Afghanistan’s Internet: who has control of what?
Over the past few weeks, the Taliban have taken control of substantially the
whole of Afghanistan, with just
controlled by the US Military and the
Yet the situation with Afghanistan’s internet infrastructure is quite different
to what anyone following the mainstream media might reasonably expect, as
Afghanistan’s key internet resources – domains, IP addresses, routing and
government communications – are controlled by a diverse set of entities subject
to Western jurisdictions.
Who is in control of the
.af’s DNS is run using
not-for-profit organisation, and
registrar and registry services provider. Packet Clearing House provides
Anycast DNS services
“developing-country ccTLD registries”, and Gransy provides
10,000 domains –
.af has around 6K domains and is well within Gransy’s
criteria for a free service.
% dig +short -t ns af ns1.anycastdns.cz. ns2.anycastdns.cz. ns.anycast.nic.af. % host ns.anycast.nic.af ns.anycast.nic.af has address 188.8.131.52 ns.anycast.nic.af has IPv6 address 2001:500:14:6013:ad::1 % host ns1.anycastdns.cz ns1.anycastdns.cz has address 184.108.40.206 ns1.anycastdns.cz has IPv6 address 2a00:fea0:dead::beef % whois 220.127.116.11 NetRange: 18.104.22.168 - 22.214.171.124 CIDR: 126.96.36.199/21, 188.8.131.52/23 NetName: WOODYNET-204-61-208-0-21 inetnum: 184.108.40.206 - 220.127.116.11 OrgName: WoodyNet OrgId: WOODYN Address: 2351 Virginia St City: Berkeley StateProv: CA PostalCode: 94709-1315 % whois 18.104.22.168 netname: NEROSO descr: NEROSO Inst., s.r.o. descr: Anycast DNS project country: CZ
Examining .af’s nameservers. NEROSO and WoodyNet are aliases for Gransy and Packet Clearing House respectively.
PCH & Gransy therefore control the resolution of
.af domain names, and may
choose to honour or ignore DNS changes that the Taliban might make.
To keep the DNS operational, the Taliban is dependent on maintaining the
goodwill of PCH and Gransy, who appear to be operating an entirely pro bono DNS
service for the country.
However, during the Taliban’s previous administration Internet access was
prohibited on moral grounds. Were the Taliban to revert to this position and
.af should be emptied, it would have no need of any DNS nor
Should that situation arise, PCH and Gransy are in a position to keep the .af
domains running, unless or until the Taliban have the credentials for a
servers for the ccTLD. The Taliban could contact IANA and ask for a change of
IANA is based in Los Angeles, and requests for ccTLD redelegation must
demonstrate that the requested change “serves the local Internet community’s
Clarification (03/09/2021): since publishing this article, PCH contacted
us to us to clarify their position, and provided the following quote:
PCH provides DNS anycast service for Afghanistan, in the same way that we do
for 130 other countries. We receive DNS records from whatever name server is
deemed authoritative in the DNS root zone, and publish them globally. In the
case of .af, the name server is run by the Afghan Ministry of Communications.
That process has continued uninterrupted, and we don’t have any reason to
think that a change of control within the government will disrupt it.
since this article was published, IANA released
clarifying that the management of the
.af ccTLD “has not changed”, so the
Taliban-controlled Afghan Ministry of Communications retains control.
.af domain owners, it is advantageous to have the DNS operated from
safe locations with reliable electricity supplies. There is precedence for
ccTLDs remaining stable through prolonged instability in the corresponding
country. For instance,
throughout the Libyan revolution and the conflicts that have ensued.
It is also noteworthy that with the current DNS configuration at least two
thirds of the lookups from within Afghanistan for
.af domains are resolved
outside the geographical perimeter of the Taliban’s control. Gransy, which runs
two of the three referenced nameservers,
runs the other nameserver,
What about the Afghan IP Address Space?
Almost 2000 netblocks exist with an AF country code, of which 1,911 are in the
IPv4 address space. In total, these netblocks comprise of 327,209 IPv4 addresses
which, at current market rates, are worth around $13 million.
Perhaps the most interesting of these are the netblocks delegated to Western
military bases. At the time of writing, some of those netblocks appear to still
indicating that the Taliban has inherited, at least, some working Cisco kit.
Both netblocks are announced by Afghan ISPs. Additionally, traceroutes
strongly suggest that the netblocks are still in use in Afghanistan.
Packets from the UK are routed via Kazakhstan and Pakistan:
% traceroute 22.214.171.124 traceroute to 126.96.36.199 (188.8.131.52), 30 hops max, 60 byte packets [ ... ] 9 184.108.40.206 (220.127.116.11) 126.801 ms 126.778 ms 126.787 ms 10 * * * 11 static.khi77.pie.net.pk (18.104.22.168) 128.740 ms 127.643 ms 127.937 ms 12 * * * 13 22.214.171.124 (126.96.36.199) 155.438 ms 155.575 ms 155.574 ms [ ... ] % traceroute 188.8.131.52 traceroute to 184.108.40.206 (220.127.116.11), 30 hops max, 60 byte packets [ ... ] 8 TNSPLUS-gw.transtelecom.net (18.104.22.168) 83.986 ms 83.923 ms 83.904 ms 9 * * * 10 comp131-219.2day.kz (22.214.171.124) 104.124 ms 101.699 ms 103.120 ms 11 126.96.36.199 (188.8.131.52) 109.131 ms 108.522 ms 113.486 ms [ ... ]
Plausibly, the US Military might adopt a scorched earth policy by logging back
in and encrypting everything they can, or follow the CIA’s lead in destroying
their former Afghan HQ through
Who is reading the Afghan Government’s electronic mail?
At least 34 Afghan government departments use web mail hosted in the US and
Germany by companies such as Google, Microsoft and Hostinger. For
moe.gov.af (the Afghan Ministry of Finance) and seventeen other
departments have MX records pointing to Gmail, while
webmail service for the Administrative Office of the President, is a VPS at
Through their influence over these companies, Western governments would be able
to read the majority of the Afghan government’s mail.
Where are Afghanistan’s web sites hosted?
found 8,031 websites hosted in Afghanistan, and 23,205 sites within
.af country-code top-level domain (ccTLD). More than two-thirds
of the latter are hosted in the US, and over 2,000 are hosted in Germany. Less
than ten percent of
.af sites are hosted in Afghanistan.
Nearly 1,000 of the
.af sites are Afghan Government websites under the
.gov.af second-level domain – such as
Less than half of these are hosted in Afghanistan, with the rest being hosted
in the US, Germany, Singapore, France, Canada, UK, Netherlands, Ireland and
What about telecommunications and internet routing?
Afghanistan is landlocked and
or multinational satellite companies for internet connectivity. Internet and
electricity infrastructure has been damaged by explosions
before they achieved control.
The best connected Afghan autonomous system (AS) is
consumers and businesses. Afghan Wireless has a presence in multiple
international internet exchanges and peers with nearly 200 other networks from
many different countries, including the US, the UK, Germany, China, Russia, and
Pakistan. It was founded in 2002 as a joint venture between Telephone Systems
International Inc. and Afghanistan’s Ministry of Communications and Information
Technology. Telephone Systems International Inc. is a US-based company with
headquarters in Florida, and Ehsan Bayat, the founder and chairman of Afghan
Wireless, is an Afghan-American dual citizen.
Generally, the Afghan Internet infrastructure seems quite analogous to the
Afghan financial infrastructure
on one occasion, officials at the Afghan central bank had to explain to a group
of Talibs that the country’s $9bn in foreign reserves was unavailable because it
is held with the Federal Reserve Bank in New York and had been frozen by the US
government. Similarly, key aspects of the Afghan Internet are outside of the
Taliban’s direct control and may change through cooperation and negotiation or
adapt to route around them.