Sten Drescher opined:
sameer <sameer@c2.org> said:
Is it? This is the _one_ thing in the article (is that term giving it too much legitimacy?) that I whought was barely true. Whoever controls the root level DNS servers effectively controls the Internet. I postulated a couple of months ago about how the US Govt might attempt to censor the rest of the world: "Remove lurid.porno.site.other-country from your DNS system within 72 hours or we will remove references to your DNS servers from the root level servers.". (I also speculated that if the US Govt tried doing this, that an 'underground' DNS system would form almost immediately.)
s> The US govt. doesn't run the root nameservers, nor are all the s> root nameservers within US jurisdiction.
Granted, the US Govt doesn't run the US-based root servers. But, if an Internet 'Decency' law was passed, they certainly could try to threaten the US-based root server maintainers to make the cascading threats. And, as I understand the way DNS resolution works, address requests go down to your root domain then up from the other root domain, i.e., for me to find out what c2.org's address is, my system requests from: NS mpd.tandem.com NS tandem.com NS com NS org
If this is correct, if the com NS has the entry for the org NS, I won't be able to resolve those names. Of course, explicit IP addresses and /etc/hosts entries would still work.
We all know that an alternative DNS structure would rapidly appear, and perhaps even a second US (black) Internet - with links between the old and new fully automatic and transparent. However, perhaps a good cypherpunks project would be to create and test a contingency plan and start an alternative DNS system in parallel with the government run ones. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236