"In the short-term, this is a bad plan because it would cut the Russian man-on-the-street off from international news and perspectives, leaving them with only what the Russian government chooses to tell them. That's not a great way to decrease Russian public support for the war.
In the long-term, this would set the precedent that small industry associations in Los Angeles and Amsterdam would be playing arbiter in international conflicts, and messing with countries' supposedly-sovereign country-code top-level domains.
And if that were to happen, a lot more countries than just China and Russia would secede from the common-consensus-Internet that allows us to all talk to each other."
how does removing .ru dns cut the russian man-on-the-street from interational news and perspectives.
dns is not ip addresses. all that means is russian websites would stop working via normal dns, not that ip addresses would stop routing and non .ru would continue to resolve normally.
the only thing I can imagine is that it would cut them off because russia et al would then take the step to cut them off (which they sort of do already)
Regardless of what you think about this possible course of action, this is totally disingenuous. It’s like saying that 40 years ago removing some businesses from the yellow pages didn’t mean you couldn’t still call them - that’s technically correct, but you’d better have them in your address book already or know someone who does. Compound that problem with 1) needing a much bigger address book, 2) phone numbers changing and the same business potentially having many phone numbers to different parts of their business, 3) never having used a phone book before and not even having an address book to start with (using an IP address is totally out of the ordinary for many people, and may not even be supported by applications other than a web browser. If suddenly all the sites I visited were no longer available through my usual DNS providers, I wouldn’t be able to visit them).
the point I was making, just removing .ru resolution, doesn't prevent them from accessing international sites. .com will still resolve. assuming google doesn't do ip filtering, seting your dns to 8.8.8.8 (or cloudflare or others) and .com will still resolve even if they remove the roots running in russia.
> dns is not ip addresses. all that means is russian websites would stop working via normal dns, not that ip addresses would stop routing and non .ru would continue to resolve normally
A “man on the street” isn’t browsing via IP address, and in the modern days of TLS SNI, you practically can’t just type in IP addresses to visit websites anyway. Names matter.
again, not what I was arguing against. the argument was removing .ru resolution would prevent russians from reading international media to see how the rest of the world is seeing it.
I dont understand how one can make that argument with a straight face.
Perhaps it’s because Bill has actually read the entire request, not just the summary headline, and extrapolated the multifaceted consequences, of which “can’t resolve foo.ru” is just the tip of an iceberg.
Anyone with basic understanding of DNS infrastructure knows that Bill is wrong.
You do not need to query the root nameservers often, a slight increase in latency makes no difference whatsoever for queries which occur once every 10 minutes or so and can be performed in the background.
> Anyone with basic understanding of DNS infrastructure
Well, since I have actually developed, built, and operated global-scale authoritative (and resolver) DNS infrastructure, as well as ISP infrastructure more generally from the first dialups to multinational backbones, and internet exchanges, and witnessed (and handled) the many and fascinating failure modes (whether accidental or malicious) of both the DNS and Internet routing, by this standard I am prepared to make the ambit claim of being qualified to comment.
> I agree with his remarks. You are not arguing against them, but against some fictional re-imagining of what they might've been.
Please drop the unnecessary insults. I read what he wrote before my first reply, and this is specifically what I am objecting to:
> 2) Shut down the root nameservers inside Russia. That would make connectivity spotty for many users inside Russia, but mostly regular folks, not government or military users.
It is a downright lie, shutting down root nameservers inside Russia wouldn’t make connectivity inside Russia “spotty”.
Slight increase in latency to foreign root nameservers would have no noticeable impact as you can always query them in the background.
PS. Why do you need to be such an asshole about this? It’s completely unnecessary. You aren’t the only person in the world with networking experience, you aren’t special.
Your "anyone with a basic understanding" line was a blunt and unsmiling allegation of incompetence. When dishing out abuse, don't complain when it comes around to bite you.
> You aren’t the only person in the world with networking experience, you aren’t special.
Neither are you, I suspect, but please do keep trying to erase my right to express a view, it's just so charmingly effective.
As for the actual assertion, about connectivity, pay close attention to the clause: "regular folks, not government or military users".
Bill's claim is not a lie. The argument being expressed against is focused on DNS in theory, not in practice. As the classic ISC t-shirt represents, critical infrastructure is a nine-layer stack, not seven, of which Bill is no doubt acutely aware. I have traveled in totalitarian countries and can confirm first-hand that they restrict civilian access to foreign DNS servers, both authoritative and resolver, and connectivity for "regular folks" is very much directly impacted.
Regular folks will not suffer from slightly increased root NS latency, their resolver will cache the replies. The TTLs are long, root nameservers don’t need to be queried frequently.
The world is full of countries without locally hosted root nameservers, they do just fine. That’s a vast body of evidence that directly contradicts this claim.
Removing root nameservers from Russia would be an utterly meaningless gesture without any real world impact.
> I have traveled in totalitarian countries and can confirm first-hand that they restrict civilian access to foreign DNS servers, both authoritative and resolver, and connectivity for "regular folks" is very much directly impacted.
Russia does not do this. That’d be a completely separate issue.
You're really stuck on assuming it's a latency concern, but that was never the issue - it's the fiction I mentioned earlier.
> Russia does not do this. That’d be a completely separate issue
Russia already does this. They literally made a law enabling it, a couple of years ago, and then ran a live test in the middle of 2021. Look up "sovereign internet bill". Aside from the great-firewall-wannabe provisions, it specifically enables a Kremlin-controlled fork of the DNS.
And yes, it's all there in Bill's remarks. I suggest reading them.
China and Russia have already effectively seceded from the 'open internet'. Those governments have firewalls and killswitches set up in such a way that they can censor whatever they want.
If they wish to reap the benefits of the open internet, it's only fair they face consequences when they abuse their power.
I think the argument is that the Ukrainian coup in 2014[1] which was financed and fomented by foreign actors (CIA up to their old tricks), means that the current government is not only illegitimate, but put in power by Russian adversaries specifically to threaten their security.
This is why the US stood by when Russia rolled into Crimea, because we knew we were in the wrong and that was the price we had to pay (giving up Crimea to Russia) in order to keep "our guys" in control in Ukraine. It's also why the "Russian Collusion" thing was blown up in 2016. None of these events happened in a vacuum.
Not passing judgement on which is side has the most legitimate grievance, just providing context that seems to be skipped over when this matter comes up.
Are you just purposefully avoiding the question and intentionally misconstruing the op's intent? Again, what he's asking is who gets to decide what is a abuse of power and what is not? I think the example given by op is right on the money. You don't see the parallel with Irak? Fabricating some story and evidence of weapons of mass destruction and then occupying a country for a decade, sounds like something Putin would do and you might construe that as abuse of power as well. I didn't see anybody calling for the US to be deleted from the internet back then.
There's a _huge_ difference between having a firewall that can be bypassed by a VPN, and making all Russian websites and email inaccessible from outside Russia.
Their request to remove all "domains issued in the Russian Federation" is one of the dumbest things I've ever heard. Do they honestly expect ICANN to spend exorbitant amounts of resources to help companies migrate? To help researchers maintain contact with Russian colleagues?
If the SWIFT blockade is equivalent to disconnecting Russia from the Internet, this is more like ordering banks to simply delete Russian accounts. Not freezing or closing them or even confiscating their balances, but just deleting them.
There are punitive measures that aren't worth the damage they would do to global institutions and infrastructure, regardless of how much pressure they put on Russia. Forking DNS would fall into that category.
> Apart from these measures, I will be sending a separate request to RIPE NCC asking to withdraw the right to use all IPv4 and IPv6 addresses by all Russian members of RIPE NCC (LIRs - Local Internet Registries), and to block the DNS root servers that it is operating.
I can't help but think that this is a bit detrimental to average citizens. Am I reading this right? Wouldn't this essentially split the internet at Russia, and/or completely destroy the internet in Russia, by deallocating all IPs?
The point of sanctions is to be detrimental to average citizens (aka voters) so that they can put pressure on Putin. This suggestion has several other issues though.
Even if there is rebelion at the end of the tunnel, right now it's just meaningless, endless suffering which also provokes extreme nationalism that the war can feed on.
Also, if anyone think it is acceptable to torture average, perhaps actively anti-war citizens to achieve the goal, I can only wish that you get the one chance in a lifetime to experience what it means and takes to survive in an authoritarian country and try making yourself a hero. I'm not Russian but let me put it this way: it is not about your life to sacrifice or your own fear to overcome. Your whole family and friends, they are all on the stake and the cops or whatever will absolutely go after them to break you. Or they do it for fun. They really do.
no, it presumes power exists by the grace of popular support, or at least a lack of motivated opposition. this often coincides with but is by no means restricted to elections.
For people to deprive the government of the popular support however, they have to vote with their life and everything. Look at Hong Kong. Look at Arab Spring. Look at Tiananmen Massacre. (They all ended up in vain, too.)
It's not some kind of natural process that will just happen.
maybe in some cases but not if the said country is actively engaged in military action. by allowing Putin the resources to wage war the citizens are unwittingly and now that war is raging wittingly complicit.
Bombing comes after you have tried starving them or preventing medical supplies getting in.
If you have further questions about these points please see what happened to the Iraqi women and children (and yes, also men). Great minds and moral leaders like Madeleine Albright[0] will provide you with a shining beacon of purifying truth.
Once TTLs expire this will presumably make all RU websites and hostnames inaccessible. Please correct me if I’m wrong.
The effect is ICANN deplatforming all Russian websites from the Web along with taking down SMTP/POP/IMAP servers, and much more.
This is the equivalent of remotely burning all books, killing the mail system and destroying all telecommunications in another country a half century ago. It is a drastic step.
If they do this, I worry about the precedent this sets and the power it confers on those able to do this.
making the request is probably on the same order as russian bringing the nuclear arsenal to readiness. its about the threat, "you think we don't have any bullets left in our gun? see the big bomb we just brought out".
i.e. I doubt they expect it to happen as of now, they do however want the world (not just leaders, but people as well) to realize what it can do to attack russia without resorting to nukes.
This is a bad idea as it will not only harm Russia. It will also break (possibly critical) services in other countries consuming a service hosted on a .ru domain (for example, a Yandex API).
Also I'm not sure how ICANN can contribute to revoking TLS certificates.
The Ukrainian govt will try anything they possibly can and all props to them. But the rest of the world needs to be very very careful how we handle such a delicate situation.
What the hell? This would only stop countries in the west from accessing Russian websites. Russia can certainly set up it's own fallback DNS for .ru domains. And China and India aren't likely to want to be blocked from Russian domains, so they'll likely use that DNS system also. As usual, people who don't understand how DNS works are asking to wave it around like a magic wand. The internet treats censorship as damage and routes around it. Yes, even DNS itself.
1. This would set a dangerous precedent and undermine any trust we can have in an open and global internet.
2. As with many other "sanctions", this would affect mainly innocent civilians who have no say in the decisions of their government.
3. Taking down vital internet infrastructure in 2022 would cause a lot of damage. This would be a huge escalation of hostilities at a time when we are inching closer towards a global conflict. Where is the line between a sanction and an act of war?
This is a terrible shortsighted idea, the average Russian will be negatively effected. Russians are just like you and me, We are talking about effectively disrupting everyday services for Russians... What if someone's trying to access critical health services, use connected medical equipment.. Theres a million reasons to not do this.
Agreed. Not every Russian wants a war, it's the mad helm at the top ruling for 20+ years who need a war for their own survival. Stopping .ru domain has direct impact on common Russian people. Instead, we need to cut off Russian propaganda sites or for that matter any site that spreads disinformation like anti-vax.
The twitter post still links to the pastebin. I'm not familiar with pastebin. The account is 9 year-old, but otherwise it seems we can't verify anything about it at the moment?
While I think this is an interesting option to consider, wouldn't changing global DNS mostly impact users external to Russia? Would .ru still resolve inside Russia?
If Russian ISPs continue resolving .ru domains, yes, Russian residents won't see any difference unless they have configured their routers to use a foreign nameserver (even that can be worked around as DNS is usually unencrypted UDP).
You want to do the things that hurt the top few percent at the top of Russia, seize the yachts, seize all the endless apartments and condos they have all around the world, NY and Florida, etc. Seize all foreign cars coming into Russia.
I totally get the sentiment, but it will be the worst thing that west can do right now. Russia been practicing and preparing for a while to "sovereign internet", i.e. total disconnect from rest of the internet and operating independently.
If ICANN/RIPE will shut things down, it will give to Russian government excellent excuse to totally disconnect from rest of the world
If you think i am russian troll, please check out my comments from past few days
edit. in case i initially misunderstood what you wrote, there is still a lot of people who are west oriented a nd hate everything that happens.they are horrified by what is happening. many writing that they ashame to be russian. i have friends that go daily to protests those days. shutting down this communication will isolate them and will be disservice for everyone long term
If you really think cutting Russia off will stop the trolls, think again. North Korean cyberattacks almost never happen from North Korean address space. Nothing prevents Russia from just setting up shop somewhere else.
What will happen is a Russian dns that many countries will use would be setup. This creates a grey-net where by using this dns sites with content not allowed in the west will live. The possibilities are a little exciting.
I don't think any competent army uses "the internet". You may think making Russian websites inaccessible will bring moral boost or justice served moment but it will certainly have a negative effect. This won't change number of casualties nor shorten any conflict in meaningful way.
This and some other sanctions that punish average Russians for just being Russians will put us into polarized world again and another cold war that will take ages to repair.
If average Russian can not connect to west, how can they keep their empathy towards west?
If average western citizen can not connect to Russians, how can they keep their empathy towards Russians?
What we are seeing here is a competition. Competition to show who cares about Ukrainians most. Seriously how does blocking country from an adult website helps the situation? Is it any different than sending likes on a social media? How many likes to stop a tank?
I don't think I can blame people who participate in this competition, they want to do something. Promises we were given not kept.
> I don't think any competent army uses "the internet"
I don't think there are competent armies that don't use the Internet. It's a magical place ripe for propaganda ( e.f. check the news on the Russian vs French propaganda war on Facebook/Twitter in Central Africa).
> Seriously how does blocking country from an adult website helps the situation?
It informs more Russians of the real situation on the ground. That's good. Likes on social media are less useful of course, but it's still a metric. When a Russian sees millions of likes on a Zelensky heartfelt message on Twitter, maybe it gets them thinking they're really the bad guys and the whole world sees it like that. Russian soldiers are already deserting and giving up in some places, so morale is very important.
> This and some other sanctions that punish average Russians for just being Russians will put us into polarized world again and another cold war that will take ages to repair.
What's the alternative? Let Putin get away with it? If regular Russians don't feel the sanctions they'll never know just how terrible their regime is. And maybe, just maybe, this will push them to act.
Remember the .ORG fiasco? Since ICANN still has all of the paperwork in the top drawer, why not have the fire sale for .RU instead? Russia can't make an offer as their money is worthless due to sanctions! Profiteering for the 21st century!
Am I the only one who sees this like a way to radicalize again a two blocks world? finally they will end up using their own monetary and banking transactions system, their own internet, etc.
I wasn't always a fan of globalization, but worse than globalization would be to have two different global worlds. There has to be another way.
Given world powers don't want to defend Ukraine directly out of fear of wider war, it's hard to blame them for doing it, though it sounds wrong as a blank kind of shutdown. Targeting government and commercial sites that fund it is more like it.
It’s starting to feel like the West is using this conflict as a proxy to implement China-like Great Firewall measures on its own populations. The “globalist” ideal that international commerce and communication would bolster peaceful relations is becoming increasingly farcical. I don’t think that I’ve ever visited a .ru domain name, so it’s not like this will affect me much personally, but sure seems like a weak and paranoid move to me.
The Great Firewall is probably the best investment that China has made. This has allowed them to build native alternatives and given them leverage when negotiating with foreign companies who want to do business there. Not to mention they can shield the people against foreign propaganda.
The west has disproportionate power here, because ICANN is by and large a western organization, despite its efforts to distance itself from the us government
Well, if "do the same" is requesting, then yes, everyone - including you and me - can make all kinds of requests to ICANN. But I don't this request would or should be met.
The revolution of internet as knowledge transmission platform is as important as was in the past the invention of writing or the print by Gutenberg. It accelareted our technological and scientific advancement for the mankind by an order of magnitude like the ones seen after the adoption these two previous inventions. Denying such key technological shift to a whole group of people is the equivalent of cultural, technological and intellectual genocide. The objective of the proposal to remove the .ru top domain name is nothing less than that.
Big if it is verified to be true, otherwise I'm taking this with some skepticism.
> All of these measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation.
Of course it will. It surely stopped the disinformation and propaganda happening across social media and the wider web didn't it /s
Let's see how far this goes, before the Russians and anti-government cypherpunks realize that blockchain domains like ENS and Handshake (HNS) countering this exist.
Can't wait for all innocent Russians to be banned from Brave, Opera browsers then. /s
Does no one else think all these requests from Ukraine is a bit strange...
People, do your research and look into the history of Ukraine, you'll find that all of this was preventable. Watch something like Oliver Stone's Ukraine on Fire, it's a starting point to the bigger picture.
Does China face the same actions over their human rights violations ie. Uyghurs, no.
Does the US and its allies face the same actions over Iraq, Libya, Yemen... No.
Is the CIA held liable for all the coups and regime change initiatives throughout the years... No.
I'd suggest to also have a look at the recent similarly anti democratic violent intervention of Russian paratroopers to secure the Kazakh oligarchs, which I'm confident most HNers don't even know happened less than 2 months ago.
Have Russia held liable for the hundreds of protesters killed and thousands arrested? No.
That this is even possible shows that ICANN is not reliable enough for a global internet naming authority. I think the solution will ultimately be blockchain-based systems like ENS.
There are blockchains with low energy consumption profiles.
Ethereum for its part is turning off energy-intensive PoW around July this year, to rely solely on its energy efficient PoS Beacon Chain for consensus.
"In the short-term, this is a bad plan because it would cut the Russian man-on-the-street off from international news and perspectives, leaving them with only what the Russian government chooses to tell them. That's not a great way to decrease Russian public support for the war.
In the long-term, this would set the precedent that small industry associations in Los Angeles and Amsterdam would be playing arbiter in international conflicts, and messing with countries' supposedly-sovereign country-code top-level domains.
And if that were to happen, a lot more countries than just China and Russia would secede from the common-consensus-Internet that allows us to all talk to each other."
[1] https://en.wikipedia.org/wiki/Bill_Woodcock
[2] https://twitter.com/woodyatpch/status/1498472865301098500