The UN wants to take and break the Internet: Then What?

un-control-of-internetU.N. control of the Internet is the likely result if the U.S. gives up it’s “Internet stewardship” as planned at midnight on Sept. 30.

When the Obama administration announced its plan to give up U.S. protection of the internet, it promised the United Nations would never take control. But because of the administration’s naiveté or arrogance, U.N. control is the likely result if the U.S. gives up internet stewardship as planned at midnight on Sept. 30.

Editors Note: WSJ is a Paywalled site, so don’t bother clicking. The quoted paragraph is the only part worth reading anyhoo.

So what to do?

I remember the time back in the mid 90’s when the TLD domain system (as we know it now) was still in Release Candidate mode and a group of so-called “rogue” DNS naming root server admins (AlterNIC) basically took over the entire Internet by setting up their own Root Servers and TLD (Top Level Domain) system, and then used a DNS cache poisoning attack on BIND and (I think) replaced the official root zone file. I also remember that the Department of Commerce had to ask them to revert the change, which they did once they had made their point.

Edit:
I found the Wiki on this, so if my memory is at all foggy, the Wiki entry should help clarify. AlterNIC at Wikipedia

At that time many ISPs (most of which were still pretty small companies – as they were comprised of mostly former BBSs) also set about changing their Routing tables to use the AlterNIC alternative DNS Root name-server first for Internet lookups. In fact many ISPs didn’t remove the references even after the root zone file had been remediated back to the original ICANN Root DNS, and thus the Internet’s first “Dark Web” was born.

Alternative_DNS_root Wikipedia entry

Rogue domains revolt

If your ISP was one of the few that didn’t participate, you could simply add the Root Server name to the DNS search settings on your own machine’s network TCP/IP configuration.

You can still do this to use Alternative DNS roots today.

That’s all that would happen were the UN to take “Control” of the Internet Root. Someone would simply stand up a new TLD root server. In fact there are already several plans to do so regardless of what happens to ICANN.

That the new Root server wouldn’t be recognized by the 13 existing Root servers wouldn’t be a problem, it could actually be a feature.

If US service providers were to again be “Sympathetic” to the new Root Servers, all settings pointing to the new Root could be done on the back end and the Internet user community would not even need to change any configs on clients (computers, phones, TVs, etc.) at all.

If US service providers decide to try to resist providing access to an alternative DNS name server, all one needs to do is add the new root server to your own client Internet configuaration for DNS search.

And within minutes (literally just 20 or 30 minutes if providers cooperate) the entire Internet could route around the old damaged, censored, filtered, UN part.

Either way, there really is no “Controlling” the DNS Root. We all only participate in the current TLD system voluntarily.

As a convenience.

Were the ICANN or the UN to make it inconvenient, people will flock to an alternate even if it takes some working on their phone or computer to do so.

More information can be found here about the most credible alternative DNS project. It is called the Yeti DNS Project and provides a Live Root DNS Server system testbed.

Update:
Here is the complete wiki text about AlterNIC (as of today)

AlterNIC

From Wikipedia, the free encyclopedia (as of today)

AlterNIC was an unofficial, controversial Internet domain name registry that relied on an alternative DNS root. The primary purpose of the project was to challenge the monopoly of InterNIC, the official governing body for generic top-level domains (gTLDs) until the creation of the ICANN in 1998. AlterNIC offered second level domain registration in its own TLDs at lower prices than InterNIC. However, these domain names could only be resolved by name servers that were specifically configured to use the AlterNIC root zone. The project is now defunct; the domain name alternic.net is parked and no longer associated with AlterNIC.

Eugene Kashpureff and Dianne Boling created AlterNIC in 1995, defining it as a privately developed and operated Internet network information center and domain name registry service, with the purpose of enhancing the Internet with new information services.

In the mid-1990s, the Internet was in a governance transition phase. Until then, the organizational structure of the network was still heavily influenced by its military, academic and governmental origins. At the same time, there was a rapidly increasing interest of private companies, followed by the general public, to gain access to the Internet. Domain names began to play a crucial role in business visibility, and the number of registrations grew exponentially.
Initially, registration of new domain names and their maintenance involved no direct costs for the registrant. In 1995, the National Science Foundation authorized Network Solutions (NSI), the private company that they had mandated to maintain and operate the registries, to begin charging registrants an annual fee. Some perceived this move as unfair, given that the market was closed to competitors.

Eugene Kashpureff and company were among them and they decided to create an alternative registry to challenge the monopoly of NSI.

Alternative TLDs

AlterNIC started operating their registries even though their name servers were not included in the Internet official root zone. As a result, only users of manually reconfigured name servers were able to resolve AlterNIC names.
AlterNIC offered several dozens of alternative TLDs, such as:
.alt
.biz (unrelated to the subsequent, official .biz gTLD created by the ICANN)
.corp
.eur (European name services, by NetName)
.fam
.fcn (Free Community Network – no cost DNS for charities & non-profits. Inactive.)
.free
.sex
.usa (designed as a competitor to the official .us)
.wtv (World Tele Virtual Network commercial Internet TV. Inactive.)
.xxx (unrelated to the .xxx that was first approved, then revoked by the ICANN, and then approved again)

During the experimental phase, domains could be registered without fees using the .exp and .lnx TLDs. Some TLDs such as .ltd, .med or .xxx were operated directly by AlterNIC. The setup fee for AlterNIC registries was $50. The annual fee was $24, half of the $50 that were charged yearly by NSI for a .com or .net domain ($15 of the $50 were retained for a US Government fund).
A notable feature of AlterNIC was the possibility to request a new custom TLD for the same price as for registrations in existing TLDs. Established publishing groups had requested their own names: Wired magazine had reserved .wired[2] and IDG’s affiliate in Europe has reserved .idg

Controversy

A part of the Internet community has praised the initiative, with some recent scholarship proposing that alternative DNS roots may allow for a more democratic network control structure. Yet many others considered it harmful to the Internet. Using an alternative DNS root breaks the principle of universal resolvability, unless it is for a strictly private purpose. From a DNS perspective, it prevents some parts of the Internet to reach[sic] other parts. Jon Postel, a significant contributor to Internet standards, asserted that it would lead to chaos. In May 2000, the Internet Architecture Board spoke out strongly against alternative roots in RFC 2826.

Hijacking of InterNIC’s website

On July 11, 1997, against the advice of his AlterNIC colleagues, Kashpureff hijacked the InterNIC website, redirecting affected visitors to the AlterNIC website instead, where they could read about the AlterNIC protest or click a link to the InterNIC page. Kashpureff stopped the hijacking three days later on July 14, but started again on July 18. This led NSI, the operator of the InterNIC website, to file a lawsuit against Kashpureff.

The civil lawsuit was quickly settled, but NSI had also contacted the FBI to investigate whether Kashpureff had broken federal computer crime laws. On October 31, he was arrested in Toronto on U.S. charges related to wire fraud and faced extradition to the United States. After fighting extradition for two months, he waived his rights, and was extradited to New York City. He was released on December 24, and sentenced a $100 fine and two years of probation.
The hijacking was made possible using a DNS cache poisoning attack, exploiting a security vulnerability in versions of BIND earlier than 4.9.6.

Whoever last edited the InterNIC Hijacking hack section has attempted to minimize and disguise the AlterNIC redirect … of the entire Internet … as a hack of a “website”. I wonder why?

Advertisements