1995-11-02 - Surviving DNS disruption

Header Data

From: fc@all.net (Dr. Frederick B. Cohen)
To: dreschs@mpd.tandem.com (Sten Drescher)
Message Hash: 5c719417761fdbac906e04c44bc32dc90e406f23ccace7fdb04d46e02354e8e1
Message ID: <9511022120.AA15892@all.net>
Reply To: <199511022000.OAA09507@galil.austnsc.tandem.com.>
UTC Datetime: 1995-11-02 22:19:20 UTC
Raw Date: Fri, 3 Nov 1995 06:19:20 +0800

Raw message

From: fc@all.net (Dr. Frederick B. Cohen)
Date: Fri, 3 Nov 1995 06:19:20 +0800
To: dreschs@mpd.tandem.com (Sten Drescher)
Subject: Surviving DNS disruption
In-Reply-To: <199511022000.OAA09507@galil.austnsc.tandem.com.>
Message-ID: <9511022120.AA15892@all.net>
MIME-Version: 1.0
Content-Type: text


Sten Drescher opined:
> sameer <sameer@c2.org> said:
> 
> >>  Is it?  This is the _one_ thing in the article (is that term giving
> >> it too much legitimacy?) that I whought was barely true.  Whoever
> >> controls the root level DNS servers effectively controls the
> >> Internet.  I postulated a couple of months ago about how the US Govt
> >> might attempt to censor the rest of the world: "Remove
> >> lurid.porno.site.other-country from your DNS system within 72 hours
> >> or we will remove references to your DNS servers from the root level
> >> servers.".  (I also speculated that if the US Govt tried doing this,
> >> that an 'underground' DNS system would form almost immediately.)
> >> 
> 
> s> 	The US govt. doesn't run the root nameservers, nor are all the
> s> root nameservers within US jurisdiction.
> 
> 	Granted, the US Govt doesn't run the US-based root servers.
> But, if an Internet 'Decency' law was passed, they certainly could try
> to threaten the US-based root server maintainers to make the cascading
> threats.  And, as I understand the way DNS resolution works, address
> requests go down to your root domain then up from the other root domain,
> i.e., for me to find out what c2.org's address is, my system requests
> from:
> NS mpd.tandem.com
> NS tandem.com
> NS com
> NS org
> 
> If this is correct, if the com NS has the entry for the org NS, I won't
> be able to resolve those names.  Of course, explicit IP addresses and
> /etc/hosts entries would still work.

We all know that an alternative DNS structure would rapidly appear, and
perhaps even a second US (black) Internet - with links between the old
and new fully automatic and transparent.  However, perhaps a good
cypherpunks project would be to create and test a contingency plan and
start an alternative DNS system in parallel with the government run ones.

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236





Thread