Internet Fragmentation > Russia’s National DNS

Mandating Certain Types of Connections Is Risky

Region: Europe
Threat type: Regulation of DNS Infrastructure
Last updated: 1 December 2023

A measure in Russia’s “Sovereign Internet” law undermines the availability, performance, and resilience of the Internet.

In 2019, the Russian government passed a law titled ‘Sovereign Internet’. As part of this legislation, a National DNS was created, which replicates the global DNS. The stated reason was that Russia wanted to mitigate the threat of being disconnected from the DNS (specifically something called the global root).

An Autonomous System (AS) is a collection of networks of IP numbers that are managed by a single entity, all following the same set of rules. Everyone who operates an AS in Russia is required to connect to the NDNS and perform their name resolution through it. They are expected to use a local root server, which will give a government-approved backup copy of the root zone. Or, they could use a public National DNS resolver, directly, or through the network’s own resolvers.

Name resolution is normally done by a global DNS provider. Several companies have already been fined for the failure to connect to the Russian National DNS. This approach to domain name resolution fragments the global Internet.

Status

The ‘Sovereign Internet’ law in Russia requires that all network operators that have an ASN use the National DNS beginning 1 January 2021. The Ministry of Communications and Roscomnadzor (the body responsible for monitoring, controlling, and censoring media in the country) established the Center for Monitoring and Management of Public Communication Networks, to develop the technical instructions on how to use the National DNS.

Our Position

Russia’s National DNS is based on an approach that fundamentally fragments the global DNS, and, as a result, undermines and fragments the global nature of the Internet itself. It uses what’s called an alternative root. Because all DNS requests have to go through this system, it can be used as a tool for censorship and surveillance, violating citizens’ privacy and security.

Even though this policy’s stated aim is to mitigate the threat of being disconnected from the global DNS, this approach also creates a single point of failure. It could affect the availability, performance, and resilience of the DNS resolution service.

Green background with patterns

Talking Points

  • An alternative DNS system threatens to fragment the Internet, creating an alternative name space that could make it difficult to even connect to the global Internet again.
  • Mandated routing such as National DNS creates a nation-wide censorship and surveillance tool. It enables surveillance of Internet traffic, and can cause users to be blocked or redirected to specific content.
  • An alternative DNS system like this creates a single point of failure, which affects the availability, performance, and resilience of DNS resolution in the country.
  • It’s important not to disconnect any country from the global DNS. Not only does it fragment the Internet, it makes it even more difficult for people who need information most to get access to it.

Learn More