[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Local root zone (Was NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet)



On Feb 16, 2011, at 3:10 PM, Steven Bellovin wrote:

> 
> On Feb 16, 2011, at 4:25 13PM, Fred Baker wrote:
> 
>> I don't think that the Egyptian shutdown of domain names had much effect; that's why the bgp prefixes were withdrawn. What was effective was the withdrawal of BGP prefixes.
> 
> Per the NYT article, the issue was the Egyptian "Intranet" -- people couldn't contact other sites within Egypt by host name, even though the routes were up, because they couldn't resolve .eg, .com, etc.

This is interesting, in that according to http://www.root-servers.org Cairo has two root servers (F and J).  The presence of a Verisign-operated J Root leads me to assume there are probably also local .com and .net servers.  One of the three name servers for .EG looks like it could plausibly be in Cairo (IP address space registered to an Egyptian postal address, 100 ms response time from London).  If DNS look-ups at that level didn't work, it seems likely that there was some disruption of internal connectivity as well.

Or, it may be that "the Internet" still mostly means foreign services.  Being able to look up the addresses of Facebook's name servers isn't the same as being able to access Facebook.  The Times article was a bit short of specifics on that, and I haven't seen other information on what it looked like internally.

There's something important to keep in mind in cases like this, though.  Having redundancy and local copies of things is very good for protecting against accidental disruptions or disruptions of services in other jurisdictions.  Protecting things that local guys with guns want to have go away is a somewhat different story.  It seems likely that  if "the Internet" had still been working after the things the government did to shut it down, the government would have done more.  If somebody had managed to put all the pieces together and provide wide access to content the government wanted gone, they would probably have been told to stop.  I'm a bit skeptical that having more local copies of things would have helped much.

-Steve