Russia Wants To Launch Backup DNS System By August 1, 2018 (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Russia Wants To Launch Backup DNS System By August 1, 2018 (bleepingcomputer.com)

Posted by BeauHD on Friday December 1, 2017 @01:00AM from the coming-soon dept.

An anonymous reader shares a report from BleepingComputer: The Russian government plans to build its own "independent internet infrastructure" that will be used by BRICS member states -- Brazil, Russia, India, China, and South Africa. The plan was part of the topic list at the October meeting of the Russian Security Council, and President Vladimir Putin approved the initiative with a completion deadline of August 1, 2018, according to Russian news agency RT. The Russian Security Council has today formally asked the country's government to start the building of a backup global DNS system that Russia and fellow BRICS member states could use. The Russian Security Council cited the "increased capabilities of western nations to conduct offensive operations in the informational space." Russia, China, and many other countries have criticized the U.S. for hoarding control over the domain naming system (DNS), a position they claim has allowed the U.S. to intercept and tap global internet traffic. The U.S. has relinquished control over the DNS system last year.

28 of 160 comments (clear)

Min score:

Reason:

Sort:

They're forking the web by Paradroid888 · 2017-12-01 01:04 · Score: 3, Insightful

I don't know if this can be stopped but it should be.
1. Re:They're forking the web by NicknameUnavailable · 2017-12-01 01:18 · Score: 2, Funny
  
  I don't know if this can be stopped but it should be.
  Fuck that, I hope every nation does this. I might finally be able to play a game of DotA 2 without it being filled with a bunch of toxic Peruvians claiming everyone is a "rat."
2. Re:They're forking the web by Anonymous Coward · 2017-12-01 01:46 · Score: 2, Insightful
  
  You don't know how "the web" works. Anyone can make their own DNS system and many of us do. It's easy and changes nothing about the rest of the internet.
3. Re:They're forking the web by Escogido · 2017-12-01 01:56 · Score: 4, Insightful
  
  My guess Russian logic goes like this: it is not improbable that relationship between the US and Russia could deteriorate to a level where the US would use control of the root DNS as a weapon. Unfortunate as it may be, but this move appears to be an adequate reaction to this possible threat.
4. Re:They're forking the web by rwven · 2017-12-01 01:58 · Score: 2
  
  Why? A cornerstone of the internet is that no one should be able to hold all the cards. While I'm not a big fan of Russia doing it, ideologically it's good that *someone* is. The more the merrier in this space, imho.
5. Re:They're forking the web by Spazmania · 2017-12-01 02:09 · Score: 3, Insightful
  
  Aren't you kind of proving his point?
  
  --
  Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
6. Re:They're forking the web by ctilsie242 · 2017-12-01 02:19 · Score: 3, Interesting
  
  The UN owns ICANN now. The US ceded control over it last year to the UN. The BRICS countries have just as much control over it as their Western counterparts.
  As for having one's own DNS, it might be a good idea. In fact, it might be wise for each country to have its own system internally. China does, where there are TLDs that require kanji characters to access. Iran is working on that. Done right, it wouldn't be fragmentation, since the existing DNS system would be in place, but would give countries some independance and access to their own sites, should politics (regardless of who started it) go against them.
7. Re:They're forking the web by The+Cynical+Critic · 2017-12-01 02:25 · Score: 4, Interesting
  
  They're still going to have access to the regular internet so no change in hacking or spam. Just regular russians being put on an internet that is easier to sensor when the censors control the DNS system and can not only pull opposition friendly websites' DNS certifications, they can also deny them certifications in the first place.
  
  In case you're not familiar with the Russian media landscape, pretty much all newspapers and all TV channels are loyal to the Kremlin. This is because Putin put the fear of god into the oligarchs who own them when he jailed Mikhail Khodorkovsky on a made up fraud charge and then nationalized his company because he owned media that was pro opposition. The internet is really the only outlet the political opposition has that isn't actively trying to sabotage them and promote the people in power and their policies.
  
  What all this really boils down to is another crackdown on the opposition following years of large anti-government protests organized via the internet and which the government has been unable to quash.
  
  --
  "Why should I want to make anything up? Life's bad enough as it is without wanting to invent any more of it."
8. Re:They're forking the web by arth1 · 2017-12-01 02:27 · Score: 3, Insightful
  
  I'm sure they are wanting to do this only to increase their capabilities to conduct offensive operations in the informational space without getting caught.
  This would only bring the capabilities back to par with the US/Israel alliance which already "conducts offensive operations in the informational space". It's a catch-up in the arms race, not a leap ahead.
  The domain name system being a vulnerability when under a single controller is not a new thing, and worries people in the West too. Efforts like Alternic were doomed to fail because there's no way to make people use it. At least countries have some clout and can make sure that its ISPs and OS/device vendors will use a different root server, or even re-route requests.
9. Re:They're forking the web by DaMattster · 2017-12-01 02:31 · Score: 4, Interesting
  
  You don't know how "the web" works. Anyone can make their own DNS system and many of us do. It's easy and changes nothing about the rest of the internet.
  I have my own DNS servers too. As you say, anyone can stand one up. Just choose your favorite *NIX distribution and configure Unbound and NSD. BOOM! There you go.
10. Re:They're forking the web by Bing+Tsher+E · 2017-12-01 02:44 · Score: 2
  
  Going by this, it sounds like the US should launch a backup DNS system.
  Is there a 'DNS Gap' that needs to be closed?
11. Re:They're forking the web by jbmartin6 · 2017-12-01 02:51 · Score: 4, Insightful
  
  "the web" isn't a monolithic thing which can be forked. It is a network of networks. Lots of different groups do lots of different things using the network, this is just one more
  
  --
  This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
12. Re:They're forking the web by anegg · 2017-12-01 03:58 · Score: 3, Interesting
  
  I'm not arguing against you; just pointing out two aspects of your statement that might benefit from clarification:
  1. The "early" Internet (a problematic term, I admit) did not have "net neutrality" in a pure sense; it did not allow commercial use. So while it is true that at that point no commercial interests were acting as gatekeepers/toll booths, this was trivially true because there were no commercial interests on the network. I suspect that there may have been debate amongst early Internet pioneers about what kinds of policies might become necessary for controlling/prioritizing traffic; I don't know whether they foresaw just how significant the Internet would become or how commercial interests would seek to monetize it. (For the record, I'm in favor of the US classifying ISPs as common carriers under Title II.)
  2. The U.S. policies such as whether US ISPs are regulated as "common carriers" under US law/regulations may have some related affects on the global Internet, but these policies only affect ISP operations in the U.S., not all Internet service providers globally. Other countries are free to choose how they regulate data traffic within their borders, including traffic on the "Internet." So it may be an overstatement to claim that the US is on a path towards "Internet destruction" by a change in regulation that applies to US ISPs only.
13. Re:They're forking the web by Z00L00K · 2017-12-01 04:42 · Score: 2
  
  All in the wake of the lost Net Neutrality, and the risk is that the loss of Net Neutrality causes others to follow Russia and run their own set of servers. We will suddenly see a fragmented net instead.
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
14. Re:They're forking the web by arth1 · 2017-12-01 05:08 · Score: 3, Informative
  
  causes others to follow Russia and run their own set of servers.
  Others already do. There's the ORSN (Open Root Server Network) effort, which copies the root zone information from ICANN, but in case of suspected problems (read: manipulation), will run their own unadulterated copies. Quite a few ISPs in Europe use the ORSN root server list instead of the IANA/ICANN/IETF one, both for reliability and locality.
  If you run your own nameserver, all you need to do is replace the hint file with one from http://www.orsn.org/roothint/r...
  If you don't, you can point your DNS server entry to one or more of the ones in the Wikipeda list referenced above.
  Caveat: It is not known how good or fast ORSN is at detecting unwanted changes, so it may still provide hijacked results, or do so for some time before switching into independent mode.
15. Re:They're forking the web by mysidia · 2017-12-01 06:49 · Score: 2
  
  No... ICANN is an independent organization of its own. The UN doesn't "own" other organizations.
16. Re:They're forking the web by MerlynEmrys67 · 2017-12-01 09:50 · Score: 2
  
  You do know that root DNS servers have nothing to do with Net Neutrality?
  Sigh. Basically Russia is saying they propose a second set of Root Servers that can be pointed to instead of the current set. This has happened multiple times in the past (and as people pointed out experiments that are still currently running) going back as far as Jon Postel's DNS Root Authority Test.
  There are many uses of DNS that go through various white/black lists to determine if the resolution should happen. None of this has anything to do with net neutrality. Thank you for playing
  
  --
  I have mod points and I am not afraid to use them
Backup? by sqorbit · 2017-12-01 01:06 · Score: 4, Insightful

A backup makes it sound like it is a plan in case of failure. This sounds a bit like they are looking for an alternate DNS if they disapprove of something the US (or other countries) has done. From the article "In addition, the backup DNS system also allows these states to isolate websites and services that other countries could not access."

--
Sent from my TARDIS
1. Re:Backup? by jellomizer · 2017-12-01 01:45 · Score: 2
  
  It does, however BRICS members haven't been shining examples of free speech. So either it is a way to allow themselves to isolate from the world, because they are expecting to do some things the rest of the world won't like, and could be facing removal. Or a nice way to move its citizens to a state sponsored internet.
  Or it could just be what they are saying it is, just a backup to DNS, just because having it under US Control is risky.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Re:It should have happened long ago by aaarrrgggh · 2017-12-01 01:20 · Score: 2

Might work for nationalist interests, but clearly against the goals of global commmunication. Also, clearly obtuse to bring BRICS into it as you lack common language and national objectives for some kind of unified system. Seems more like cover for saying Russia is effectively disconnecting from the internet.
Blackjack and Hookers by OzPeter · 2017-12-01 01:37 · Score: 2

It seems to be the answer to everything these days

--
I am Slashdot. Are you Slashdot as well?
Take DNS poisoning to a whole new (state) level by Ayano · 2017-12-01 01:55 · Score: 2

Well now.

--
I don't read AC
Re:Alternate DNS Servers by Baron_Yam · 2017-12-01 01:57 · Score: 3, Interesting

>Are only useful if people point their requests to them.
Most people pick up their ISP's settings, which means the ISP's DNS servers are the first point of contact with the greater DNS hierarchy.
It wouldn't be terribly difficult in Russia to mandate that ISPs use the Russian system by default.
Paranoia alongside hypocracy by zarmanto · 2017-12-01 02:23 · Score: 5, Insightful

Every bit of that was hypocritical bull. It's an open secret that Russia has been conducting their own offensive operations for years now, and they have been getting away with it specifically because the US can't "intercept and tap global internet traffic" as the Russians claim.
But their excuses for segmenting off their own corner of the internet aren't really meant for us, anyway; they're directed inward. In fact, this entire maneuver is almost certainly directly linked to Russia's desire (and that of their allies) to more thoroughly block access at will to large swaths of the internet, for their own populace. Don't like the latest anti-Russian sentiment on Slashdot or on Facebook, because it comes to close to exposing the truth? No problem -- just block it! When they start implementing their real agenda, they'll likely position it as an "anti-porn" initiative or some such thing, but make no mistake; this is all about controlling the information that reaches the people that matter the most... the ones who might one day rise up against the Orwellian control being exerted by their government.
Information control only works for so long, before little bits of the truth leak through the cracks.
Re:It should have happened long ago by DickBreath · 2017-12-01 03:18 · Score: 2

One part of the comment which is not stupid is that US control of the internet only benefits the US but not the other 96% of the earth's population. (Some moronic idiot once replied with a [citation needed]. Clue: google for US population. Google for world population. Divide.)

--

I'll see your senator, and I'll raise you two judges.
Launching alternate DNS servers by DickBreath · 2017-12-01 03:20 · Score: 3, Funny

If Russia does launch alternate DNS servers, will they use re-usable boosters?

--

I'll see your senator, and I'll raise you two judges.
Re:Alternate DNS Servers by jon3k · 2017-12-01 03:30 · Score: 3, Insightful

This is how I expect it to work, along with requiring Russian ISPs to block DNS requests to any other address by law.

So previously, resolution (for 99% of end users) worked like this: User > ISP DNS (recursive resolver) > Authoritative nameserver (eventually, please lets not get dragged into the weeds here, we all understand the process)

Now it will be: User > ISP DNS (forwarder) > Russian Government DNS Servers (recursive resolver) > Authoritative name server

Then, the government just requires ISP to: deny [tcp|udp] any any 53.

The only way around this would be for people to run DNS on a non-standard port (and reconfigure resolver libraries to use a non-standard port, good luck on peoples iphones) or to use a VPN to tunnel traffic. This would effectively block probably 99% of Russian (or BRICS) DNS traffic.

I don't think their goal is to block 100%. This is to block enough to have a de facto internet "Kill Switch". Anytime they want, the "Russian Government DNS" server above just disables recursive DNS resolution for everything but Russian government TLD and you've effectively shut down the Internet. This also gives the government a tremendous amount of direct access to data from users. It's terrifying and awful, but smart for them.
Re:Da, Welcome to SlashRussia by Bing+Tsher+E · 2017-12-01 03:31 · Score: 2

This is Slashdot. We are the nerds. We know that Hillary's Giant Reset Button was not connected to anything important. Ms. Clinton doesn't even know what a reset vector is, nor how to code up from one.
For that matter, most Slashbots don't, either, but that's okay. Timers don't need to be set and interrupts masked, when you're just a slinger of jabbascript drivel.