Afghanistan’s Internet: who has control of what?

Bagram, formerly the site of the largest US military base in Afghanistan.
Over the past few weeks, the Taliban have taken control of substantially the
whole of Afghanistan, with just
Airport
the
controlled by the US Military and the
Afghanistan
respectively.
Yet the situation with Afghanistan’s internet infrastructure is quite different
to what anyone following the mainstream media might reasonably expect, as
Afghanistan’s key internet resources – domains, IP addresses, routing and
government communications – are controlled by a diverse set of entities subject
to Western jurisdictions.
Who is in control of the .af
domain?
Presently, .af
’s DNS is run using
services
from
not-for-profit organisation, and
registrar and registry services provider. Packet Clearing House provides
Anycast DNS services
“developing-country ccTLD registries”, and Gransy provides
services
10,000 domains – .af
has around 6K domains and is well within Gransy’s
criteria for a free service.
% dig +short -t ns af ns1.anycastdns.cz. ns2.anycastdns.cz. ns.anycast.nic.af. % host ns.anycast.nic.af ns.anycast.nic.af has address 204.61.216.13 ns.anycast.nic.af has IPv6 address 2001:500:14:6013:ad::1 % host ns1.anycastdns.cz ns1.anycastdns.cz has address 185.38.108.108 ns1.anycastdns.cz has IPv6 address 2a00:fea0:dead::beef % whois 204.61.216.13 NetRange: 204.61.208.0 - 204.61.217.255 CIDR: 204.61.208.0/21, 204.61.216.0/23 NetName: WOODYNET-204-61-208-0-21 inetnum: 185.38.108.0 - 185.38.108.255 OrgName: WoodyNet OrgId: WOODYN Address: 2351 Virginia St City: Berkeley StateProv: CA PostalCode: 94709-1315 % whois 185.38.108.108 netname: NEROSO descr: NEROSO Inst., s.r.o. descr: Anycast DNS project country: CZ
Examining .af’s nameservers. NEROSO and WoodyNet are aliases for Gransy and Packet Clearing House respectively.
PCH & Gransy therefore control the resolution of .af
domain names, and may
choose to honour or ignore DNS changes that the Taliban might make.
To keep the DNS operational, the Taliban is dependent on maintaining the
goodwill of PCH and Gransy, who appear to be operating an entirely pro bono DNS
service for the country.
However, during the Taliban’s previous administration Internet access was
prohibited on moral grounds. Were the Taliban to revert to this position and
decide that .af
should be emptied, it would have no need of any DNS nor
goodwill.
Should that situation arise, PCH and Gransy are in a position to keep the .af
domains running, unless or until the Taliban have the credentials for a
panel
servers for the ccTLD. The Taliban could contact IANA and ask for a change of
control,
changed
IANA is based in Los Angeles, and requests for ccTLD redelegation must
demonstrate that the requested change “serves the local Internet community’s
interest”.
Clarification (03/09/2021): since publishing this article, PCH contacted
us to us to clarify their position, and provided the following quote:
PCH provides DNS anycast service for Afghanistan, in the same way that we do
for 130 other countries. We receive DNS records from whatever name server is
deemed authoritative in the DNS root zone, and publish them globally. In the
case of .af, the name server is run by the Afghan Ministry of Communications.
That process has continued uninterrupted, and we don’t have any reason to
think that a change of control within the government will disrupt it.
Additionally,
since this article was published, IANA released
statement
clarifying that the management of the .af
ccTLD “has not changed”, so the
Taliban-controlled Afghan Ministry of Communications retains control.
For all .af
domain owners, it is advantageous to have the DNS operated from
safe locations with reliable electricity supplies. There is precedence for
ccTLDs remaining stable through prolonged instability in the corresponding
country. For instance,
throughout the Libyan revolution and the conflicts that have ensued.
It is also noteworthy that with the current DNS configuration at least two
thirds of the lookups from within Afghanistan for .af
domains are resolved
outside the geographical perimeter of the Taliban’s control. Gransy, which runs
two of the three referenced nameservers,
Afghanistan
runs the other nameserver,
What about the Afghan IP Address Space?
Almost 2000 netblocks exist with an AF country code, of which 1,911 are in the
IPv4 address space. In total, these netblocks comprise of 327,209 IPv4 addresses
which, at current market rates, are worth around $13 million.
Perhaps the most interesting of these are the netblocks delegated to Western
military bases. At the time of writing, some of those netblocks appear to still
have
indicating that the Taliban has inherited, at least, some working Cisco kit.

A Cyberoam web interface found on a netblock with description ‘US Armed Forces Afghanistan’.
Both netblocks are announced by Afghan ISPs. Additionally, traceroutes
strongly suggest that the netblocks are still in use in Afghanistan.
Packets from the UK are routed via Kazakhstan and Pakistan:
% traceroute 117.55.204.100 traceroute to 117.55.204.100 (117.55.204.100), 30 hops max, 60 byte packets [ ... ] 9 149.14.126.178 (149.14.126.178) 126.801 ms 126.778 ms 126.787 ms 10 * * * 11 static.khi77.pie.net.pk (221.120.192.173) 128.740 ms 127.643 ms 127.937 ms 12 * * * 13 152.36.193.69 (152.36.193.69) 155.438 ms 155.575 ms 155.574 ms [ ... ] % traceroute 125.213.195.104 traceroute to 125.213.195.104 (125.213.195.104), 30 hops max, 60 byte packets [ ... ] 8 TNSPLUS-gw.transtelecom.net (188.43.12.249) 83.986 ms 83.923 ms 83.904 ms 9 * * * 10 comp131-219.2day.kz (85.29.131.219) 104.124 ms 101.699 ms 103.120 ms 11 195.69.189.48 (195.69.189.48) 109.131 ms 108.522 ms 113.486 ms [ ... ]
Plausibly, the US Military might adopt a scorched earth policy by logging back
in and encrypting everything they can, or follow the CIA’s lead in destroying
their former Afghan HQ through
explosion
Who is reading the Afghan Government’s electronic mail?
At least 34 Afghan government departments use web mail hosted in the US and
Germany by companies such as Google, Microsoft and Hostinger. For
example, moe.gov.af
(the Afghan Ministry of Finance) and seventeen other
departments have MX records pointing to Gmail, while webmail.aop.gov.af
, the
webmail service for the Administrative Office of the President, is a VPS at
Linode.

.gov.af
mail servers by country (calculated by counting MX records)
Through their influence over these companies, Western governments would be able
to read the majority of the Afghan government’s mail.
Where are Afghanistan’s web sites hosted?
This month’s
Survey
found 8,031 websites hosted in Afghanistan, and 23,205 sites within
Afghanistan’s .af
country-code top-level domain (ccTLD). More than two-thirds
of the latter are hosted in the US, and over 2,000 are hosted in Germany. Less
than ten percent of .af
sites are hosted in Afghanistan.
Nearly 1,000 of the .af
sites are Afghan Government websites under the
.gov.af
second-level domain – such as
and
Less than half of these are hosted in Afghanistan, with the rest being hosted
in the US, Germany, Singapore, France, Canada, UK, Netherlands, Ireland and
India.
What about telecommunications and internet routing?
Afghanistan is landlocked and
neighbours
or multinational satellite companies for internet connectivity. Internet and
electricity infrastructure has been damaged by explosions
Taliban
before they achieved control.
The best connected Afghan autonomous system (AS) is
Wireless
to over
million
consumers and businesses. Afghan Wireless has a presence in multiple
international internet exchanges and peers with nearly 200 other networks from
many different countries, including the US, the UK, Germany, China, Russia, and
Pakistan. It was founded in 2002 as a joint venture between Telephone Systems
International Inc. and Afghanistan’s Ministry of Communications and Information
Technology. Telephone Systems International Inc. is a US-based company with
headquarters in Florida, and Ehsan Bayat, the founder and chairman of Afghan
Wireless, is an Afghan-American dual citizen.
Generally, the Afghan Internet infrastructure seems quite analogous to the
Afghan financial infrastructure
Times
on one occasion, officials at the Afghan central bank had to explain to a group
of Talibs that the country’s $9bn in foreign reserves was unavailable because it
is held with the Federal Reserve Bank in New York and had been frozen by the US
government. Similarly, key aspects of the Afghan Internet are outside of the
Taliban’s direct control and may change through cooperation and negotiation or
adapt to route around them.