Let’s say the US government is overthrown and the new ruling dictatorship wants to completely shut down the Internet in the US.
I say there is no practical way to do this, but others argue that there are key DNS servers around the country that map domain addresses and if you could take those down you could effectively shut down the ‘Internet’.
Any truth to that? Not that I’m planning anything anytime soon… 
Shutting down the root DNS servers within the US would definitely make things inconvenient. It wouldn’t shut down the Internet as such, but it would make it very difficult to look up DNS records.
But there are other root servers around the world which are not in the US. So it wouldn’t be so hard to route around the damage, as it were.
But you don’t need to worry about DNS if you are a Benevolent Dictator for Life of the US. Just nationalize all the telecom companies and tell them to turn off all of their switches that carry IP traffic. You will have successfully shut down the Internet in the US, and much of the rest of the world that relies on those circuits.
All Internet service providers with U.S. customers will be subject to U.S. jurisdiction. Your hypothetical dictatorship can order them all to shut down. A few Americans probably could obtain Internet access through bootleg connections, but for the large majority, the Internet would be shut down.
Worth noting that taking down enough DNS roots to “turn off Internet” in the US would also practically turn it off almost everywhere else. DNS servers don’t correspond much to geographic boundaries, an ISP in (say) Belgium is as likely to be using a US DNS root as not.
EDIT: it’s also worth noting this method is pretty slow. You have to wait for the local TTL (time-to-live) to expire before your local DNS will talk its parent, and TTLs can be anywhere from 5 minutes to 24 hours to weeks. (Depending on the domain/ISP.)
Sorry, don’t mean to double-post, but it occurs to me that between the TTL length of time, and the fact that DNS isn’t strictly necessary to the functioning of the Internet, I don’t think this method would work at all.
What would happen is that sites, once they get news of the DNS shutdown, would use their TTL grace period to post their direct IP so that you could still access the site without using DNS at all. Once the IP for a server that lists other server’s IPs is out there, the information will just be broadcast or passed person-to-person, and you end up with a psuedo-manual-DNS system.
I guess this gets back to “nationalize all the telecom companies and pull the plug” as the most effective method.
That won’t work for name-based virtual hosts.
In any case, it wouldn’t matter in the long run. When news of the shutdown gets out, volunteers would simply get together to combine their DNS caches and create alternate root DNSes and distribute them. The addresses of the root servers aren’t hardwired into the Internet’s brain; they’re entirely configurable.
It would cause a lot of chaos, and would eliminate authoritative verification of domain records, but the system as a whole could survive a root-server meltdown largely intact.
You have to keep in mind that the Internet was initially a DARPA defense project. It was intentionally designed as a node-based system so that if one or several nodes were taken out, traffic automatically re-routes itself around the damaged nodes and carries on. It is very much like a living beast, or perhaps even a virus, that has its own will to survive and propagate itself. You can wound it (shut down servers, put up firewalls, pass injunctions against ISPs, etc.) but you can not kill it. Even its creator can not stop it now that it has been put in motion and become so entrenched around the world. As others have mentioned, the most you can really do is make it inconvenient to access from certain locations but in order to truly “turn off the Internet” you’d have to shut down every connected electronic device in the world. Only a zombie epidemic could accomplish that.
Not just DNS servers but also take down the Internet Exchange Points (IXP). There are several in the US, but the two that come to mind are MAE EAST and MAE WEST.
ISTR it went down on September 11th for several hours.
Not sure exactly how flying a couple planes into a building accomplished that.
Also, I’ll note that shutting down electrical power would get the vast majority of the populace offline pretty quickly.
You recall incorrectly. Several news websites were overwhelmed with traffic, though.
That’s because it didn’t happen.
As evidenced on this very board by the real-time thread that sprang up on 9/11.
As mentioned, it didn’t happen. However, there was some significant infrastructure in and around the WTC buildings that was disrupted, so if you were in the New York area it’s possible that YOUR internet connection was affected. I was working for Williams Communications at the time and we had some fairly major disruptions that we are were all trying to work through.
As noted wrt the question in the OP, if an absolute dictatorship arose in the US and wanted the internet to be shut off to the majority of Americans it would be easy enough to do…simply seize/nationalize the various telco companies and provides and tell them to shut down. Destroying several of the key nodal sites or tiered peer sites would have a similar effect at least wrt getting traffic outside of any local/regional networks.
Or you could nuke it from orbit if you REALLY wanted to be sure…
-XT
Turning off DNS would just encourage people to reroute to foreign DNS. As mentioned above, some groups would put together their won. I would not be surprised if some countries already have contingency plans to hijack the root domains should they get into an Internet Pissing (IP) match with the USA and wish to override the US setting locally. If they shut off DNS but not internet traffic routing, a jury-rigged replacement system will be up quickly.
Turning off all routing would work too. Depends how many smaller ISPs use private lines vs. public carriers. Also, how many other functions use that configuration. As Egypt found when they tried to turn off the internet,a few enterprises had private international lines. Similarly, they helped destroy what little tourism was left since a lot of hotel and tour websites were inaccessible from outside.
Finally, if you shut down all traffic instead - what about functions like VOIP, credit card authorizations, ATMs, and inter-business data transfers? Are they willing to accept “collateral damage”? How and under what authority would the government order a business to stop a service that is essentially its core business? How would you serve such an order on every small ISP, or are you relying on the larger businesses to do it? How does Bell know which lines are private WAN data and which are connections to the internet, possibly outside the country?
The answer is, like shutting down all air travel for a few days, it’s something the US might get away with once, it will have flaws, and it will massively disrupt the entire economy locally and around the world. Afterwards, the system will be reconfigured so a repeat will be impossible.
(When I flew into JFK from Europe Sept. 28, 2001, there were no functioning ATMs in any of the terminals we tried. They all apparently went through the WTC and had not been fixed yet. Fortunately, we had JUST enough US cash for 2 bus tickets to Grand Central, where the ATMs were fine. Now we make it a point to have sufficient cash for the first day when flying into somewhere… just in case. If you turn off the internet and ATMs or credit card systems are collateral damage - imagine the chaos.)
I suspect a more insidious action would be to filter and re-route, as the Great Firewall of China does. Just plunk some filters on the root DNS servers, on the key nodes, then work your way down from there. However, it only works once, and only for a while. The Chinese one ISTR only works for those not willing to be clever, and of course the penalty for trying to evade it there is a bit more harsh…
I was at my desk at Diebold HQ in Ohio on that day, and the Internet became close to unusable shortly after the attacks and for a substantial portion of the day.
I wonder, however, if it wasn’t just the company’s ISP making unfortunate routing decisions.
Perhaps all of the employees trying to hit the Fox News website at the same time was the problem…
Haha, what about Cable TV? If they didn’t have a riot when the shutdown was done, they’re sure have one once grandma found out she couldn’t watch Everybody Loves Raymond due to it.
Might have just been overwhelmed with traffic of folks frantically searching for information or streaming video of the event. Your companies ISP might have been badly tuned or completely oversubscribed or something along those lines, and the additional traffic put them over the top. There was a large regional nodal site that was definitely affected, and perhaps your companies ISP had peer trunks going through that node, and it took them a while to re-converge.
I’d go with the overwhelmed by traffic theory though, if I were a betting man.
-XT
While that that would eventually take down the internet it would be up for a surprisingly long amount of time. A few months ago all of San Diego and surrounding cities lost power at around 4 pm for about 8 hours. With not much else to do I surfed the internet from my cell phone until about 11:00 when I went to bed. A lot of the infrastructure has battery and generator backup and could stay up for days. I remember the email I got from San Diego Gas and Electric saying the power was out that I read on my phone during the blackout.
Heh - reminds me of the NYC transit strike when the automated announcement system kept telling all the (completely empty) stations that there was no train service.
Killing the DNS roots wouldn’t permanently destroy the internet, but I think it would be a lot harder (and take a lot longer) to recover from than people are suggesting. It would definitely make a good “first strike” to effectively grind the internet to a halt while you implement more permanent solutions that take longer.
Were I an evil overlord, my plan would be:
[ol][li]Kill the root DNS servers that reside within the U.S.[/li][li]Cut the trans-oceanic fiber optic trunks (there are surprisingly few of them)[/li][li]Shut down all U.S. communication satellites (or, in any case, lock out all non-military access)[/li][li]Force the Tier 1 ISPs to cease operation.[/li][/ol]
Step 1 comes first. Steps 2, 3, and 4 are concurrent operations. Whether or not 4 is “practical” depends on how much power our hypothetical dictator is. But the way I figure it, if you’re powerful enough to either overwhelm or co-opt the U.S. armed forces, I can’t see Verizon or Sprint (etc.) giving you any lip.
This would effectively cut off the U.S. portion of the Internet with the rest of the world, and turn the U.S. internet it isolated regional pools with no reliable interconnection. The U.S. internet would still probably be technically interconnected, but without the Tier 1 ISPs, the surviving connections between major urban areas would likely not have enough capacity to effectively route interstate traffic without physically laying new circuits. As supreme dictator of the U.S., that should be pretty easy to prevent.
Much like the one SDMB is currently experiencing, no?