The Russian Internet’s domain problems and how the war in Ukraine narrows the Kremlin’s options for online controls

On January 30, the Russian Internet failed for several hours. More specifically, websites using the .RU Top Level Domain stopped loading for Internet users both in Russia and abroad. The incident affected online giants like the search engine Yandex, the social network Vkontakte, and the e-commerce platform Ozon, as well as the websites of several major banks and online marketplaces. Russia’s Digital Development Ministry later confirmed the suspicions of specialists, announcing that the entire .RU domain temporarily lost its DNSSEC (Domain Name System Security Extensions), meaning that the digital signatures used to ensure normal web browsing suddenly broke. Meduza explains how this likely happened, where the RuNet is headed, and why the chaos of Russia’s Internet repressions after invading Ukraine has given way to a more coherent online isolation plan.

Russia’s DNSSEC does a BRB, leaving millions to wonder WTF just happened

DNSSEC outages are typically the result of either hacker attacks or domain-zone administrator errors. In Russia’s case, observers have also speculated that Tuesday’s problems could be related to experiments by the authorities to test the operability of the Russian Internet in isolation. Emerging information indicates that a technical error was the root cause, and an investigation is underway.

In a statement on January 31, the Coordination Center for TLD .RU/.РФ (the nonprofit organization that manages the domain’s registry operations and DNS infrastructure) said the problem was flawed software used to create the domain’s encryption keys. “Like any other technological solution, DNSSEC requires improvement over time to correct detected operational errors,” the Coordination Center explained. At the same time, the group emphasized that its DNSSEC technically functioned as intended (insofar as domain-name resolution requests were blocked when DNS servers couldn’t confirm the authenticity of responses due to software flaws).

In other words, the digital signatures didn’t match, which triggered a shutdown in accordance with the system’s design.

Tuesday’s DNSSEC barely affected users of Russia’s National Domain Name System, a domestic infrastructure legislated into existence in late 2019 that duplicates the current domain-name scheme responsible for routing Russian Internet traffic. The newer system’s premise is that it would maintain the Russian Internet’s normal functioning even if its root zones located abroad were disconnected for whatever reason. In such an emergency, federal regulators have the authority to force Russia’s Internet service providers to route traffic to the national DNS. 

At the same time, this infrastructure makes it possible for the Russian authorities themselves to instigate the isolation of the Internet’s Russian segment, which researchers at the Net Freedoms Project believe is happening now. State officials have made no secret of this possibility. From the start, lawmakers like Senator Andrey Klishas have described Russia’s national DNS as a companion to other DNS servers that isn’t limited to emergencies. The authorities’ interest in driving more traffic to the national DNS is clear: All requests to the national DNS go through an agency managed by Roskomnadzor, Russia’s federal censor, which expands the state’s capacity to monitor Internet browsing data and control the flow of information.

How many roads must the RuNet walk down?

Whatever the reason for the RuNet’s January 30 disruption, Russian Internet users have reported other outages in recent weeks. First, the messaging services Telegram and WhatsApp stopped working in the country’s Far East. Then, LTE mobile Internet began failing in and around St. Petersburg, Pskov, and Novgorod. 

Last year, in early July, Russia briefly shut down the country’s global Internet access as part of a practice run mandated by “digital sovereignty” legislation adopted in 2019. These exercises are supposed to be annual, and the 2023 run would have been unremarkable if the Russian authorities hadn’t skipped it altogether in 2022, during the first year of the full-scale invasion of Ukraine. 

In August 2023, Alexander Amzin wrote in Meduza’s Signal newsletter that the war in Ukraine accelerated Russia’s Internet repressions so much that it made the authorities’ actions aimless and chaotic. Almost two years later, however, Moscow’s options have narrowed to a single question: Will the Russian Internet secede from the World Wide Web?

Of course, Amzin acknowledges that “cyberbalkanization” has already splintered the Internet into several large, autonomously regulated fragments. He cites comments from technology and media analyst Ben Thompson about competition between four major Internet models: the U.S. laissez-faire system, the Chinese model built on control over information, Europe’s “rule by regulation” model, and India’s openness to foreign digital goods but adherence to protectionism “when it comes to the physical layer of tech.” Amzin adds to this list the isolated Internet model that is found in Iran and North Korea and the hybrid model built in Turkey, where the local Internet still relies on popular foreign services, but the state exerts economic pressure on these companies when they facilitate politically destabilizing free expression.

Since the West imposed sanctions after Russia annexed Crimea, the Kremlin has ruled out any development of the RuNet that would make it compatible with either the U.S. or European systems (though Moscow did spend several years mimicking certain European standards to guard personal data from Silicon Valley). More recently, Russia has been borrowing from fellow authoritarian states as officials explore Internet models built on China’s import substitution, Turkey’s “coercive measures,” and a completely isolated “Cheburnet” (more about this term below).

Pointing to giants like Yandex and Vkontakte, Amzin argues that Russia has the technological means to create a completely import-substituted Internet, but he notes that Russia as a national market isn’t profitable enough to foreign companies that Moscow can dictate terms to the outside world. Amzin says Turkey’s use of fines to compel foreign companies’ political compliance would be “perfect” for Russia (particularly because it shifts the conversation from democratic values to commercial interests) were it not for the invasion of Ukraine, which has demoted economic rationale in the Kremlin’s Internet policymaking.

As a result, Russia is left with just two options: the Chinese model and the Iranian or North Korean model.

The ‘Cheburnet’

While the word “Cheburashka” likely elicits a confused frown from most people around the world, it is a cultural product known to every soul in Russia. A fictional character in a children’s book created by Soviet writer Eduard Uspensky in the 1960s, Cheburashka later starred in a series of beloved stop-motion animated films.

In April 2014, in the aftermath of the annexation of Crimea, Federation Council member Maxim Kavdzharadze suggested that Russia should create “its own internal information system” and call it “Cheburashka,” reasoning that “nobody else has a Cheburashka.” Almost as soon as the news media reported the senator’s proposal, I.T. experts in online forums coined the phrase “Cheburnet.” Those early comments indicate that Russia’s tech community understood immediately that officials sought total control over the country’s Internet, if not its global isolation.

Kavdzharadze went on to advocate a secure satellite network meant to be Russia’s answer to what would become Starlink and OneWeb, but the idea of isolating the Russian Internet would take on a life of its own.

In 2015, the Cheburnet’s first outlines appeared in research conducted for the Internet Development Institute by a patriotically inclined tech expert named Igor Ashmanov, who argued that the RuNet’s future lies in maximum digital sovereignty (where there’s nothing to stop the Russian state from setting whatever rules it likes), import substitution, and information security. The change would require Russia to develop its own operating systems, software and mobile-application ecosystems, and — ideally — its own microchips. The state would control everything, including user identification, payment systems, social networks, and even gaming services.

Ashmanov’s drastic vision for the Russian Internet gradually became less far-fetched over the years, until February 2022, when the invasion of Ukraine elevated it from prescient to policy.