
>> The only countermeasure would be the distribution of Russian national DNS 
>> zones to a multiplicity of individual DNS resolvers within Russia. Russian 
>> operators are in fact implementing this countermeasure, but it is a slow and 
>> arduous process, and it will entail many of the operational difficulties 
>> that existed with distributing Host files, which DNS was implemented to 
>> overcome. 
>> 
>> The .ru TLD could be globally disrupted by dropping the .ru zone from the 13 
>> DNS 

Re: Dropping support for the .ru top level domain

[Patrick Bryant]

I propose dropping support of the .ru domains as an alternative to the
other measures discussed here, such as dropping Russian ASNs -- which
*would* have the counterproductive effect of isolating the Russian public
from western news sources. Blocking those ASNs would also be futile as a
network defense, if not implemented universally, since the bad actors in
Russia usually exploit proxies in other countries as pivot points for their
attacks.

Preventing the resolution of the .ru TLD would not impact the Russian
public's ability to resolve and access all other TLDs. As I noted, there
are countermeasures, including Russia standing up its own root servers, but
there are two challenges to countermeasure: 1) it would require modifying
evey hints file on every resolver within Russia and, 2) "other measures"
could be taken against whatever servers Russia implemented as substitutes.
Dropping support for the .ru TLD action may incentivize the Russian State
to bifurcate its national network, making it another North Korea, but that
action is already underway.

Other arguments are political, and I do not presume to set international
political policy. I only offer a technical opinion, not a political one.
The legalistic arguments of maintaining treaties is negated by the current
state of war.

On Tue, Mar 15, 2022 at 2:29 AM Fred Baker  wrote:

> My viewpoint, and the reason I recommended against it, is that it gives
> Putin something he has wanted for a while, which is a Russia in which he is
> in control of information flows. We do for him what he has wanted for
> perhaps 20 years, and come out the bad guys - “the terrible west gut us
> off!”.  I would rather have people in Russia have information flows that
> have a second viewpoint other than the Kremlin’s. I have no expectation
> that it will get through uncensored, but I would rather it was not in any
> sense “our fault” and therefore usable by Putin’s propaganda machine.
>
> Sent from my iPad
>
> On Mar 14, 2022, at 2:14 PM, Brian R  wrote:
>
> 
> I can understand governments wanting this to be an option but I would let
> them do blocking within their countries to their own people if that is
> their desire.  This is another pandoras box.  Its bad enough that some
> countries control this already to block free flow of information.
> If global DNS is no longer trusted then many actors will start maintaining
> their own broken lists (intentionally or unintentionally).
>
>- This will not stop Russia, they will just run their own state
>sponsored DNS servers.  We can imagine what else might be implemented on
>that concept...
>- Countries or users that still want access will do the same with
>custom DNS servers.
>- This will take us down another path of no return as a global
>standard that is not political or politically controlled.
>- The belief that the internet is open and free (as much as possible)
>will be broken in one more way.
>- This will also accelerate the advancement of crypto DNS like
>NameCoin (Years ago I liked the idea but I don't know how it is being
>run anymore.) or UnstoppableDomains for example.   Similar to what is
>starting to happen to central banking as countries start shutting down bank
>accounts for political reasons.
>
> I am glad to see soo many people on here and many of the organizations
> running these services state as much.
>
> Brian
>
>
> --
> *From:* NANOG  on
> behalf of Patrick Bryant 
> *Sent:* Saturday, March 12, 2022 2:47 AM
> *To:* nanog@nanog.org 
> *Subject:* Dropping support for the .ru top level domain
>
> I don't like the idea of disrupting any Internet service. But the current
> situation is unprecedented.
>
> The Achilles Heel of general public use of Internet services has always
> been the functionality of DNS.
>
> Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD
> can be accomplished without disrupting the Russian population's ability to
> access information and services in the West.
>
> The only countermeasure would be the distribution of Russian national DNS
> zones to a multiplicity of individual DNS resolvers within Russia. Russian
> operators are in fact implementing this countermeasure, but it is a slow
> and arduous process, and it will entail many of the operational
> difficulties that existed with distributing Host files, which DNS was
> implemented to overcome.
>
> The .ru TLD could be globally disrupted by dropping the .ru zone from the
> 13 DNS root servers. This would be the most effective action, but would
> require an authoritative consensus. One level down in DNS delegation are
> the 5 authoritative servers. I will leave it to the imagination of others
> to envision what action that could be taken there...
>
> ru  nameserver = a.dns.ripn.net
> ru  nameserver = b.dns.ripn.net
> ru  nameserver = d.dns.ripn.net
> ru  nameserver = e.dns.ripn.net
> ru  nameserver = 

Re: Dropping support for the .ru top level domain

[Brian R]

Agreed

Brian

From: Mel Beckman 
Sent: Monday, March 14, 2022 7:07 PM
To: Fred Baker 
Cc: Brian R ; nanog@nanog.org 
Subject: Re: Dropping support for the .ru top level domain

+1

 -mel beckman

On Mar 14, 2022, at 9:29 PM, Fred Baker  wrote:

 My viewpoint, and the reason I recommended against it, is that it gives Putin 
something he has wanted for a while, which is a Russia in which he is in 
control of information flows. We do for him what he has wanted for perhaps 20 
years, and come out the bad guys - “the terrible west gut us off!”.  I would 
rather have people in Russia have information flows that have a second 
viewpoint other than the Kremlin’s. I have no expectation that it will get 
through uncensored, but I would rather it was not in any sense “our fault” and 
therefore usable by Putin’s propaganda machine.

Sent from my iPad

On Mar 14, 2022, at 2:14 PM, Brian R  wrote:


I can understand governments wanting this to be an option but I would let them 
do blocking within their countries to their own people if that is their desire. 
 This is another pandoras box.  Its bad enough that some countries control this 
already to block free flow of information.
If global DNS is no longer trusted then many actors will start maintaining 
their own broken lists (intentionally or unintentionally).

  *   This will not stop Russia, they will just run their own state sponsored 
DNS servers.  We can imagine what else might be implemented on that concept...
  *   Countries or users that still want access will do the same with custom 
DNS servers.
  *   This will take us down another path of no return as a global standard 
that is not political or politically controlled.
  *   The belief that the internet is open and free (as much as possible) will 
be broken in one more way.
  *   This will also accelerate the advancement of crypto DNS like NameCoin 
(Years ago I liked the idea but I don't know how it is being run anymore.) or 
UnstoppableDomains for example.   Similar to what is starting to happen to 
central banking as countries start shutting down bank accounts for political 
reasons.

I am glad to see soo many people on here and many of the organizations running 
these services state as much.

Brian



From: NANOG  on behalf of 
Patrick Bryant 
Sent: Saturday, March 12, 2022 2:47 AM
To: nanog@nanog.org 
Subject: Dropping support for the .ru top level domain

I don't like the idea of disrupting any Internet service. But the current 
situation is unprecedented.

The Achilles Heel of general public use of Internet services has always been 
the functionality of DNS.

Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD can 
be accomplished without disrupting the Russian population's ability to access 
information and services in the West.

The only countermeasure would be the distribution of Russian national DNS zones 
to a multiplicity of individual DNS resolvers within Russia. Russian operators 
are in fact implementing this countermeasure, but it is a slow and arduous 
process, and it will entail many of the operational difficulties that existed 
with distributing Host files, which DNS was implemented to overcome.

The .ru TLD could be globally disrupted by dropping the .ru zone from the 13 
DNS root servers. This would be the most effective action, but would require an 
authoritative consensus. One level down in DNS delegation are the 5 
authoritative servers. I will leave it to the imagination of others to envision 
what action that could be taken there...

ru  nameserver = a.dns.ripn.net<http://a.dns.ripn.net>
ru  nameserver = b.dns.ripn.net<http://b.dns.ripn.net>
ru  nameserver = d.dns.ripn.net<http://d.dns.ripn.net>
ru  nameserver = e.dns.ripn.net<http://e.dns.ripn.net>
ru  nameserver = f.dns.ripn.net<http://f.dns.ripn.net>

The impact of any action would take time (days) to propagate.

Re: Dropping support for the .ru top level domain

[Mel Beckman]

+1

 -mel beckman

On Mar 14, 2022, at 9:29 PM, Fred Baker  wrote:

 My viewpoint, and the reason I recommended against it, is that it gives Putin 
something he has wanted for a while, which is a Russia in which he is in 
control of information flows. We do for him what he has wanted for perhaps 20 
years, and come out the bad guys - “the terrible west gut us off!”.  I would 
rather have people in Russia have information flows that have a second 
viewpoint other than the Kremlin’s. I have no expectation that it will get 
through uncensored, but I would rather it was not in any sense “our fault” and 
therefore usable by Putin’s propaganda machine.

Sent from my iPad

On Mar 14, 2022, at 2:14 PM, Brian R  wrote:


I can understand governments wanting this to be an option but I would let them 
do blocking within their countries to their own people if that is their desire. 
 This is another pandoras box.  Its bad enough that some countries control this 
already to block free flow of information.
If global DNS is no longer trusted then many actors will start maintaining 
their own broken lists (intentionally or unintentionally).

  *   This will not stop Russia, they will just run their own state sponsored 
DNS servers.  We can imagine what else might be implemented on that concept...
  *   Countries or users that still want access will do the same with custom 
DNS servers.
  *   This will take us down another path of no return as a global standard 
that is not political or politically controlled.
  *   The belief that the internet is open and free (as much as possible) will 
be broken in one more way.
  *   This will also accelerate the advancement of crypto DNS like NameCoin 
(Years ago I liked the idea but I don't know how it is being run anymore.) or 
UnstoppableDomains for example.   Similar to what is starting to happen to 
central banking as countries start shutting down bank accounts for political 
reasons.

I am glad to see soo many people on here and many of the organizations running 
these services state as much.

Brian



From: NANOG  on behalf of 
Patrick Bryant 
Sent: Saturday, March 12, 2022 2:47 AM
To: nanog@nanog.org 
Subject: Dropping support for the .ru top level domain

I don't like the idea of disrupting any Internet service. But the current 
situation is unprecedented.

The Achilles Heel of general public use of Internet services has always been 
the functionality of DNS.

Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD can 
be accomplished without disrupting the Russian population's ability to access 
information and services in the West.

The only countermeasure would be the distribution of Russian national DNS zones 
to a multiplicity of individual DNS resolvers within Russia. Russian operators 
are in fact implementing this countermeasure, but it is a slow and arduous 
process, and it will entail many of the operational difficulties that existed 
with distributing Host files, which DNS was implemented to overcome.

The .ru TLD could be globally disrupted by dropping the .ru zone from the 13 
DNS root servers. This would be the most effective action, but would require an 
authoritative consensus. One level down in DNS delegation are the 5 
authoritative servers. I will leave it to the imagination of others to envision 
what action that could be taken there...

ru  nameserver = a.dns.ripn.net
ru  nameserver = b.dns.ripn.net
ru  nameserver = d.dns.ripn.net
ru  nameserver = e.dns.ripn.net
ru  nameserver = f.dns.ripn.net

The impact of any action would take time (days) to propagate.

Re: Dropping support for the .ru top level domain

[Fred Baker]

My viewpoint, and the reason I recommended against it, is that it gives Putin 
something he has wanted for a while, which is a Russia in which he is in 
control of information flows. We do for him what he has wanted for perhaps 20 
years, and come out the bad guys - “the terrible west gut us off!”.  I would 
rather have people in Russia have information flows that have a second 
viewpoint other than the Kremlin’s. I have no expectation that it will get 
through uncensored, but I would rather it was not in any sense “our fault” and 
therefore usable by Putin’s propaganda machine.

Sent from my iPad

> On Mar 14, 2022, at 2:14 PM, Brian R  wrote:
> 
> 
> I can understand governments wanting this to be an option but I would let 
> them do blocking within their countries to their own people if that is their 
> desire.  This is another pandoras box.  Its bad enough that some countries 
> control this already to block free flow of information.
> If global DNS is no longer trusted then many actors will start maintaining 
> their own broken lists (intentionally or unintentionally).
> This will not stop Russia, they will just run their own state sponsored DNS 
> servers.  We can imagine what else might be implemented on that concept...
> Countries or users that still want access will do the same with custom DNS 
> servers.
> This will take us down another path of no return as a global standard that is 
> not political or politically controlled.
> The belief that the internet is open and free (as much as possible) will be 
> broken in one more way.
> This will also accelerate the advancement of crypto DNS like NameCoin (Years 
> ago I liked the idea but I don't know how it is being run anymore.) or 
> UnstoppableDomains for example.   Similar to what is starting to happen to 
> central banking as countries start shutting down bank accounts for political 
> reasons.
> I am glad to see soo many people on here and many of the organizations 
> running these services state as much.
> 
> Brian
> 
> 
> From: NANOG  on behalf of 
> Patrick Bryant 
> Sent: Saturday, March 12, 2022 2:47 AM
> To: nanog@nanog.org 
> Subject: Dropping support for the .ru top level domain
>  
> I don't like the idea of disrupting any Internet service. But the current 
> situation is unprecedented.
> 
> The Achilles Heel of general public use of Internet services has always been 
> the functionality of DNS. 
> 
> Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD 
> can be accomplished without disrupting the Russian population's ability to 
> access information and services in the West.
> 
> The only countermeasure would be the distribution of Russian national DNS 
> zones to a multiplicity of individual DNS resolvers within Russia. Russian 
> operators are in fact implementing this countermeasure, but it is a slow and 
> arduous process, and it will entail many of the operational difficulties that 
> existed with distributing Host files, which DNS was implemented to overcome. 
> 
> The .ru TLD could be globally disrupted by dropping the .ru zone from the 13 
> DNS root servers. This would be the most effective action, but would require 
> an authoritative consensus. One level down in DNS delegation are the 5 
> authoritative servers. I will leave it to the imagination of others to 
> envision what action that could be taken there...
> 
> ru  nameserver = a.dns.ripn.net
> ru  nameserver = b.dns.ripn.net
> ru  nameserver = d.dns.ripn.net
> ru  nameserver = e.dns.ripn.net
> ru  nameserver = f.dns.ripn.net
> 
> The impact of any action would take time (days) to propagate.
> 

Re: Dropping support for the .ru top level domain

[Brian R]

I can understand governments wanting this to be an option but I would let them 
do blocking within their countries to their own people if that is their desire. 
 This is another pandoras box.  Its bad enough that some countries control this 
already to block free flow of information.
If global DNS is no longer trusted then many actors will start maintaining 
their own broken lists (intentionally or unintentionally).

  *   This will not stop Russia, they will just run their own state sponsored 
DNS servers.  We can imagine what else might be implemented on that concept...
  *   Countries or users that still want access will do the same with custom 
DNS servers.
  *   This will take us down another path of no return as a global standard 
that is not political or politically controlled.
  *   The belief that the internet is open and free (as much as possible) will 
be broken in one more way.
  *   This will also accelerate the advancement of crypto DNS like NameCoin 
(Years ago I liked the idea but I don't know how it is being run anymore.) or 
UnstoppableDomains for example.   Similar to what is starting to happen to 
central banking as countries start shutting down bank accounts for political 
reasons.

I am glad to see soo many people on here and many of the organizations running 
these services state as much.

Brian



From: NANOG  on behalf of 
Patrick Bryant 
Sent: Saturday, March 12, 2022 2:47 AM
To: nanog@nanog.org 
Subject: Dropping support for the .ru top level domain

I don't like the idea of disrupting any Internet service. But the current 
situation is unprecedented.

The Achilles Heel of general public use of Internet services has always been 
the functionality of DNS.

Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD can 
be accomplished without disrupting the Russian population's ability to access 
information and services in the West.

The only countermeasure would be the distribution of Russian national DNS zones 
to a multiplicity of individual DNS resolvers within Russia. Russian operators 
are in fact implementing this countermeasure, but it is a slow and arduous 
process, and it will entail many of the operational difficulties that existed 
with distributing Host files, which DNS was implemented to overcome.

The .ru TLD could be globally disrupted by dropping the .ru zone from the 13 
DNS root servers. This would be the most effective action, but would require an 
authoritative consensus. One level down in DNS delegation are the 5 
authoritative servers. I will leave it to the imagination of others to envision 
what action that could be taken there...

ru  nameserver = a.dns.ripn.net
ru  nameserver = b.dns.ripn.net
ru  nameserver = d.dns.ripn.net
ru  nameserver = e.dns.ripn.net
ru  nameserver = f.dns.ripn.net

The impact of any action would take time (days) to propagate.

Re: Dropping support for the .ru top level domain

[Denys Fedoryshchenko]

As bad as it is to break an internet service, it's even worse technical 
side of your idea.
Given that there is an agency in Russia that has the ability to 
intercept and modify all DNS queries,
countering your "idea" is trivial. They will just route root servers 
locally and setup their own zones.

And even if they aren't, replacing root hints in recursor is trivial.
It will take a lot less time than reaching a "authoritative consensus".

But the colossal harm that a violation of neutrality will cause when 
each country starts
making sovereign root servers "just in case", their own DNSSEC, RIR, CA 
and etc -

will cause much more significant harm to the rest of world.

Please, people who generate such delusional ideas, stop trying to 
disrupt neutrality of the

Internet.
If you want to get involved in a war, go there, do not drag the rest of 
the world into the conflict.


On 2022-03-12 12:47, Patrick Bryant wrote:

I don't like the idea of disrupting any Internet service. But the
current situation is unprecedented.

The Achilles Heel of general public use of Internet services has
always been the functionality of DNS.

Unlike Layer 3 disruptions, dropping or disrupting support for the .ru
TLD can be accomplished without disrupting the Russian population's
ability to access information and services in the West.

The only countermeasure would be the distribution of Russian national
DNS zones to a multiplicity of individual DNS resolvers within Russia.
Russian operators are in fact implementing this countermeasure, but it
is a slow and arduous process, and it will entail many of the
operational difficulties that existed with distributing Host files,
which DNS was implemented to overcome.

The .ru TLD could be globally disrupted by dropping the .ru zone from
the 13 DNS root servers. This would be the most effective action, but
would require an authoritative consensus. One level down in DNS
delegation are the 5 authoritative servers. I will leave it to the
imagination of others to envision what action that could be taken
there...

ru  nameserver = a.dns.ripn.net [1]
ru  nameserver = b.dns.ripn.net [2]
ru  nameserver = d.dns.ripn.net [3]
ru  nameserver = e.dns.ripn.net [4]
ru  nameserver = f.dns.ripn.net [5]

The impact of any action would take time (days) to propagate.



Links:
--
[1] http://a.dns.ripn.net
[2] http://b.dns.ripn.net
[3] http://d.dns.ripn.net
[4] http://e.dns.ripn.net
[5] http://f.dns.ripn.net

Re: Dropping support for the .ru top level domain

[james.cut...@consultant.com]

On Mar 12, 2022, at 5:47 AM, Patrick Bryant  wrote:
> 
> 
> The impact of any action would take time (days) to propagate.
> 
I assert that ‘days’ is extremely optimistic.

Re: Dropping support for the .ru top level domain

[james.cut...@consultant.com]

On Mar 12, 2022, at 5:47 AM, Patrick Bryant  wrote:
> 
> I don't like the idea of disrupting any Internet service. 


I certainly agree with that.

Removing .ru from the root name servers will most certainly be as effective as 
removing certain words from dictionaries to prevent their use.

As to the former, establishment of local servers with .ru re-inserted is not 
only technically feasible, but not particularly expensive. There is some 
history of alternate root server establishment. There are other likely ways to 
distribute layer 3 address including, for example, social media, 

As to the latter, most of us learn a extensive vocabulary long before gaining 
the ability to read dictionaries or even graffiti.

My point is that this kind of “security through obscurity” may play well to 
newshounds and politicians, but has no practical effect. Disruption of a common 
robust name to layer 3 address lookup will increase operational costs without 
commensurate results.

Re: Dropping support for the .ru top level domain

[Mel Beckman]

It amazes me that these knee-jerk sanction reactions go so far down the 
regulatory rabbit hole before they are rejected by knowledgeable people. The 
idea that blocking the .ru domain would punish only the Russian government is 
as laughable as thinking that blocking the .tv domain would punish the 
constitutional monarchy of Tuvalu.

-mel via cell

On Mar 14, 2022, at 11:59 AM, jim deleskie  wrote:


Terrible idea on so many levels.

-jim

On Mon, Mar 14, 2022, 12:30 PM Patrick Bryant 
mailto:patr...@pbryant.com>> wrote:
I don't like the idea of disrupting any Internet service. But the current 
situation is unprecedented.

The Achilles Heel of general public use of Internet services has always been 
the functionality of DNS.

Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD can 
be accomplished without disrupting the Russian population's ability to access 
information and services in the West.

The only countermeasure would be the distribution of Russian national DNS zones 
to a multiplicity of individual DNS resolvers within Russia. Russian operators 
are in fact implementing this countermeasure, but it is a slow and arduous 
process, and it will entail many of the operational difficulties that existed 
with distributing Host files, which DNS was implemented to overcome.

The .ru TLD could be globally disrupted by dropping the .ru zone from the 13 
DNS root servers. This would be the most effective action, but would require an 
authoritative consensus. One level down in DNS delegation are the 5 
authoritative servers. I will leave it to the imagination of others to envision 
what action that could be taken there...

ru  nameserver = a.dns.ripn.net
ru  nameserver = b.dns.ripn.net
ru  nameserver = d.dns.ripn.net
ru  nameserver = e.dns.ripn.net
ru  nameserver = f.dns.ripn.net

The impact of any action would take time (days) to propagate.

Re: Dropping support for the .ru top level domain

[jim deleskie]

Terrible idea on so many levels.

-jim

On Mon, Mar 14, 2022, 12:30 PM Patrick Bryant  wrote:

> I don't like the idea of disrupting any Internet service. But the current
> situation is unprecedented.
>
> The Achilles Heel of general public use of Internet services has always
> been the functionality of DNS.
>
> Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD
> can be accomplished without disrupting the Russian population's ability to
> access information and services in the West.
>
> The only countermeasure would be the distribution of Russian national DNS
> zones to a multiplicity of individual DNS resolvers within Russia. Russian
> operators are in fact implementing this countermeasure, but it is a slow
> and arduous process, and it will entail many of the operational
> difficulties that existed with distributing Host files, which DNS was
> implemented to overcome.
>
> The .ru TLD could be globally disrupted by dropping the .ru zone from the
> 13 DNS root servers. This would be the most effective action, but would
> require an authoritative consensus. One level down in DNS delegation are
> the 5 authoritative servers. I will leave it to the imagination of others
> to envision what action that could be taken there...
>
> ru  nameserver = a.dns.ripn.net
> ru  nameserver = b.dns.ripn.net
> ru  nameserver = d.dns.ripn.net
> ru  nameserver = e.dns.ripn.net
> ru  nameserver = f.dns.ripn.net
>
> The impact of any action would take time (days) to propagate.
>
>

Re: Dropping support for the .ru top level domain

[William Herrin]

On Mon, Mar 14, 2022 at 8:30 AM Patrick Bryant  wrote:
> The .ru TLD could be globally disrupted by dropping the .ru zone from the 13 
> DNS root servers. This would be the most effective action, but would require 
> an authoritative consensus.

Hi Patrick,

ICANN has already rejected this proposal.

While individual operators can take action of their own, you should
also be aware that Russia, Ukraine and the United States are all
signatories to the 1907 Convention (V) respecting the Rights and
Duties of Neutral Powers and Persons in Case of War on Land which
restricts lawful disruption of telecommunications by folks who are not
belligerents in the conflict.

Regards,
Bill Herrin


--
William Herrin
b...@herrin.us
https://bill.herrin.us/

Re: Dropping support for the .ru top level domain

[Bill Woodcock]

> On Mar 12, 2022, at 11:47 AM, Patrick Bryant  wrote:
> Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD 
> can be accomplished without disrupting the Russian population's ability to 
> access information and services in the West.


Quoting from 
https://www.pch.net/resources/Papers/Multistakeholder-Imposition-of-Internet-Sanctions.pdf
 :

Revocation of country-code Top Level Domains (ccTLDs)
Every ISO-3166 Alpha-2 two-letter abbreviation of a national name is reserved 
for the use of the Internet community of that nation as a “country-code Top 
Level Domain,” or “ccTLD.” This reservation is made expressly for the Internet 
community of the nation and not the government of the nation. Geographic, 
political, and sociocultural allocations of “internationalized” top-level 
domains (such as “.рф” to the Russian Federation, or “.укр” to Ukraine) are 
made in parallel with the ISO-3166 mechanism.

The primary users of any ccTLD are its civilian constituents, who may be 
distributed globally and may be united by linguistic or cultural identity 
rather than nationality or national identity. Removal of a ccTLD from the root 
zone of the domain name system (the sanction suggested by the letter) would 
make it very difficult for anyone, globally, within Russia or without, to 
contact users of the affected domains, a group that consists almost entirely of 
Russian-speaking civilians. At the same time, it would have relatively little 
effect upon Russian military networks, which are unlikely to rely upon DNS 
servers outside their own control.

We therefore conclude that the revocation, whether temporary or permanent, of a 
ccTLD is not an effective sanction because it disproportionately harms 
civilians; specifically, it is ineffective against any government that has 
taken cyber-defense preparatory measures to alleviate dependence upon foreign 
nameservers for domain name resolution. In addition, any country against which 
this sanction was applied would likely immediately set up an “alternate root,” 
competing with the one administered by the Internet Assigned Numbers Authority, 
using any of a number of trivial means. If one country did so, others would 
likely follow suit, leading to an exodus from the consensus Internet that 
allows general interconnection.

It would break DNSSEC within .ru, and it would disrupt civilian communication 
within Russia.  Not a good idea.

-Bill



signature.asc
Description: Message signed with OpenPGP

RE: Dropping support for the .ru top level domain

[Kain, Becki (.)]

So much for livejournal then.


From: NANOG  On Behalf Of Patrick 
Bryant
Sent: Saturday, March 12, 2022 5:47 AM
To: nanog@nanog.org
Subject: Dropping support for the .ru top level domain

WARNING: This message originated outside of Ford Motor Company. Use caution 
when opening attachments, clicking links, or responding.

I don't like the idea of disrupting any Internet service. But the current 
situation is unprecedented.

The Achilles Heel of general public use of Internet services has always been 
the functionality of DNS.

Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD can 
be accomplished without disrupting the Russian population's ability to access 
information and services in the West.

The only countermeasure would be the distribution of Russian national DNS zones 
to a multiplicity of individual DNS resolvers within Russia. Russian operators 
are in fact implementing this countermeasure, but it is a slow and arduous 
process, and it will entail many of the operational difficulties that existed 
with distributing Host files, which DNS was implemented to overcome.

The .ru TLD could be globally disrupted by dropping the .ru zone from the 13 
DNS root servers. This would be the most effective action, but would require an 
authoritative consensus. One level down in DNS delegation are the 5 
authoritative servers. I will leave it to the imagination of others to envision 
what action that could be taken there...

ru  nameserver = 
a.dns.ripn.net
ru  nameserver = 
b.dns.ripn.net
ru  nameserver = 
d.dns.ripn.net
ru  nameserver = 
e.dns.ripn.net
ru  nameserver = 
f.dns.ripn.net

The impact of any action would take time (days) to propagate.

Re: Dropping support for the .ru top level domain

[J. Hellenthal via NANOG]

Thank you for you're support.?.


-- 

J. Hellenthal

The fact that there's a highway to Hell but only a stairway to Heaven says a 
lot about anticipated traffic volume.






> On Mar 12, 2022, at 04:47, Patrick Bryant  wrote:
> 
> I don't like the idea of disrupting any Internet service. But the current 
> situation is unprecedented.
> 
> The Achilles Heel of general public use of Internet services has always been 
> the functionality of DNS. 
> 
> Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD 
> can be accomplished without disrupting the Russian population's ability to 
> access information and services in the West.
> 
> The only countermeasure would be the distribution of Russian national DNS 
> zones to a multiplicity of individual DNS resolvers within Russia. Russian 
> operators are in fact implementing this countermeasure, but it is a slow and 
> arduous process, and it will entail many of the operational difficulties that 
> existed with distributing Host files, which DNS was implemented to overcome. 
> 
> The .ru TLD could be globally disrupted by dropping the .ru zone from the 13 
> DNS root servers. This would be the most effective action, but would require 
> an authoritative consensus. One level down in DNS delegation are the 5 
> authoritative servers. I will leave it to the imagination of others to 
> envision what action that could be taken there...
> 
> ru  nameserver = a.dns.ripn.net
> ru  nameserver = b.dns.ripn.net
> ru  nameserver = d.dns.ripn.net
> ru  nameserver = e.dns.ripn.net
> ru  nameserver = f.dns.ripn.net
> 
> The impact of any action would take time (days) to propagate.
> 

Re: Dropping support for the .ru top level domain

[Christopher Morrow]

https://mailman.nanog.org/pipermail/nanog/2022-March/217815.html

On Mon, Mar 14, 2022 at 11:29 AM Patrick Bryant  wrote:

> I don't like the idea of disrupting any Internet service. But the current
> situation is unprecedented.
>
> The Achilles Heel of general public use of Internet services has always
> been the functionality of DNS.
>
> Unlike Layer 3 disruptions, dropping or disrupting support for the .ru TLD
> can be accomplished without disrupting the Russian population's ability to
> access information and services in the West.
>
> The only countermeasure would be the distribution of Russian national DNS
> zones to a multiplicity of individual DNS resolvers within Russia. Russian
> operators are in fact implementing this countermeasure, but it is a slow
> and arduous process, and it will entail many of the operational
> difficulties that existed with distributing Host files, which DNS was
> implemented to overcome.
>
> The .ru TLD could be globally disrupted by dropping the .ru zone from the
> 13 DNS root servers. This would be the most effective action, but would
> require an authoritative consensus. One level down in DNS delegation are
> the 5 authoritative servers. I will leave it to the imagination of others
> to envision what action that could be taken there...
>
> ru  nameserver = a.dns.ripn.net
> ru  nameserver = b.dns.ripn.net
> ru  nameserver = d.dns.ripn.net
> ru  nameserver = e.dns.ripn.net
> ru  nameserver = f.dns.ripn.net
>
> The impact of any action would take time (days) to propagate.
>
>