Russia Wants To Launch Backup DNS System By August 1, 2018 (bleepingcomputer.com) 160
An anonymous reader shares a report from BleepingComputer: The Russian government plans to build its own "independent internet infrastructure" that will be used by BRICS member states -- Brazil, Russia, India, China, and South Africa. The plan was part of the topic list at the October meeting of the Russian Security Council, and President Vladimir Putin approved the initiative with a completion deadline of August 1, 2018, according to Russian news agency RT. The Russian Security Council has today formally asked the country's government to start the building of a backup global DNS system that Russia and fellow BRICS member states could use. The Russian Security Council cited the "increased capabilities of western nations to conduct offensive operations in the informational space." Russia, China, and many other countries have criticized the U.S. for hoarding control over the domain naming system (DNS), a position they claim has allowed the U.S. to intercept and tap global internet traffic. The U.S. has relinquished control over the DNS system last year.
They're forking the web (Score:3, Insightful)
I don't know if this can be stopped but it should be.
Re:They're forking the web (Score:4, Insightful)
I'm sure they are wanting to do this only to increase their capabilities to conduct offensive operations in the informational space without getting caught.
This would only bring the capabilities back to par with the US/Israel alliance which already "conducts offensive operations in the informational space". It's a catch-up in the arms race, not a leap ahead.
The domain name system being a vulnerability when under a single controller is not a new thing, and worries people in the West too. Efforts like Alternic were doomed to fail because there's no way to make people use it. At least countries have some clout and can make sure that its ISPs and OS/device vendors will use a different root server, or even re-route requests.
Re: (Score:2)
The DNS server is an address book, any nation today, by shrewdness, can redirect an address to their own location, copy the information and forward on the message.
The server is too critical for world trade, and needs appropriate backups.
Since the volume of traffic is huge, there is a hierarchy of servers, spreading the load.
Running this system is a good-will gesture and as mentioned, essential for trade and for every government to contact it's departments. A server backup/alternative that is 12 hours offset
Re: (Score:3)
All in the wake of the lost Net Neutrality, and the risk is that the loss of Net Neutrality causes others to follow Russia and run their own set of servers. We will suddenly see a fragmented net instead.
Re:They're forking the web (Score:4, Informative)
causes others to follow Russia and run their own set of servers.
Others already do. There's the ORSN (Open Root Server Network [wikipedia.org]) effort, which copies the root zone information from ICANN, but in case of suspected problems (read: manipulation), will run their own unadulterated copies. Quite a few ISPs in Europe use the ORSN root server list instead of the IANA/ICANN/IETF one, both for reliability and locality.
If you run your own nameserver, all you need to do is replace the hint file with one from http://www.orsn.org/roothint/r... [orsn.org]
If you don't, you can point your DNS server entry to one or more of the ones in the Wikipeda list referenced above.
Caveat: It is not known how good or fast ORSN is at detecting unwanted changes, so it may still provide hijacked results, or do so for some time before switching into independent mode.
Re: (Score:3)
Sigh. Basically Russia is saying they propose a second set of Root Servers that can be pointed to instead of the current set. This has happened multiple times in the past (and as people pointed out experiments that are still currently running) going back as far as Jon Postel's DNS Root Authority Test [wikipedia.org].
There are many uses of DNS that go through various white/black lists to determine if the resolution should happen. None of this has
Re: (Score:2)
We clearly need a new, decentralized, protocol.
Something like... TOR?
Re: (Score:2)
Every regime wants to stay in control of their population.
Re:They're forking the web (Score:5, Interesting)
In case you're not familiar with the Russian media landscape, pretty much all newspapers and all TV channels are loyal to the Kremlin. This is because Putin put the fear of god into the oligarchs who own them when he jailed Mikhail Khodorkovsky on a made up fraud charge and then nationalized his company because he owned media that was pro opposition. The internet is really the only outlet the political opposition has that isn't actively trying to sabotage them and promote the people in power and their policies.
What all this really boils down to is another crackdown on the opposition following years of large anti-government protests organized via the internet and which the government has been unable to quash.
Let's take it one step further... (Score:2)
1. Let the BRICS states have their own government-controlled internet.
2. Let the rest of the world have the current internet.
3. Do not allow the two systems to be connected.
See how that works out for the BRICS.
This problem has been brewing since certain governments started limiting internet access. It might be a good time to bring it to a head.
Re: (Score:2)
Don't take it from me, read Edward Bernais, if you don't believe me.
Re: (Score:2, Funny)
I don't know if this can be stopped but it should be.
Fuck that, I hope every nation does this. I might finally be able to play a game of DotA 2 without it being filled with a bunch of toxic Peruvians claiming everyone is a "rat."
Re:They're forking the web (Score:4, Insightful)
Aren't you kind of proving his point?
Re: (Score:2, Insightful)
You don't know how "the web" works. Anyone can make their own DNS system and many of us do. It's easy and changes nothing about the rest of the internet.
Re:They're forking the web (Score:5, Interesting)
You don't know how "the web" works. Anyone can make their own DNS system and many of us do. It's easy and changes nothing about the rest of the internet.
I have my own DNS servers too. As you say, anyone can stand one up. Just choose your favorite *NIX distribution and configure Unbound and NSD. BOOM! There you go.
Re: (Score:1)
Thats the funny thing, because once Russia's DNS system is established, yes, registrars will be lining up to make sure paying customers' entries go into the new Russian DNS server. Since that's what paying customers have paid for. If the DNS system forks, registrars may need to push updates to more than one DNS system. That would be their job, and what they collect fees to accomplish.
And the rest of us can put in the IP datagram for a Russian DNS server as our secondary, if robustness matters to us.
Re: (Score:1)
I blame Ajit Pai. [youtube.com]
Re:They're forking the web (Score:5, Insightful)
My guess Russian logic goes like this: it is not improbable that relationship between the US and Russia could deteriorate to a level where the US would use control of the root DNS as a weapon. Unfortunate as it may be, but this move appears to be an adequate reaction to this possible threat.
Re:They're forking the web (Score:4, Interesting)
The UN owns ICANN now. The US ceded control over it last year to the UN. The BRICS countries have just as much control over it as their Western counterparts.
As for having one's own DNS, it might be a good idea. In fact, it might be wise for each country to have its own system internally. China does, where there are TLDs that require kanji characters to access. Iran is working on that. Done right, it wouldn't be fragmentation, since the existing DNS system would be in place, but would give countries some independance and access to their own sites, should politics (regardless of who started it) go against them.
Re: (Score:2)
Oh, I did not know about the UN and ICANN - good thing they did, too. And I agree about every country having their own DNS is also good.
From what I read in the published protocols of the Russian Security Council meetings a couple years ago, it has been stated that the country must be prepared for all kinds of possible shenanigans regarding internet connectivity on all levels, from traffic routing and DNS to actual internet services. I have no idea how much Russia relies on the non-Russian servers to route t
Re: (Score:2)
Going by this, it sounds like the US should launch a backup DNS system.
Is there a 'DNS Gap' that needs to be closed?
Re: (Score:1)
China does, where there are TLDs that require kanji characters to access
Uh dude. Don't call them 'kanji' around Chinese people.
Re: (Score:2)
The BRICS countries have just as much control over it as their Western counterparts.
I think you meant to write:
The Russia and China don't have the kind of control they want.
I'm curious how the whole "BRICS" alliance is still a thing these days. I don't see where South Africa has much in common with the others. India is more or less in competition with China. China is the 800 lb gorilla in the group. Russia pretty much can't be trusted at all.
Re: (Score:2)
China does, where there are TLDs that require kanji characters to access.
Wow, parts of the Chinese system require Japanese characters? That's sort of like saying that the British use the American alphabet.
Re: (Score:2)
hànzì, and they're used by the Chinese, the Japanese adapted them to kanji () , Koreans as Hanja (), the Vietnemese, and some others.
Re: (Score:2)
hànzì, and they're used by the Chinese, the Japanese adapted them to kanji () , Koreans as Hanja (), the Vietnemese, and some others.
Yes, it's obvious to Westerners that kanji is meant to cover all Chinese-character derived ideograms. However, I'm pretty sure no Chinese person has ever thought of Chinese characters as "kanji". It's not a big deal to Westerners. However, it does have a similar connotation to saying that the British speak the American language. The two languages are related, and the meaning is mostly clear, but the connotations are very different and would be probably grating to the British.
Re: (Score:2)
However, I'm pretty sure no Chinese person has ever thought of Chinese characters as "kanji".
They are not.. the characters are not Kanji to the Chinese; I am just saying we can overlook the obvious error and see what the poster meant....
People vaguely familiar to the situation should be very familiar with the fact that the Kanji is the uniquely-Japanese writing system that uses the shared Chinese ideograms, and it's the set of Ideograms not the local adaptation called Kanji or the language that are sha
Re: (Score:2)
However, I'm pretty sure no Chinese person has ever thought of Chinese characters as "kanji".
They are not.. the characters are not Kanji to the Chinese; I am just saying we can overlook the obvious error and see what the poster meant....
People vaguely familiar to the situation should be very familiar with the fact that the Kanji is the uniquely-Japanese writing system that uses the shared Chinese ideograms, and it's the set of Ideograms not the local adaptation called Kanji or the language that are shared.
Ironically it's the people who know the difference that would be the most irritated by the "typo." My point is that the connotation of such terms is dependent on the viewpoint of the listener. For westerns, using kanji to denote Chinese characters is simply a typo, but not necessarily so for Chinese, especially those that still bear resentment toward the Japanese based on events from the last century. This is a common theme of language-based communication, that the connotation often carries more meaning
Re: (Score:3)
No... ICANN is an independent organization of its own. The UN doesn't "own" other organizations.
Re: (Score:2)
The BRICS countries have just as much control over it as their Western counterparts.
On paper, yes. If I were a country that is under active, ongoing attack by US propaganda, I would think twice about how much that paper is actually worth as well.
It's relatively cheap to set up a couple root DNS servers, and in case some shit hits the fan, it will really, really help you a lot. So the cost-benefit ratio is quite good and it's a move that probably comes out as recommended if you run the risk analysis.
Re: They're forking the web (Score:2)
Just to clarify here: kanji is the Japanese term for Chinese characters. Hanzi is the Chinese term for these characters. So when talking about Chinese characters in the context of China, use "hanzi" and not "kanji". Although if slashdot supported unicode, you'd be able to render the characters for hanzi and kanji and then see that they're the same characters.
Re: (Score:2)
The US ceded control over it last year to the UN.
And guess who owns the UN?
Re: (Score:2)
The US controls much of the rest.
Re: (Score:2)
And then there is also maybe a concern about the continued existence of the US itself. At least at a level of competence sufficient to continue to operate DNS and other core internet infras
Re:They're forking the web (Score:4, Interesting)
I'm not arguing against you; just pointing out two aspects of your statement that might benefit from clarification:
1. The "early" Internet (a problematic term, I admit) did not have "net neutrality" in a pure sense; it did not allow commercial use. So while it is true that at that point no commercial interests were acting as gatekeepers/toll booths, this was trivially true because there were no commercial interests on the network. I suspect that there may have been debate amongst early Internet pioneers about what kinds of policies might become necessary for controlling/prioritizing traffic; I don't know whether they foresaw just how significant the Internet would become or how commercial interests would seek to monetize it. (For the record, I'm in favor of the US classifying ISPs as common carriers under Title II.)
2. The U.S. policies such as whether US ISPs are regulated as "common carriers" under US law/regulations may have some related affects on the global Internet, but these policies only affect ISP operations in the U.S., not all Internet service providers globally. Other countries are free to choose how they regulate data traffic within their borders, including traffic on the "Internet." So it may be an overstatement to claim that the US is on a path towards "Internet destruction" by a change in regulation that applies to US ISPs only.
Re: (Score:3)
Why? A cornerstone of the internet is that no one should be able to hold all the cards. While I'm not a big fan of Russia doing it, ideologically it's good that *someone* is. The more the merrier in this space, imho.
Re: (Score:2)
http://www.theregister.co.uk/2... [theregister.co.uk]
"The policy document instead leaves people assuming Russia et al are forming a breakaway internet. In reality, it's basically calling for yet more root mirrors."
"But a parallel domain name system with a separate set of root zone servers? There's virtually no point."
Re:They're forking the web (Score:5, Insightful)
Backup? (Score:5, Insightful)
Re: (Score:2)
If it meant the bots of the world that all seem to resolve to China and Russia would lay off the rest of us, then I could see this as a good thing. Trouble is, this is just DNS, so it won't do that.
China and Russia have a pretty tight grip on their nations and so I can imagine that use of this alternative DNS will be mandatory. It will also have lots of government meddling in it, so will be something of a 'censored web' experience. It'll mean that casual Internet use won't accidentally trip over anything aw
Re: (Score:2)
But if that DNS is accessible to those of us in the west, it will be a great benefit. For example, the next time a western government decides to censor the web by de-registering (for example) thepiratebay.org, we can do the DNS lookup using the alternate DNS.
Re: (Score:3)
It does, however BRICS members haven't been shining examples of free speech. So either it is a way to allow themselves to isolate from the world, because they are expecting to do some things the rest of the world won't like, and could be facing removal. Or a nice way to move its citizens to a state sponsored internet.
Or it could just be what they are saying it is, just a backup to DNS, just because having it under US Control is risky.
Re: (Score:2)
I can publicly state that I do not like or Support Trump in his decisions. And I will not vote for him in the next election and I would encourage everyone to not vote for him too. Without the fear of getting raided at home and locked up due to my political beliefs.
Just as there wasn’t a mass arrest of or bizarrely coincidence disappearing Obama detractors.
Unlike Russia where you can have some radioactive tea for doubting the Kremlin.
Re: (Score:1)
So indignant that they form groups and hold rallies where they shout offensive things at police officers.
Re: (Score:2)
And in China they'll tell you to stop treating the Communist party as an enemy and they'll stop seeing you as one.
Re: (Score:2)
Or, rather, if the US disapproves of something Russia does.
Re: (Score:2)
A backup makes it sound like it is a plan in case of failure. This sounds a bit like they are looking for an alternate DNS if they disapprove of something the US (or other countries) has done. From the article "In addition, the backup DNS system also allows these states to isolate websites and services that other countries could not access."
Any country that doesn't have a similar backup plan is setting themselves up for a failure, this includes the US.
If the US is ever daft enough to use DNS as a weapon, it will immediately Balkanise the internet as the DNS root becomes inherently untrustworthy. Not just by your enemies, but also your allies. Europe and China will be the first to migrate away, setting themselves up as alternative root DNS sources. Then we'll have to decide which DNS is trustworthy, which wont be a simple feat.
Whilst I ho
Re: (Score:1, Insightful)
Please let this be the stupidest comment I read today.
Re: (Score:3)
Re: (Score:2)
An example that comes to mind is "gray market" areas such as PirateBay [thepiratebay.org]... how would a Russian DNS system respond to requests to block them?
Re: (Score:3)
Might work for nationalist interests, but clearly against the goals of global commmunication. Also, clearly obtuse to bring BRICS into it as you lack common language and national objectives for some kind of unified system. Seems more like cover for saying Russia is effectively disconnecting from the internet.
Re: (Score:2)
>clearly against the goals of global communication
Not necessarily. We have all sorts of devices and OSes talking to each other over the Internet. There's nothing about having control over your regional infrastructure that automatically precludes connecting to the world. In fact, I'd say it's just as likely to prevent other political entities from interfering with your connectivity.
> Seems more like cover for saying Russia is effectively disconnecting from the internet.
More like a cover for Russia h
Re: It should have happened long ago (Score:1)
You must be one of those people that believe good fences make good neighbors. We are all one humanity, one human population. Until we begin to focus more on uniting versus dividing the planetâ(TM)s population, our earth society will stop progressing and begin to regress. People rarely accomplish anything of significance without the cooperation and help of others. United we stand, divided we fall applies to the world.
Re: (Score:1)
And when you say 'uniting' you mean 'giving some of your stuff up to meeeee.'
Re: (Score:2)
While the Internet's a beautiful thing overall, the fact that - more or less - it operates at the whim of the USA is not a great feature for anyone but the USA.
Every nation should have its own DNS infrastructure, total control over wired connections that cross their borders, and dedicated state heavily-encrypted VPN tunnels to allied states (especially whenever the connections are accessible to American subs).
Sure, those are the same things you'd expect from a totalitarian regime trying to control the flow of information to aide in oppressing their own population, but they're ALSO what you should expect of a nation acting in the best interests of its population.
Which outcome is more likely? A benevolent use of the alternate internet or an eventual splintering of internet access at borders drawn in the dirt?
It's very easy to criticize the imperfect system we have in place now, but worldwide connectivity is one giant, current benefit.
Re: (Score:1)
Yes, being able to cruise your gunboats into any port in the world is a definite benefit. To those who own big gunboats. It would be a pity if incompatibilities were introduced so that, say, Google can not operate with impunity in any of the areas where no government body has oversight over them.
World connectivity has to do with numbered IP datagrams, however they might be de-referenced.
Re: (Score:2)
While each country should invest on keeping their infrastructure up to date, and ready to operate without any particular point of failure. However there is a need to push freedom. To push this idea of freedom we also need to push the idea of a cultural bravery to accept that free information is inherently very dangerous.
Just like gun rights. Guns are dangerous, laws to limit gun use will make the country safer, however it will be at a cost of freedom. The same thing is about free speech, in many ways it
domestic infrastructure (Score:1)
While the Internet's a beautiful thing overall, the fact that - more or less - it operates at the whim of the USA is not a great feature for anyone but the USA.
While the US isn't perfect (as a Canadian neighbour I can see this first-hand), there aren't very many countries that would be 'better' at running things. Especially went it comes to things like free speech, where the First Amendment has been generally interpreted broadly.
Every nation should have its own DNS infrastructure, total control over wired connections that cross their borders, and dedicated state heavily-encrypted VPN tunnels to allied states (especially whenever the connections are accessible to American subs).
What "DNS infrastructure" do you really need though? The root zone file is fairly well-distributed, for an organization point of view:
* https://en.wikipedia.org/wiki/Root_name_server
You got Verisign, ISC (makers of BIND), RIPE, ICANN, etc.
Re: (Score:2)
Re: (Score:2)
The CAPABILITY to be North Korea. Or perhaps simply not to be at the mercy of another nation when it comes to your Internet infrastructure.
Are you equally upset that other nations have their own militaries?
Re: (Score:2)
This is Slashdot. We are the nerds. We know that Hillary's Giant Reset Button was not connected to anything important. Ms. Clinton doesn't even know what a reset vector is, nor how to code up from one.
For that matter, most Slashbots don't, either, but that's okay. Timers don't need to be set and interrupts masked, when you're just a slinger of jabbascript drivel.
Alternate DNS Servers (Score:2, Insightful)
Are only useful if people point their requests to them.
Just ask your comcast or spectrum servers.
It could be worse, the UN could be taking over the root servers, followed by 14 years of meetings to decide which DNS Council member would have complete control.
Re:Alternate DNS Servers (Score:4, Interesting)
>Are only useful if people point their requests to them.
Most people pick up their ISP's settings, which means the ISP's DNS servers are the first point of contact with the greater DNS hierarchy.
It wouldn't be terribly difficult in Russia to mandate that ISPs use the Russian system by default.
Re:Alternate DNS Servers (Score:4, Insightful)
So previously, resolution (for 99% of end users) worked like this: User > ISP DNS (recursive resolver) > Authoritative nameserver (eventually, please lets not get dragged into the weeds here, we all understand the process)
Now it will be: User > ISP DNS (forwarder) > Russian Government DNS Servers (recursive resolver) > Authoritative name server
Then, the government just requires ISP to: deny [tcp|udp] any any 53.
The only way around this would be for people to run DNS on a non-standard port (and reconfigure resolver libraries to use a non-standard port, good luck on peoples iphones) or to use a VPN to tunnel traffic. This would effectively block probably 99% of Russian (or BRICS) DNS traffic.
I don't think their goal is to block 100%. This is to block enough to have a de facto internet "Kill Switch". Anytime they want, the "Russian Government DNS" server above just disables recursive DNS resolution for everything but Russian government TLD and you've effectively shut down the Internet. This also gives the government a tremendous amount of direct access to data from users. It's terrifying and awful, but smart for them.
Re: (Score:1)
As I believe I've said before... if I were designing the Internet from scratch, I'd have it geopolitically segregated-but-connected. Geography and politics are in most cases very real and practical dividing lines.
Every nation should control its own TLD, every nation should have the ability to control what data crosses their borders. Free nations, of course, should not exercise that control absolutely... but they should still have it.
I would absolutely love a world in which we all get along and national bo
Re: (Score:2)
A nation that does not control its 'cyberspace' isn't a nation
Which nation "controls it's cyberspace" ? China is probably the closest and most people find it trivial to circumvent.
Re: (Score:2)
Re: (Score:2)
Do you have some information about the Russian filtering/blocking system?
Re: (Score:2)
It could be worse, the UN could be taking over the root servers, followed by 14 years of meetings to decide which DNS Council member would have complete control.
That sentence doesn't make sense. "UN" basically means "the collective will of the world's nations". If the world's nations collectively want something to be done, they do it (e.g. eradicate polio). If they can't collectively agree on action then it doesn't get done (e.g. help Syria).
Writing it out, your sentence becomes:
"It could be worse. The root servers could be managed by the collective will of the world's nations, followed by 14 years of meetings when they find there isn't actually a collective agreem
Re: (Score:1)
Would it be worse than Icann ?
For the Russian State? Probably not as they then don't have to worry about a loose cannon U.S. President using the system to harm Russia. For security and reliable internet access ANY country with less than stellar relations with the U.S. (and the President of the U.S.) would be well advised to do their own DNS.
Blackjack and Hookers (Score:3)
It seems to be the answer to everything these days
Re: (Score:1)
But that is usually followed by "In fact, forget the DNS... and the blackjack" so.... nothing's gonna happen, except for a lot of hookers.
Take DNS poisoning to a whole new (state) level (Score:3)
KREMVAX (Score:2)
Por que no los dos? (Score:2)
So, if my browser looked up each page in both DNS systems, and showed a warning in case of a mismatch, that would give me a higher certainty that the source is not being intercepted at the DNS level, right?
Re: (Score:2)
However if you were to query this russia DNS and some other DNS server and came up with different results then you would know either: 1) that one DNS has a different value, 2) That the address requested has load balancing IPs and you got different addresses, 3) that someone did a man in the middle attack and gave you a different address and if you are really worried that this is a possibility then you should be using DNSSEC.
What!? (Score:2)
I want to know what problem they are hoping to solve. Anyone can stand up their own DNS infrastructure. All you need is two static IP addresses and (preferrably) two computers. Just load your choice of operating system and Unbound and NSD. If the Russians are hoping to control politically objectionable material, DNS is the wrong way to go about it. If they're concerned about being denied access to the DNS system, there are easy ways to get around that too. It seems to me that Vladimir Putin does not really
Re: (Score:2)
Paranoia alongside hypocracy (Score:5, Insightful)
Every bit of that was hypocritical bull. It's an open secret that Russia has been conducting their own offensive operations for years now, and they have been getting away with it specifically because the US can't "intercept and tap global internet traffic" as the Russians claim.
But their excuses for segmenting off their own corner of the internet aren't really meant for us, anyway; they're directed inward. In fact, this entire maneuver is almost certainly directly linked to Russia's desire (and that of their allies) to more thoroughly block access at will to large swaths of the internet, for their own populace. Don't like the latest anti-Russian sentiment on Slashdot or on Facebook, because it comes to close to exposing the truth? No problem -- just block it! When they start implementing their real agenda, they'll likely position it as an "anti-porn" initiative or some such thing, but make no mistake; this is all about controlling the information that reaches the people that matter the most... the ones who might one day rise up against the Orwellian control being exerted by their government.
Information control only works for so long, before little bits of the truth leak through the cracks.
Should scare DNS providers into hardening systems (Score:2)
Perhaps I'm being a bit paranoid, but to me this suggests they're creating a backup NOT because of the USA's control over DNS, but as a backup for if they were to attack the existing DNS infrastructure. Current DNS providers should take this news as a reason to further invest in hardening their systems, and possibly pushing for bug bounties to bring vulnerabilities to light. Especially in the wake of various NSA / CIA toolkits getting exposed, there could be existing vulnerabilities known to government
Launching alternate DNS servers (Score:4, Funny)
Sure to be hacked (Score:2)
Being Russian I am sure it will be home to every hacker and ner do well on the internet. I trust them even less than I do Google, Apple and Microsoft.
In (formerly) Soviet Russia... (Score:2)
DNS looks up YOU!
How could I tell if it is a weapon (Score:2)
Re: (Score:2)
How could you tell if they ran their entire address space as one giant NAT? Even if you have an /etc/hosts IP address, how could you be sure that you were not routed back to an internal evil site at their country firewall?
Re: (Score:2)
Even if you have an /etc/hosts IP address, how could you be sure that you were not routed back to an internal evil site at their country firewall?
Exactly! The only solution that I can come up right now are self signed certs. The first time you visit a site, the browser remembers the self signed cert. Then should the next visit to the same url results in a different cert, block. But browsers seem to fear self signed certs more than an unencrypted stream.
Backup == Redundant && Coroborative (Score:2)
Interesting. So with two DNS systems, I can easily look up the DNS of a site in two independent sources, and actually corroborate it? That's fantastic! If both the USA and Russia agree, I can be way more sure.
Maybe we should have a third, like Australia, or Argentina, so we can have a 2 vs 1 determination? Hell, call it DNS-5 and store it parity-distributed like RAID-5 and be beautiful.
Re: (Score:2)
The problem is that if you ask for a site and you get three different answer - which one do you trust?
Re: (Score:2)
Silly question, as it pertains to everything on earth. 3 is better than 1. You can take the majority, you can do something else entirely, you can fail outright, you can know that something's wrong, that's the exception not the rule.
Fork you, Internet. (Score:2)
Re: (Score:2)
It doesn't work that way (Score:2)
This is just propaganda for idiots.
The main use of DNS is to resolve URLs to IP addresses, ex. www.google.com is at 54.32.87.65. Your DNS server either has the address cached or it asks another DNS server upstream if it has the address. This repeats until it gets to a top level server (.com, .org, being Top Level Domains). Anywhere along that route, a DNS server can be programmed to return whatever IP address it feels like. So if Russia wants to hijack DNS, all it has to do is put itself into that c
Re: (Score:2)
Announcing that they are going to do this overtly is just plain stupid.
Not really stupid. We can do it. They can do it. They know we can do it and we know they can do it. This is just a way of saying "Enough. No more screwing around with private entities for political purposes."
This will also give them the ability to 'resell' a domain name within their system. You want people in the BRICKS area to read your www.wsj.com page? You'd better buy that domain on our system as well as your own.