To much fanfare, Chinese officials last week greenlighted the country’s “first root server,” which acts like a phonebook of sorts for the internet, translating internet protocol (IP) addresses into recognizable webpage domains. State mouthpieces claimed the server would “break the western monopoly” and prevent foreign powers from cutting off China’s access to some websites.
The only problem is that this isn’t true.
Editor’s note: A version of this article first appeared in TechNode’s exclusive Distilled newsletter on Dec. 21, 2019. Become a member and read it first!
“China’s Ministry of Industry and Information Technology (MIIT) has approved the establishment of a domain name system (DNS) root server by a research institute,” state news agency Xinhua said in a report on Dec. 8.
Authorities had rubber-stamped the setup of a root server at the China Academy of Information and Communications Technology (CAICT), an institute under the MIIT, according to the report.
“Breaking the monopoly held by the United States and Europe, the MIIT approves the establishment of a root name server,” stated another story the same day, this time from the Global Times, a state-owned newspaper.
The excitement stems from a false conspiracy theory circulating online in China that the US could cut access to the international internet using its root name servers. The theory claimed that a homegrown root server would eliminate this threat.
Experts say the US cannot cut one country’s access to the internet. A controlling position of the international domain name system doesn’t change that.
No new roots
MIIT’s official statement said that the CAICT had received approval to set up an instance that mirrors the contents of root servers, which is nothing new, even in China.
The CAICT’s Beijing office told TechNode that “official statements would prevail should there be any inconsistencies,” in reference to the ministry’s notice.
There are only 13 virtual root name servers around the world, named in logical form operated by 12 organizations in the US, Europe, and Japan, according to the Internet Corporation for Assigned Names and Numbers (ICANN), a US-based nonprofit organization responsible for IP numbers and domain name system roots. It also operates one of the servers.
The global root server system consists of 1,033 physical instances that mirror the 13 main servers as of Dec. 19, states the website of the Root Server Technical Operations Association (RSTOA), a body under US-based Internet Systems Consortium, another of the 12 root name server operators.
When a user types a domain name into a browser, the DNS looks up records from the nearest mirror server to translate the domain to a numerical IP address, Huang Jue, a Shenzhen-based network engineer, told TechNode.
“If there is no record found on the mirror server, the system will send queries to its upper-level servers, all the way up to the 13 root name servers,” he said. “Therefore, controlling the root name servers means controlling the distribution of IP addresses and domain names.”
China is already home to 10 root server instances, according to a map on the RSTOA site.
Imaginary threats
The fear that the US is in the catbird seat is growing in China this year, especially after the Trump administration put Chinese telecommunication giant Huawei on a trade blacklist in May.
According to the conspiracy theory, the US could also cut China’s access to the internet if it wants to.
An unverified article published on the website of the Global Times in June 2018 claimed that: “During the Iraq War in 2003, the US stopped resolving Iraq’s domains meaning that websites ending with “.iq” disappeared from the internet. In April 2004, the US shut down Libya’s internet, making it unavailable for three days,” (our translation) without providing dates or sources.
“Many people voiced their worries: What can we do if the US does the same thing to China?” the article added.
Homegrown alternatives
Chinese media have a history of inflated claims about homegrown technology. Officials and state-owned media laud any effort toward autonomy as the trade war with the US continues, giving rise to concerns over a technology “decoupling” between the world’s two largest economies.
Sometimes the hype has a basis, like Huawei’s Harmony mobile operating system, memory chips produced at state-backed enterprises, or database management tools made by domestic firms. Chinese companies, and the government are enthusiastically pursuing homegrown alternatives to foreign technologies.
In this case, they mentioned another homegrown version of the root name server system, called the Yeti DNS Project. The project is closely related to a Beijing-based private company named Beijing Internet Institute (BII) Group. A source identifying themself as a representative of BII and a participant in Yeti told TechNode the project was jointly launched by BII Group and a few other international organizations.
The source said that BII does “a large amount of the work” on Yeti. According to an article (in Chinese) published by an institute under BII Group, BII chairman Liu Dong, is also the “executive chairman” of Yeti project.
“Led by China with participation from Japan’s Widely Integrated Distributed Environment (WIDE), the Yeti DNS Project established 25 root name servers in 16 countries in 2016,” the Global Times story said last week, without giving a source.
The story does not appear to be true as published.
Yeti says that their servers are not intended to function as live root servers. According to its website, its servers are testbeds for next-generation communications protocol IPv6, which is still in an early stage of deployment. According to Yeti’s website, it is actually associated with 24 root servers maintained by 15 operators, located in 16 countries as of Dec. 20.
Lars-Johan Liman, senior systems specialist and co-founder of Swedish root server operator Netnod, told TechNode in an email that the Yeti project is “a testbed for DNS experiments,” rather than a public service for the global internet. The global DNS root service is currently carried out by the 12 traditional root server operators and “the service capacity of the system widely exceeds that of the Yeti testbed,” he wrote.
Founded in 1985 by three Japanese universities, WIDE is one of the 12 root name server operators. The organization didn’t reply to TechNode’s request for clarification.
However, some experts believe Yeti could one day be used as a substitute root system, setting off “the mother of all fragmentations.” A World Economic Forum report authored by William Drake, Vint Cerf, and Wolfgang Kleinwachter wrote that “While its proponents assert that it is not intended to provide an alternate root, it does, in effect, do exactly that.”
The BII representative declined to comment on these issues due to the project’s “sensitivity.”
Yeti is not the only organization attempting to build alternative DNS roots. Projects such as Namecoin, New Nations, and OpenNIC are already offering their own domain resolution services outside the current root name server system.
Editor’s note: The circumstances surrounding Yeti and its project is currently unclear. As you can see, there are competing claims about what Yeti is and what they are trying to accomplish. We will be looking more into this company. Expect more information about them soon.
Misplaced concerns
However, Huang, the network engineer, disagrees with the theory that the US could cut China’s international internet access, even as nine out of the 12 root server operators are in the States.
“Instances in a specific region form a wide area network and connections between countries in the network are not subject to US interference,” he said.
If one of the root servers stops operating, there are hundreds of other mirror servers to carry the load, wrote Liman in an article published on Netnod’s website.
“There remains no defined process for how to replace an existing operator with a new one, and it’s a question that the community does need to consider. But it is worth noting that, from a technical perspective, the disappearance of an entire operator is not a particularly big deal,” he wrote.
The scope for bad behavior by a rogue root server operator is “greatly limited” because an encrypted version of DNS protects the system, he wrote.
The farce reveals anxiety among Chinese people and the government, especially at a time when the rising power pushes to build up its self-reliance in technology and pledges to dominate the sector, but it also faces pushback from the US. Nevertheless, the reality is, the copy-to-China approach, and the media train that comes with it, are not helping the country meet the ambitions, or relieve the pain.