1

Are seven keys able to turn off the internet?

I had recently researched the possibility of turning off the internet, and found an explanation in another forum: How to take down the internet?

The distributed nature of the internet makes it really impossible to destroy all of it, and all the information on it, without destroying every computer as well, which you seem to be excluding. To erase all access everywhere you must contact every computer on the internet.

Meet the seven people who hold the keys to worldwide internet security

What these men and women control is the system at the heart of the web: the domain name system, or DNS. This is the internet's version of a telephone directory – a series of registers linking web addresses to a series of numbers, called IP addresses. Without these addresses, you would need to know a long sequence of numbers for every site you wanted to visit. To get to the Guardian, for instance, you'd have to enter "77.91.251.10" instead of theguardian.com.

I really wanted to know if the 7 keys really can have this possibility. To me this sounds a lot like fiction

Lambert macuse
  • 503
  • 3
  • 11
  • 4
    a really brief answer is that DNS is not the same as the Internet itself; please reread the second quotation you posted. DNS is more centralized than the Internet – Avery Sep 03 '21 at 15:43
  • The linked article is over seven years old at this point, so even if it was true at the time, it's unlikely that it would still be true. Are you asking if it was true at the time, or today? – LShaver Sep 03 '21 at 16:28
  • @LShaver I mean today – Lambert macuse Sep 03 '21 at 16:32
  • 3
    Are either of these links actually claiming that "seven keys can turn off the entire Internet"? If so, can you quote the section(s) in which they claim that? At the moment, neither of your quotes are claiming what you're asking. – F1Krazy Sep 03 '21 at 16:45
  • I read the entire *Guardian* article very carefully, and as far as I can tell, it never explicitly claims that those seven people can actually "switch off" off the internet, instead referring to this notion as a "rumor." – Kevin Sep 03 '21 at 21:17
  • 1
    They can't. They can't even actually take down DNS - at worst they could render the current DNSSEC infrastructure untrustworthy and we'd make seven new keys, select seven new trustworthy people to hold them, and then re-sign the root zones. – Shadur Sep 04 '21 at 09:37
  • @LShaver [It's still true at this time](https://www.iana.org/dnssec/ceremonies). Kinda-sorta, [at least](https://www.icann.org/en/blogs/details/the-problem-with-the-seven-keys-13-2-2017-en) – David Hammen Sep 05 '21 at 03:59

1 Answers1

11

Taking down DNS is not the same as taking down "the internet". As the quote says, DNS is like a phone book for the internet; if you want to call Joe Smith, then you look up "Joe Smith" in the phone book, and you get a series of numbers that you can dial to call Joe Smith. If the phone book ceases to exist (indeed, if every phone book in the world ceases to exist), that does not mean that Joe Smith himself ceases to exist, nor that Joe Smith's phone ceases to exist. It simply means there is no easy way to look up Joe Smith's phone number in any public record; either you know his number, or you can't call him.

DNS is kind of the same. When you type in "www.google.com", your web browser looks up that name in the internet phonebook (the DNS server) and sees what comes out of it. It then takes that "phone number" that it got (by analogy) and "calls" (by analogy) that number. It then displays to you what it got as a response. If the DNS server (the "phone book", as it were) were to cease to exist, that would not mean that Google would cease to exist, nor would it mean that Google would cease to be accessible; it would simply mean that you would need to know Google's "phone number" in order to access it. This is not particularly different from having to know that Google's "name" is "www.google.com"; the only difference is that the "phone number" is more difficult to remember than "www.google.com".

Incidentally, "a long sequence of numbers" in that article is kind of misleading. An IP Address ("phone number") for a web domain is a set of exactly 4 numbers, each number between 0 and 255 (for an IPV4 address, which most web addresses are; IPV6 exists but is not widespread, and most domains that use IPV6 usually also have an IPV4 address for legacy compatibility). 4 numbers is not a particularly "long".

Ertai87
  • 516
  • 4
  • 11
  • 7
    In the absence of DNS, you (mostly!) can't use HTTPS, because HTTPS certificates are (mostly!) issued to domains and not directly to IP addresses (but see https://1.1.1.1 for a counterexample). This means that taking down DNS would effectively ruin online commerce and banking, at least in the short term. – Kevin Sep 03 '21 at 21:19
  • Your comments about "long string of numbers" apply to IPv4 addresses, but not to IPv6. An example of an IPv6 is "2001:0db8:85a3:0000:0000:8a2e:0370:7334". – Paul Johnson Sep 05 '21 at 09:29
  • Someone will set up alternative DNS root servers or just distribute copies of the data they had before they were taken down. Pointing everyone to the new servers will be a problem (especially without working Internet chat rooms and emails). – user253751 Sep 08 '21 at 08:12
  • @Kevin - not just eCommerce & banking - most sites, especially ones that require login, have https nowadays, take this one for example – komodosp Sep 08 '21 at 11:22
  • @PaulJohnson: Which in canonical form would be written `2001:db8:85a3::8a2e:370:7334`. Still long, but not nearly as long. – Jörg W Mittag Sep 08 '21 at 12:23
  • @colmde: Sure, but the economic losses from commerce and banking will dwarf the losses from the rest of the internet, so I focused on that. – Kevin Sep 08 '21 at 17:42
  • OP specifically asked if taking down DNS will take down the internet. It will take down parts on the internet, sure, but it will not take down the entire internet. – Ertai87 Sep 08 '21 at 18:09