Surviving DNS disruption

[Dr. Frederick B. Cohen]

Sten Drescher opined:
> sameer <sameer at c2.org> said:
> 
> >>  Is it?  This is the _one_ thing in the article (is that term giving
> >> it too much legitimacy?) that I whought was barely true.  Whoever
> >> controls the root level DNS servers effectively controls the
> >> Internet.  I postulated a couple of months ago about how the US Govt
> >> might attempt to censor the rest of the world: "Remove
> >> lurid.porno.site.other-country from your DNS system within 72 hours
> >> or we will remove references to your DNS servers from the root level
> >> servers.".  (I also speculated that if the US Govt tried doing this,
> >> that an 'underground' DNS system would form almost immediately.)
> >> 
> 
> s> 	The US govt. doesn't run the root nameservers, nor are all the
> s> root nameservers within US jurisdiction.
> 
> 	Granted, the US Govt doesn't run the US-based root servers.
> But, if an Internet 'Decency' law was passed, they certainly could try
> to threaten the US-based root server maintainers to make the cascading
> threats.  And, as I understand the way DNS resolution works, address
> requests go down to your root domain then up from the other root domain,
> i.e., for me to find out what c2.org's address is, my system requests
> from:
> NS mpd.tandem.com
> NS tandem.com
> NS com
> NS org
> 
> If this is correct, if the com NS has the entry for the org NS, I won't
> be able to resolve those names.  Of course, explicit IP addresses and
> /etc/hosts entries would still work.

We all know that an alternative DNS structure would rapidly appear, and
perhaps even a second US (black) Internet - with links between the old
and new fully automatic and transparent.  However, perhaps a good
cypherpunks project would be to create and test a contingency plan and
start an alternative DNS system in parallel with the government run ones.

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236