discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Zach Gibbens <infocop411 AT gmail.com>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] Idea for 'protected' domains
- Date: Sun, 06 Mar 2011 07:24:05 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:disposition-notification-to:date:from:user-agent :mime-version:to:subject:references:in-reply-to:x-enigmail-version :content-type; b=m6yZ6dmnj65Gp9YF6pbB2Jhxnw8khaHVBlZaowwPUL3pitJjzHcXIli9GivEk9npI9 casIDImwawUbNVXlezHI1QNbZTSrZbpUYI7G/ZxivMhqoEQFGlMtWZKEgRPukfR1ddLl 1r/5Sxa5Bgw6QLbsDw2bRJGZKoTFZDLjXv7Ws=
- List-archive: <http://lists.darkdna.net/pipermail/discuss>
- List-id: <discuss.lists.opennicproject.org>
I like this, but keep in mind, Egypt shut down their BGP routers for
most of the country, and Libya is routing all traffic to a blackhole
both have dial up access outside Libya and Egypt (and international
calling has yet been affected) so this might work for www.google.com.eg
if it just routes to a European or Israeli server instead.
for any service that exists entirely inside an affected area, we'll have
select sites DNS going, pointing at what may as well be nonexistent
addresses.
The more tools the better, and this does solve half the problem, at
least in theroy. The other half is a matter of actually getting sites
usable connections, or for that matter, getting the clients unfettered
access to the servers too. This is the main reason I've been looking at
extremely large scale mesh networking, amongst other ideas, gets the
servers online with minimal work, gets the clients up with a little more
effort, we hadn't gotten quite that far into DNS yet. (I was suggesting
grabbing an opennic domain, but perhaps this idea simplifies bits, one
concern someone else in this project group was that the idea of DNS
Hijacking could easily further complicate matters, esp if the Gov't
could push out records pointing at propaganda sites, and even worse,
using this system against itself in the process)
One thought due to those concerns, perhaps create a new TLD .ICANN? and
have every change under that, doesn't exactly fix all the issues, but
complex problems tend to make KISS impossible.
It's clear that this is a perplexing issue (I think it's the first time
I've ever seen mainstream US Media carrying Al-Jazeera in a positive
light, and the DPRK, the most isolated country in the world, most
repressive control of information, has preemptively mobilized army units
for fear of this spreading their way) and access to information has been
a key component for success, I'll definitely pass this around.
On 06/03/11 02:39, Jeff Taylor wrote:
> There has been some periodic talk, initially regarding domains such as
> wikileaks, but more recently about entire zones in conflict areas such
> as Libya and Egypt... Is there a way that OpenNic can help against
> hostile government take-overs of the internet traffic to these areas?
>
> The short answer: maybe
>
> Regarding an entire TLD, we are very limited in what can be done without
> direct correspondence from the person(s) controlling that zone. While
> anyone has direct access to the list of primary nameservers serving that
> zone, there is generally little or no detailed info available that would
> allow us more fine-grained access to information such as the list of
> domains under that TLD.
>
> Now with specific domains, we have a little more information available
> because we can query that domain directly. We can probably even get a
> list of all the subdomains and MX servers. And of course there is a
> better chance that we may be able to correspond directly with the domain
> holder, and request that OpenNic be added as a slave zone for their domain.
>
> Since I am regenerating a full root zone every hour, I could use that
> same window to run comparative tests against the TLDs or domains we are
> monitoring. I can look for large changes between the information we
> have on file and the information being reported by ICANN. And since we
> maintain our own root, we can essentially 'hijack' the information
> presented by ICANN and substitute our own zone which mirrors what the
> true owners of the TLD or domain originally had (and thus continuing to
> provide access to the original sites).
>
> Of course something like this also provides the means for abuse, so we
> would want to try and take measures to prevent this, however in the end
> it would come down to a very limited number of people having access to
> changes, and trusting those people to be honest with your connectivity.
> Also it would be imperative to be aware when a 'protected' site has been
> changed, so I think perhaps the easiest method would be to redirect
> traffic to a notification page which states that the ICANN data may be
> questionable, and allows the user to choose if they want to continue to
> the ICANN-presented page, or use OpenNic's cached data to connect to the
> site.
>
> And lastly, we would need an web page which allows admins to approve or
> reject the changes to DNS (any pending or rejected changes would spawn
> the notification page to users). This page also would provide a form
> for anyone to request a TLD or domain be added to the protection list,
> which would then be considered and voted upon by OpenNic members.
>
> I think that just about covers what I can think of. This would
> essentially try to cover internet access in case of government
> sensitivity, and also be inline with the issues that brought the P2P
> community to our doorstep a few months ago. I'd love to see some
> discussion towards this, and I believe a basic framework could be set up
> fairly quickly, which can be fine-tuned over time.
> _______________________________________________
> discuss mailing list
> discuss AT lists.opennicproject.org
> http://lists.darkdna.net/mailman/listinfo/discuss
Attachment:
signature.asc
Description: OpenPGP digital signature
- [opennic-discuss] Idea for 'protected' domains, Jeff Taylor, 03/06/2011
- Re: [opennic-discuss] Idea for 'protected' domains, Richard Lyons, 03/06/2011
- Re: [opennic-discuss] Idea for 'protected' domains, Jeff Taylor, 03/06/2011
- Re: [opennic-discuss] Idea for 'protected' domains, Zach Gibbens, 03/06/2011
- Re: [opennic-discuss] Idea for 'protected' domains, Jeff Taylor, 03/06/2011
- Re: [opennic-discuss] Idea for 'protected' domains, Jeff Taylor, 03/06/2011
- Re: [opennic-discuss] Idea for 'protected' domains, Peter McCann, 03/06/2011
- Re: [opennic-discuss] Idea for 'protected' domains, Jeff Taylor, 03/06/2011
- Re: [opennic-discuss] Idea for 'protected' domains, Larry Brower, 03/06/2011
- Re: [opennic-discuss] Idea for 'protected' domains, Jeff Taylor, 03/06/2011
- Re: [opennic-discuss] Idea for 'protected' domains, Peter McCann, 03/06/2011
- Re: [opennic-discuss] Idea for 'protected' domains, Richard Lyons, 03/06/2011
Archive powered by MHonArc 2.6.19.