[137558] in North American Network Operators' Group
=?windows-1252?Q?Re=3A_Local_root_zone_=28Was_NYTimes=3A_Egypt_L?=
daemon@ATHENA.MIT.EDU (Steve Gibbard)
Wed Feb 16 18:38:19 2011
From: Steve Gibbard <scg@gibbard.org>
In-Reply-To: <2B8C7D7B-1F83-476E-8D05-6A6E450280AD@cs.columbia.edu>
Date: Wed, 16 Feb 2011 15:38:07 -0800
To: Steven Bellovin <smb@cs.columbia.edu>
Cc: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 16, 2011, at 3:10 PM, Steven Bellovin wrote:
>=20
> On Feb 16, 2011, at 4:25 13PM, Fred Baker wrote:
>=20
>> I don't think that the Egyptian shutdown of domain names had much =
effect; that's why the bgp prefixes were withdrawn. What was effective =
was the withdrawal of BGP prefixes.
>=20
> Per the NYT article, the issue was the Egyptian "Intranet" -- people =
couldn't contact other sites within Egypt by host name, even though the =
routes were up, because they couldn't resolve .eg, .com, etc.
This is interesting, in that according to http://www.root-servers.org =
Cairo has two root servers (F and J). The presence of a =
Verisign-operated J Root leads me to assume there are probably also =
local .com and .net servers. One of the three name servers for .EG =
looks like it could plausibly be in Cairo (IP address space registered =
to an Egyptian postal address, 100 ms response time from London). If =
DNS look-ups at that level didn't work, it seems likely that there was =
some disruption of internal connectivity as well.
Or, it may be that "the Internet" still mostly means foreign services. =
Being able to look up the addresses of Facebook's name servers isn't the =
same as being able to access Facebook. The Times article was a bit =
short of specifics on that, and I haven't seen other information on what =
it looked like internally.
There's something important to keep in mind in cases like this, though. =
Having redundancy and local copies of things is very good for protecting =
against accidental disruptions or disruptions of services in other =
jurisdictions. Protecting things that local guys with guns want to have =
go away is a somewhat different story. It seems likely that if "the =
Internet" had still been working after the things the government did to =
shut it down, the government would have done more. If somebody had =
managed to put all the pieces together and provide wide access to =
content the government wanted gone, they would probably have been told =
to stop. I'm a bit skeptical that having more local copies of things =
would have helped much.
-Steve=
