Theres been a lot of chatter that an internet blackout could be acheived by just taking out DNS root servers.
Take out the DNS servers (physically or by exploiting a flaw like the one this Kaminsky guy discovered), and the internet becomes pretty much unsuable.
The importance of DNS root servers isn’t widely discussed—the end user rarely needs to worry about them—but in the grand scheme of things, they truly are the Internet’s backbone.
When it comes to security, the DNS is still one of the most overlooked parts of an organization’s infrastructure.
It would not really be a black out since everything will still be up and running. You would need a local host file to keep running or know the actual IP address of the site you're trying reach. There are also MANY DNS servers on the internet that you can manually repoint to.
You don't need to make it impossible, just inconvenient. People love being lied to. It's easy as hell to get around China's great firewall but almost nobody does.
Hell, going on parts of the internet other than facebook/twitter/google feels like a completely different network. Normal people don't organically end up on the open internet anymore and that's without any barriers in place yet.
Yes but who knows the actual IP addresses of any websites?
Would using google/cloudflare DNS servers actually get around a root server attack?
And could this "DNS cache poisoning" that he discovered (The DNS design vulnerability that has still not been fully fixed) be used to point everyone to an impersonated website if you are using host files/direct IPs methods?
Theres been a lot of chatter that an internet blackout could be acheived by just taking out DNS root servers.
Take out the DNS servers (physically or by exploiting a flaw like the one this Kaminsky guy discovered), and the internet becomes pretty much unsuable.
this is why we got them there spacex satellites up now
It would not really be a black out since everything will still be up and running. You would need a local host file to keep running or know the actual IP address of the site you're trying reach. There are also MANY DNS servers on the internet that you can manually repoint to.
You don't need to make it impossible, just inconvenient. People love being lied to. It's easy as hell to get around China's great firewall but almost nobody does.
Hell, going on parts of the internet other than facebook/twitter/google feels like a completely different network. Normal people don't organically end up on the open internet anymore and that's without any barriers in place yet.
Yes but who knows the actual IP addresses of any websites?
Would using google/cloudflare DNS servers actually get around a root server attack?
And could this "DNS cache poisoning" that he discovered (The DNS design vulnerability that has still not been fully fixed) be used to point everyone to an impersonated website if you are using host files/direct IPs methods?
https://qagg.news/darkness.php This article should help you out
That is just explaining how to setup a hosts file.
My question is if DNS cache poisoning (website impersonation) was used, would cloudflare dns, or hosts file even get around that?
Its never happened before so would any civilians even know the answer? Even the guy that wrote that isnt 100% sure hosts editing would work tbh.