NNSquad - Network Neutrality Squad
[ NNSquad ] Re: ICANN helps China censor Internet. Root servers leak censored DNS replies outside Great Firewall
Joe, On Fri, Mar 26, 2010 at 4:45 PM, Joe Baptista <baptista@publicroot.org> wrote: > I came across a very interesting article today. > > http://bit.ly/bZbkB1 We have been discussing this on DNS Ops. I think that "I" operator has shut down that node until they can figure out what is going on. I don't understand why you want to drag ICANN into this, it's nothing to do with them. They are not aiding or abetting anyone in China who is messing with DNS replies. -- Cheers, McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel > > If the claims made in this article are correct then this issue is > significant and raises some serious questions concerning the conduct of > ICANN the U.S. government contractor for the management of the root servers. > > First this is a serious violation of RFC 2826 "IAB Technical Comment on the > Unique DNS Root". RFC 2826 requires that global networks like the Internet > have a globally unique public name space. That means you provide the same > answers to a user in China as you do for a user in the USA or anywhere else > in the world. In the case of facebook.com a root server should only publish > the addresses of the .com name servers and not be authoritative for the > domain itself. > > There are two issues here that immediately come to mind. The first is > technical. And as has been reported users were given incorrect answers. The > second issue is one of security and user privacy. Users who were given > incorrect DNS information for facebook.com were probably redirected to a > proxy site where their information could have been collected. Thats a major > security issue. > > regards > joe baptista >