Internet Fragmentation > Russia’s National DNS
Region: Europe
Threat type: Regulation of DNS Infrastructure
Last updated: 1 December 2023
In 2019, the Russian government passed a law titled ‘Sovereign Internet’. As part of this legislation, a National DNS was created, which replicates the global DNS. The stated reason was that Russia wanted to mitigate the threat of being disconnected from the DNS (specifically something called the global root).
An Autonomous System (AS) is a collection of networks of IP numbers that are managed by a single entity, all following the same set of rules. Everyone who operates an AS in Russia is required to connect to the NDNS and perform their name resolution through it. They are expected to use a local root server, which will give a government-approved backup copy of the root zone. Or, they could use a public National DNS resolver, directly, or through the network’s own resolvers.
Name resolution is normally done by a global DNS provider. Several companies have already been fined for the failure to connect to the Russian National DNS. This approach to domain name resolution fragments the global Internet.
The ‘Sovereign Internet’ law in Russia requires that all network operators that have an ASN use the National DNS beginning 1 January 2021. The Ministry of Communications and Roscomnadzor (the body responsible for monitoring, controlling, and censoring media in the country) established the Center for Monitoring and Management of Public Communication Networks, to develop the technical instructions on how to use the National DNS.
Russia’s National DNS is based on an approach that fundamentally fragments the global DNS, and, as a result, undermines and fragments the global nature of the Internet itself. It uses what’s called an alternative root. Because all DNS requests have to go through this system, it can be used as a tool for censorship and surveillance, violating citizens’ privacy and security.
Even though this policy’s stated aim is to mitigate the threat of being disconnected from the global DNS, this approach also creates a single point of failure. It could affect the availability, performance, and resilience of the DNS resolution service.
About The Author
More Stories
Remembering Alan Barrett: A Builder of the African Internet
From Email to Case Study: What We Learned About Connecting Refugee Communities in Just One Year
Local Infrastructure, Lower Costs: How Peering Is Moving the Needle on Internet Affordability