From: fc@all.net (Dr. Frederick B. Cohen)
To: dreschs@mpd.tandem.com (Sten Drescher)
Message Hash: 5c719417761fdbac906e04c44bc32dc90e406f23ccace7fdb04d46e02354e8e1
Message ID: <9511022120.AA15892@all.net>
Reply To: <199511022000.OAA09507@galil.austnsc.tandem.com.>
UTC Datetime: 1995-11-02 22:19:20 UTC
Raw Date: Fri, 3 Nov 1995 06:19:20 +0800
From: fc@all.net (Dr. Frederick B. Cohen)
Date: Fri, 3 Nov 1995 06:19:20 +0800
To: dreschs@mpd.tandem.com (Sten Drescher)
Subject: Surviving DNS disruption
In-Reply-To: <199511022000.OAA09507@galil.austnsc.tandem.com.>
Message-ID: <9511022120.AA15892@all.net>
MIME-Version: 1.0
Content-Type: text
Sten Drescher opined:
> sameer <sameer@c2.org> said:
>
> >> Is it? This is the _one_ thing in the article (is that term giving
> >> it too much legitimacy?) that I whought was barely true. Whoever
> >> controls the root level DNS servers effectively controls the
> >> Internet. I postulated a couple of months ago about how the US Govt
> >> might attempt to censor the rest of the world: "Remove
> >> lurid.porno.site.other-country from your DNS system within 72 hours
> >> or we will remove references to your DNS servers from the root level
> >> servers.". (I also speculated that if the US Govt tried doing this,
> >> that an 'underground' DNS system would form almost immediately.)
> >>
>
> s> The US govt. doesn't run the root nameservers, nor are all the
> s> root nameservers within US jurisdiction.
>
> Granted, the US Govt doesn't run the US-based root servers.
> But, if an Internet 'Decency' law was passed, they certainly could try
> to threaten the US-based root server maintainers to make the cascading
> threats. And, as I understand the way DNS resolution works, address
> requests go down to your root domain then up from the other root domain,
> i.e., for me to find out what c2.org's address is, my system requests
> from:
> NS mpd.tandem.com
> NS tandem.com
> NS com
> NS org
>
> If this is correct, if the com NS has the entry for the org NS, I won't
> be able to resolve those names. Of course, explicit IP addresses and
> /etc/hosts entries would still work.
We all know that an alternative DNS structure would rapidly appear, and
perhaps even a second US (black) Internet - with links between the old
and new fully automatic and transparent. However, perhaps a good
cypherpunks project would be to create and test a contingency plan and
start an alternative DNS system in parallel with the government run ones.
--
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
Return to November 1995
Return to “Sten Drescher <dreschs@mpd.tandem.com>”