I spent Tuesday of last week in Manchester, New Hampshire, at a DNS confab hosted by Dyn Inc. This was different from most DNS get-togethers I’ve attended: Most DNS meetings are fairly academic, and focus on discussions of relatively arcane aspects of DNS technology. This one centered on the business of DNS, and was attended by representatives from a number of up-and-coming companies in the DNS space, including quite a few DNS hosting companies.
The high point of the meeting, for me, was taping the latest episode of The Ask Mr. DNS Podcast, my friend Matt and my irregular podcast on all things DNS (and many things not DNS). Dyn graciously provided studio-quality equipment to record a roomful of participants, and most of the attendees joined the taping session.
The most surprising part of taping the episode – besides the fact that it worked as well as it did! – was learning that China blocks access to the name servers of every DNS hosting provider attending. That’s astounding.
We’d begun discussing the recent incident involving the replica of i.root-servers.net in China. In case you’ve already forgotten, a few weeks ago a subscriber on the dns-operations mailing list noticed bogus DNS responses that seemed to come from i. It turned out that queries to i were being intercepted and answered by another name server–i.root-servers.net wasn’t involved at all.
One of our participants volunteered that this was consistent with the treatment his DNS hosting company received in China; namely, the all queries to his company’s name servers were cut off. This was followed by a round of “Yeah, us too” by every representative of a DNS hosting company in the room.
I assume this is an attempt by the Chinese (government?) to keep their citizenry away from content they deem objectionable. But think of the collateral damage: Any company using one of these DNS hosting providers is unresolvable from China. I’m sure the vast majority of Dyn’s customers are legitimate and of no concern to the Chinese. And there’s plenty of objectionable content available through other name servers.
It’s ironic, isn’t it, that some Cassandras worry that the introduction of Internationalized Domain Names heralds the balkanization of the Internet? It’s already happening, with or without IDNA.