The Boston Globe reports that North Korea is entirely offline.
Two quotes struck me. The first:
The country officially has 1,024 Internet protocol addresses, although the actual number may be somewhat higher. By comparison, the United States has billions of addresses.
That’s… Quite few. A lot of tiny hosting companies have more substantial netblocks.
CloudFlare, an Internet company based in San Francisco, confirmed Monday that North Korea’s Internet access was “toast.” A large number of connections had been withdrawn, “showing that the North Korean network has gone away,” Matthew Prince, CloudFlare’s founder, wrote in an email.
“Withdrawn” was interesting terminology to me, making me think that their routers had withdrawn their routes from the Internet / stopped advertising them. That could be caused by an attack, but the prefixes disappearing from the global routing table is slightly more extreme than their routers simply failing to pass traffic. So I wondered: what network(s) does North Korea have, and what happened to them? Let’s find out!
North Korea’s Address Space
This is a great page, listing the known networks assigned to North Korea. (It also contains an interesting scan of their IP space, albeit from a while ago.) According to that site, there are three netblocks:
- 18.104.22.168/22 (the block of 1024 IPs the article mentions), owned by North Korea
- 22.214.171.124/24 from China Unicom (not China Unicorn as my eyes read every time)
- 126.96.36.199/24 from a satellite provider
The first is the official one that they control, and the other two are delegated from other carriers’ IP space.
188.8.131.52/22 is “toast”
To borrow the term from the CloudFlare quote, their main netblock is “toast.” Taking a look at various looking glasses, the network doesn’t exist in the global routing table:
- Cogent’s looking glass: “% Network not in table”
- HE: “None of the BGP4 routes match the display condition”
nLayerGTT “No route found.”
The other two networks are still in the routing table, but that’s unsurprising since they’re managed by other ISPs. North Korea’s main netblock has disappeared from the Internet routing tables entirely.
.kp is offline
The .kp TLD has two nameservers, and they’re both in the vanished 184.108.40.206/22 block:
;; QUESTION SECTION: ;kp. IN NS ;; AUTHORITY SECTION: kp. 172800 IN NS ns2.kptc.kp. kp. 172800 IN NS ns1.kptc.kp. ;; ADDITIONAL SECTION: ns1.kptc.kp. 172800 IN A 220.127.116.11 ns2.kptc.kp. 172800 IN A 18.104.22.168
(As an aside, I had a hard time hosting my own DNS for a .com domain because I was supposed to have two nameservers on separate /24s. Here is a TLD that doesn’t meet that requirement.)
So, other than anything already cached, nothing in .kp can possibly resolve right now.
North Korean websites
As an aside, here is a list of every .kp domain I can find in existence:
- airkoryo.com.kp (The website of state airline, Air Koryo)
- friend.com.kp (The website of the Committee for Cultural Relations with Foreign Countries)
- kcna.kp (The website of the Korean Central News Agency)
- korfilm.com.kp (The website of the Pyongyang Film Festival)
- naenara.com.kp (The official North Korean governmental portal, Naenara)
- rodong.rep.kp (The website of the Rodong Sinmun newspaper)
- vok.rep.kp (The website of shortwave station Voice of Korea)
Descriptions, where present, come from the .kp Wikipedia page. My list comes from Wikipedia and a private crawler. (They’re not linked because none of them could resolve right now.)
This site has another list.