We (via the ICANN, see below) actually have the power to do that. The .af TLD only works because the root DNS servers delegate the .af TLD to the Afghan nameservers. As soon as we stop doing that, they are powerless.
And as a bonus, the ICANN could set the nameservers to OpenNIC's, setting a precedent for a more public ownership of the Internet. But somehow I highly doubt they would ever do that...
Edit: I did what I documented here to do, and here is the (automated) answer from the ICANN:
Dear [name],
Thank you for contacting ICANN Contractual Compliance.
Your complaint involved a domain name registered under a country code top-level domain.
Please note that ICANN has no contractual authority to address complaints involving country code top-level domains (ccTLDs), such as .us, .eu, .ac, or domain names registered under a ccTLD (e.g. example.us, example.eu, example.ac). ICANN does not accredit registrars or set policy for ccTLDs and has no contractual authority to take compliance action against ccTLD operators. For inquiries and issues involving ccTLDs, you may wish to contact the relevant ccTLD manager using the contact details at https://www.iana.org/domains/root/db. This page will also help you determine which top-level domains (TLDs) are country codes (outside of ICANNs scope) and which ones are generic (within ICANNs scope).
Please note that responses to closed cases are not monitored. Therefore, if you require future assistance or have any questions regarding this case that is being closed, please email compliance@icann.org. if you have a new complaint, please submit it at http://www.icann.org/resources/compliance/complaints.
ICANN is requesting your feedback on this closed complaint. Please complete this optional survey here.
ICANN is going to become a UN agency before they kick out states as stakeholders. Their status, though, is not derived from that but by silent agreement from the ISPs handing out servers following ICANN's root servers as default, they'd have to fuck up quite badly for that institutional inertia to change, and any replacement on that level is absolutely bound to respect ccTLDs as control over their own ccTLD is a national security issue for all states, and push come to shove they'd legislate that domestic ISPs have to hand out servers that respect at least their own ccTLD.
And there's nothing wrong with that. Plenty of letter combinations to choose from especially now that there's vanity domains. If this was the early 2000s e.g. lemmy.world would simply be lemmy.net.
ICANN is going to become a UN agency before they kick out states as stakeholders.
You seem to be absolutely right. The conduct of the Afghan registry goes square against the ICANN base registry agreement, yet they won't do squat against ccTLDs, as evidenced per the email I received (see my edit).
US states don't have registrars (four cities do however) and even .us is pretty much only used for domain hacks vs. a lot of TLDs that are actually used to identify country (which I've seen a few people criticize Americans over, but while I don't think it had anything to do with privacy as much as Americans just getting used to everything being .com, I think that's ultimately a good thing.)
I don't think they could do anything about it. As far as I know, Mastodon doesn't support any kind of instance renaming, so the hostname is one thing you cannot change. You can only spin up a completely new instance.
I thought they'd already shut down. Renaming isn't an option, but you can at least direct your users to the new instance.
I figured they would have almost instantly gone read only and prepared the self destruction. But I guess they just closed off registration and set the self destruct pretty far out.
Who's bright idea was it to integrate the domain name itself directly into the software such that changing the domain name totally fucks up the whole thing? Is there actually a good reason for this to not work like any other website where the domain name is just an address and changing it doesn't actually have any effect other than requiring users to type in or bookmark a different URL?
Federation combined with keeping the historical federated data consistent is certainly a bitch. We can't have it all. It could be like email that only handles delivery at any point in time and history is purely local, but Mastodon specifically keeps the federated data public. Propagating the change on the historical data to the federated instances would be nearly impossible. I don't see how it could have been done better without sacrificing something else.
I'm surprised they even attempted to use that domain. The instance still exists and will need to be routed through a new domain. Which, again sucks, because any reference links will be broken now... which... again... has me wondering why they even went with that domain in the first place. Albeit, it was a clever use of a top level. I wonder how many others are doing the same.
I doubt most people know that country TLDs are different from vanity TLDs. I know when I look up domains, they're usually all smooshed together and then the terms are in a giant block of ToS.
Honestly though, I don't even know what most of the generic domains are that were created. It's still deeply ingrained in me that any serious website should be using .com, .net, or .org. But... the amount of domains that were purchased just for the purpose of resale at an astronomical value has made so many of those unreachable.
There are some dot-coms that I have wanted for years which have been sitting stagnantly for more than two decades. I'd love to buy them, but there's no way I'd pay the asking price. At least generic TLDs break that stalemate for a lot of folks.
The vast majority of people likely don't know that .tv isn't a vanity or official TLD, but the Tuvalu country TLD. And its royalties make up nearly 10% of the state's budget.
Yes. Other common ones include .fm for Federated states of Micronesia, .io for British Indian Ocean Territories and .ai for Anguilla.
.be, of youtu.be, is Belgium.
Back in the days bit.ly was a quite popular link shortener (it's still a link shortener) and when shit went down in Lybia gadda.fi (or some other spelling don't remember) plopped up as a novelty shortener to protest against using just any country TLD for random internet domains. .fi should be fine, it's Finland.
Similar thing happened with an instance I was on, it couldn't be fixed and they had to start a new instance. Think the problem was federation related, you need every instance admin to change the domain manually in their instance
I was afraid of that. If this is common enough, i think it's something the devs can introduce a feature for which would propagate such a change. Doubt it's high on the totem of things to do, though.
To the people who are like “What did you expect to happen when you picked a .af domain, are you idiots?”
Yes, we were aware of the possibility of suspension from the start
Yes, we were aware that political circumstances could change
But thumbing your nose at conservative autocrats as an even minor form of protest is fun
In the end pretty much everyone has migrated out successfully (and I’ll continue to help anyone who remains)
We’ve all gotten a fun story out of this
I’ve been signalling the probable demise of queer.af to my followers for the past year. We knew the end was coming; we just anticipated it to take a little longer
OP, this title is stupidly misleading and incorrect, you should change it immediately.
The Taliban seized the DOMAIN, aka the ownership of the queer.af name that people could type into their browsers, and their system would resolve into an IP address.
As the Taliban control Afghanistan, (see where the domain comes from), this was inevitable and the instance owners were already planning to retire the instance as they didn't want to give money to the Taliban to keep it up.
The INSTANCE, aka the physical server, was not in Afghanistan, and still has its IP address(es), and so has had absolutely nothing happen to it.
Unfortunately, I think due to the way ActivityPub works, the domain name is inexorably tied to the instance. Trying to migrate to a new domain name would break a lot of federation to my understanding.
Yep, the other workaround that's elsewhere in this thread is to set up an entry with a different authoritative DNS in the hosts file, allowing a single machine to resolve the old domain manually.
This could be part of a greater effort, basically asking other instances to help the users evacuate the instance and transfer their accounts, before running tootctl self-destruct
Does federation involve some sort of key exchange? If not, would that mean that if one loses control of a domain somebody could spin up a new Lemmy instance to spoof the old one and potentially harvest data?
The main privacy/security issue is mostly mitigated by the fact that there's a sync behavior for accounts and follows and distribution of content where the host can push revocation messages, triggering other servers to delete follows and wipe cached account data originating from that hosting server, which means that somebody who takes over a domain after a wipe can't imitate the exact same accounts. But old links can still be redirected because there's no way to verify what they were supposed to point to, so some degree of impersonation remains possible unless other servers agree to preemptively defederate...
I mentioned on Mastodon the domain name "queersare.us" (parody of Toys R Us I guess) which actually makes use of the United States' ccTLD that barely gets used. Someone pointed out to me exactly why that's the case and it has something to do with scammers.
Ultimately each country makes the rules for domains under its top level, for those that are named for the country, like .af for Afghanistan. Everything about the instance is intact and can be moved to a different domain.
@GossiTheDog Since the authoritative name servers still reply; you can also ask the #DNS resolver administrator to forward requests for queer.af to kiki.bunny.net and coco.bunny.net.
did not know they can control domain names,
is it possible to deny them that request? why did maston comply with them?
@i_have_no_enemies@zoostation Maston? You mean Mastodon? The software did not "comply", it just issues regular DNS requets and the domain name servers for .af now reply NXDOMAIN (No Such Domain) for queer.af.
See https://catnip.article19.org/ (or @b0rk zines).
That's not how it works... the .af domain is reserved for use by Afganistan by ICANN and the government of Afganistan is the Taliban. Same with the commies on .ml which is reserved for Malaysia.
Dammit. The whole thing is basically absurd though because these letters mean fuckall in Afghanistan, Mali, and Malaysia and I think URLs can even have unicode now, though idk about tlds
@zoostation@i_have_no_enemies Indeed, choosing .af was a bad idea for a LGBT service. But there are other bad choices (people registering names under .social without reading the fine print, which says, among other things, that some lobbies can easily take down domain names) https://www.eff.org/fr/node/96673
@i_have_no_enemies Almost every Internet activity start with a #DNS request. So, DNS is often (ab)used for political goals.
Also, domain names are organized in a tree so if you control a domain (in that case .af), you also control all names underneath.
There are social networks that don't rely on the DNS but they have other issues. In the mean time, take DNS seriously and choose your domain name with care.
