Sovereign DNS is already here and you haven't noticed

About 4 years ago I made a small article on the subject of an impossible sovereign Internet at that time. Since that time, a lot has changed, laws and even implementations of these laws have appeared, which, as expected, has caused many publications on this topic. However, for the average user, all these movements remained invisible. Personally, I also did not have the opportunity and need to pay attention to these issues.





Quite recently, literally "the other day", there were reports in the news about the unavailability of the public DNS page from Cloudflare ( https://1.1.1.1 ) from the networks of Russian providers, for example, Rostelecom, which made me think to return to studying the issue.





A quick search through the specialized resources of the signalmen showed that the process of sovereignty of the Russian segment of the network has been going on for many months. For example, Roskomnadzor is building its own analogue of the RIPE database for Russian providers and Internet users. And, all of a sudden, the national domain name system. The NAG forum even came across a document with instructions for reconfiguring the provider's DNS in a sovereign manner, with the terrible title "Instructions for connecting telecom operators and speakers to the National Domain Name System (NDNS)".





A cursory study of this document leads to the following conclusions: NIDI is already actively used. The document provides several options for using NSID, including with a possible substitution of root DNS (see the article in wikipedia ). It is highly likely that the DNS settings that the provider issues to your device are already using NSID. Another conclusion: at present, the functioning of the NSDI is provided by the capacities of MSK-IX , which follows from the ownership of the IP addresses in the "Instructions".





At the time of this writing, the NSDI servers give the same information that is in the root.hints file in modern operating systems (the original file is located at https://www.internic.net/domain/named.root ). I did not have an unambiguous understanding of how the NSDI will help the sovereignty and what are the pros and cons of this decision. I ask you to comment on those who have understood the issue more deeply.






From kamenty:





@romancelover about NSDI goals

@ Ctm5 about dns leak

@romancelover about domestic HTTPS

@vikarti more about domestic HTTPS

@dartraiden about NSDI instructions and budgets








All Articles