
When the Internet Nearly Fractured, and How It Could Happen Again - bjonathan
http://www.theatlantic.com/technology/archive/11/02/when-the-internet-nearly-fractured-and-how-it-could-happen-again/71662/
======
blntechie
Shoot me down if i'm ignorant but isn't this possible even now?

Don't we already have several independent DNS providers who can just make
domains resolve as they want and create an alternate web?

Feels like everything works on a consensus and good faith to me. Just imagine
if Google with its 8.8.8.8 DNS server configured in many systems can make
bing.com resolve to google.com. right?

~~~
ZoFreX
Services such as your ISP's or Google's DNS servers are not "independent" in
the same sense as AlterNIC. They still defer to the root DNS servers (the
servers named after the letters of the alphabet mentioned in the article) and
are basically just proxies or caches.

An alternate DNS /root/ would also mean an alternate place to go to register
domain names, which is what is meant by fracturing - google.com may point to
different IP addresses depending on your root.

You are correct that widely trusted DNS servers could potentially hijack
people even now, but it is a slightly different problem to the one being
discussed in the article.

------
nbpoole
A very interesting read. :-)

At one point, the article seemed to conflate the running of AlterNIC with the
hijacking of InterNIC (although it later clarified that the hijacking was done
via a vulnerability in BIND). In case anyone else is interested:

[http://en.wikipedia.org/wiki/AlterNIC#Hijacking_of_InterNIC....](http://en.wikipedia.org/wiki/AlterNIC#Hijacking_of_InterNIC.27s_website)

 _The hijacking was made possible using a DNS cache poisoning attack,
exploiting a security vulnerability in versions of BIND earlier than 4.9.6._

------
cturner
What are the downsides of the current DNS arrangement? Could any be leveraged
to make a serious challenge, to create something that was more independent of
government?

Please shoot these ideas down:

\- Find a very liberal nation, create a subdomain, and then subnet it. e.g.
reassign.nz

\- Create a wikipedia-like community around a subdomain arrangement. Start
with the current world DNS, but immediately fork. Make decisions based on
debate around a fixed set of values.

~~~
rst
It's technically possible for an alternate DNS root to delegate the standard
top-level domains (.com, .org, .net, ccTLDs like .ca and .ly, etc.) to the
ICANN-managed DNS roots, while supporting extra TLDs of its own. (Which is
what was happening with the .42 TLD a few weeks back.)

Of course, you're trusting the people running the alternate root not to mess
with the namespace in ways that you _don't_ expect...

