Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

There has been some periodic talk, initially regarding domains such as 
wikileaks, but more recently about entire zones in conflict areas such as Libya 
and Egypt... Is there a way that OpenNic can help against hostile government 
take-overs of the internet traffic to these areas?

The short answer: maybe

Regarding an entire TLD, we are very limited in what can be done without direct 
correspondence from the person(s) controlling that zone.  While anyone has 
direct access to the list of primary nameservers serving that zone, there is 
generally little or no detailed info available that would allow us more 
fine-grained access to information such as the list of domains under that TLD.

Now with specific domains, we have a little more information available because 
we can query that domain directly.  We can probably even get a list of all the 
subdomains and MX servers.  And of course there is a better chance that we may 
be able to correspond directly with the domain holder, and request that OpenNic 
be added as a slave zone for their domain.

Since I am regenerating a full root zone every hour, I could use that same 
window to run comparative tests against the TLDs or domains we are monitoring.  
I can look for large changes between the information we have on file and the 
information being reported by ICANN.  And since we maintain our own root, we can 
essentially 'hijack' the information presented by ICANN and substitute our own 
zone which mirrors what the true owners of the TLD or domain originally had (and 
thus continuing to provide access to the original sites).

Of course something like this  also provides the means for abuse, so we would 
want to try and take measures to prevent this, however in the end it would come 
down to a very limited number of people having access to changes, and trusting 
those people to be honest with your connectivity.  Also it would be imperative 
to be aware when a 'protected' site has been changed, so I think perhaps the 
easiest method would be to redirect traffic to a notification page which states 
that the ICANN data may be questionable, and allows the user to choose if they 
want to continue to the ICANN-presented page, or use OpenNic's cached data to 
connect to the site.

And lastly, we would need an web page which allows admins to approve or reject 
the changes to DNS (any pending or rejected changes would spawn the notification 
page to users).  This page also would provide a form for anyone to request a TLD 
or domain be added to the protection list, which would then be considered and 
voted upon by OpenNic members.

I think that just about covers what I can think of.  This would essentially try 
to cover internet access in case of government sensitivity, and also be inline 
with the issues that brought the P2P community to our doorstep a few months 
ago.  I'd love to see some discussion towards this, and I believe a basic 
framework could be set up fairly quickly, which can be fine-tuned over time.