Hacker News new | ask | show | jobs
by rosndo 1573 days ago
> I agree with his remarks. You are not arguing against them, but against some fictional re-imagining of what they might've been.

Please drop the unnecessary insults. I read what he wrote before my first reply, and this is specifically what I am objecting to:

> 2) Shut down the root nameservers inside Russia. That would make connectivity spotty for many users inside Russia, but mostly regular folks, not government or military users.

It is a downright lie, shutting down root nameservers inside Russia wouldn’t make connectivity inside Russia “spotty”.

Slight increase in latency to foreign root nameservers would have no noticeable impact as you can always query them in the background.

PS. Why do you need to be such an asshole about this? It’s completely unnecessary. You aren’t the only person in the world with networking experience, you aren’t special.
1 comments
inopinatus 1573 days ago
> Please drop the unnecessary insults

Your "anyone with a basic understanding" line was a blunt and unsmiling allegation of incompetence. When dishing out abuse, don't complain when it comes around to bite you.

> You aren’t the only person in the world with networking experience, you aren’t special.

Neither are you, I suspect, but please do keep trying to erase my right to express a view, it's just so charmingly effective.

As for the actual assertion, about connectivity, pay close attention to the clause: "regular folks, not government or military users".

Bill's claim is not a lie. The argument being expressed against is focused on DNS in theory, not in practice. As the classic ISC t-shirt represents, critical infrastructure is a nine-layer stack, not seven, of which Bill is no doubt acutely aware. I have traveled in totalitarian countries and can confirm first-hand that they restrict civilian access to foreign DNS servers, both authoritative and resolver, and connectivity for "regular folks" is very much directly impacted.

link
rosndo 1573 days ago
Regular folks will not suffer from slightly increased root NS latency, their resolver will cache the replies. The TTLs are long, root nameservers don’t need to be queried frequently.

The world is full of countries without locally hosted root nameservers, they do just fine. That’s a vast body of evidence that directly contradicts this claim.

Removing root nameservers from Russia would be an utterly meaningless gesture without any real world impact.

> I have traveled in totalitarian countries and can confirm first-hand that they restrict civilian access to foreign DNS servers, both authoritative and resolver, and connectivity for "regular folks" is very much directly impacted.

Russia does not do this. That’d be a completely separate issue.

link
inopinatus 1573 days ago
You're really stuck on assuming it's a latency concern, but that was never the issue - it's the fiction I mentioned earlier.

> Russia does not do this. That’d be a completely separate issue

Russia already does this. They literally made a law enabling it, a couple of years ago, and then ran a live test in the middle of 2021. Look up "sovereign internet bill". Aside from the great-firewall-wannabe provisions, it specifically enables a Kremlin-controlled fork of the DNS.

And yes, it's all there in Bill's remarks. I suggest reading them.

link
rosndo 1573 days ago
Russia set laws to do this, Russia is not actively doing this, Roskomnadzor is capable of doing this at any time.

All of the above are true.

I guess I’m the only one of us that actually works with this stuff in Russia on a regular basis.

Removing root nameservers from RF would have zero real-world impact unless the RF government decided to take additional actions after that.

link
inopinatus 1573 days ago
I haven't been back in Russia since 1991. That was another interesting year for infrastructure, to be sure.

But on this day in history I would not bet against the likelihood of an Iron Curtain descending once more.

link