Over the past few weeks, the Taliban have taken control of substantially the whole of Afghanistan, with just Kabul Airport and the Panjshir Valley presently controlled by the US Military and the National Resistance Front of Afghanistan respectively.

Yet the situation with Afghanistan’s internet infrastructure is quite different to what anyone following the mainstream media might reasonably expect, as Afghanistan’s key internet resources – domains, IP addresses, routing and government communications – are controlled by a diverse set of entities subject to Western jurisdictions.

Who is in control of the .af domain?

Presently, .af’s DNS is run using Anycast DNS services from Packet Clearing House, a San Francisco based not-for-profit organisation, and Gransy, a Czech registrar and registry services provider. Packet Clearing House provides free Anycast DNS services to “developing-country ccTLD registries”, and Gransy provides free Anycast DNS services to ccTLDs with fewer than 10,000 domains – .af has around 6K domains and is well within Gransy’s criteria for a free service.

% dig +short -t ns af
ns1.anycastdns.cz.
ns2.anycastdns.cz.
ns.anycast.nic.af.

% host ns.anycast.nic.af
ns.anycast.nic.af has address 204.61.216.13
ns.anycast.nic.af has IPv6 address 2001:500:14:6013:ad::1

% host ns1.anycastdns.cz
ns1.anycastdns.cz has address 185.38.108.108
ns1.anycastdns.cz has IPv6 address 2a00:fea0:dead::beef

% whois 204.61.216.13
NetRange:       204.61.208.0 - 204.61.217.255
CIDR:           204.61.208.0/21, 204.61.216.0/23
NetName:        WOODYNET-204-61-208-0-21
inetnum:        185.38.108.0 - 185.38.108.255
OrgName:        WoodyNet
OrgId:          WOODYN
Address:        2351 Virginia St
City:           Berkeley
StateProv:      CA
PostalCode:     94709-1315

% whois 185.38.108.108
netname:        NEROSO
descr:          NEROSO Inst., s.r.o.
descr:          Anycast DNS project
country:        CZ

Examining .af's nameservers. NEROSO and WoodyNet are aliases for Gransy and Packet Clearing House respectively.

PCH & Gransy therefore control the resolution of .af domain names, and may choose to honour or ignore DNS changes that the Taliban might make. To keep the DNS operational, the Taliban is dependent on maintaining the goodwill of PCH and Gransy, who appear to be operating an entirely pro bono DNS service for the country.

However, during the Taliban’s previous administration Internet access was prohibited on moral grounds. Were the Taliban to revert to this position and decide that .af should be emptied, it would have no need of any DNS nor goodwill.

Should that situation arise, PCH and Gransy are in a position to keep the .af domains running, unless or until the Taliban have the credentials for a control panel at IANA, to change the name servers for the ccTLD. The Taliban could contact IANA and ask for a change of control, as happened when control of Afghanistan last changed; however IANA is based in Los Angeles, and requests for ccTLD redelegation must demonstrate that the requested change “serves the local Internet community’s interest”.

Clarification (03/09/2021): since publishing this article, PCH contacted us to us to clarify their position, and provided the following quote:

PCH provides DNS anycast service for Afghanistan, in the same way that we do for 130 other countries. We receive DNS records from whatever name server is deemed authoritative in the DNS root zone, and publish them globally. In the case of .af, the name server is run by the Afghan Ministry of Communications. That process has continued uninterrupted, and we don’t have any reason to think that a change of control within the government will disrupt it.

Additionally, since this article was published, IANA released a statement clarifying that the management of the .af ccTLD “has not changed”, so the Taliban-controlled Afghan Ministry of Communications retains control.

For all .af domain owners, it is advantageous to have the DNS operated from safe locations with reliable electricity supplies. There is precedence for ccTLDs remaining stable through prolonged instability in the corresponding country. For instance, bit.ly has been able to operate throughout the Libyan revolution and the conflicts that have ensued.

It is also noteworthy that with the current DNS configuration at least two thirds of the lookups from within Afghanistan for .af domains are resolved outside the geographical perimeter of the Taliban’s control. Gransy, which runs two of the three referenced nameservers, does not have a presence in Afghanistan; Packet Clearing House, which runs the other nameserver, does.

What about the Afghan IP Address Space?

Almost 2000 netblocks exist with an AF country code, of which 1,911 are in the IPv4 address space. In total, these netblocks comprise of 327,209 IPv4 addresses which, at current market rates, are worth around $13 million.

Perhaps the most interesting of these are the netblocks delegated to Western military bases. At the time of writing, some of those netblocks appear to still have services running, indicating that the Taliban has inherited, at least, some working Cisco kit.

Both netblocks are announced by Afghan ISPs. Additionally, traceroutes strongly suggest that the netblocks are still in use in Afghanistan. Packets from the UK are routed via Kazakhstan and Pakistan:

% traceroute 117.55.204.100
traceroute to 117.55.204.100 (117.55.204.100), 30 hops max, 60 byte packets
[ ... ]
 9  149.14.126.178 (149.14.126.178)  126.801 ms  126.778 ms  126.787 ms
10  * * *
11  static.khi77.pie.net.pk (221.120.192.173)  128.740 ms  127.643 ms  127.937 ms
12  * * *
13  152.36.193.69 (152.36.193.69)  155.438 ms  155.575 ms  155.574 ms
[ ... ]

% traceroute 125.213.195.104
traceroute to 125.213.195.104 (125.213.195.104), 30 hops max, 60 byte packets
[ ... ]
 8  TNSPLUS-gw.transtelecom.net (188.43.12.249)  83.986 ms  83.923 ms  83.904 ms
 9  * * *
10  comp131-219.2day.kz (85.29.131.219)  104.124 ms  101.699 ms  103.120 ms
11  195.69.189.48 (195.69.189.48)  109.131 ms  108.522 ms  113.486 ms
[ ... ]

Plausibly, the US Military might adopt a scorched earth policy by logging back in and encrypting everything they can, or follow the CIA’s lead in destroying their former Afghan HQ through a large explosion.

Who is reading the Afghan Government’s electronic mail?

At least 34 Afghan government departments use web mail hosted in the US and Germany by companies such as Google, Microsoft and Hostinger. For example, moe.gov.af (the Afghan Ministry of Finance) and seventeen other departments have MX records pointing to Gmail, while webmail.aop.gov.af, the webmail service for the Administrative Office of the President, is a VPS at Linode.

Through their influence over these companies, Western governments would be able to read the majority of the Afghan government’s mail.

Where are Afghanistan’s web sites hosted?

This month’s Web Server Survey found 8,031 websites hosted in Afghanistan, and 23,205 sites within Afghanistan’s .af country-code top-level domain (ccTLD). More than two-thirds of the latter are hosted in the US, and over 2,000 are hosted in Germany. Less than ten percent of .af sites are hosted in Afghanistan.

Nearly 1,000 of the .af sites are Afghan Government websites under the .gov.af second-level domain – such as president.gov.af and kabul.gov.af. Less than half of these are hosted in Afghanistan, with the rest being hosted in the US, Germany, Singapore, France, Canada, UK, Netherlands, Ireland and India.

What about telecommunications and internet routing?

Afghanistan is landlocked and reliant on its neighbours or multinational satellite companies for internet connectivity. Internet and electricity infrastructure has been damaged by explosions caused by the Taliban before they achieved control.

The best connected Afghan autonomous system (AS) is Afghan Wireless, an ISP that provides wireless internet to over five million consumers and businesses. Afghan Wireless has a presence in multiple international internet exchanges and peers with nearly 200 other networks from many different countries, including the US, the UK, Germany, China, Russia, and Pakistan. It was founded in 2002 as a joint venture between Telephone Systems International Inc. and Afghanistan’s Ministry of Communications and Information Technology. Telephone Systems International Inc. is a US-based company with headquarters in Florida, and Ehsan Bayat, the founder and chairman of Afghan Wireless, is an Afghan-American dual citizen.

Generally, the Afghan Internet infrastructure seems quite analogous to the Afghan financial infrastructure as reported by the Financial Times, where, on one occasion, officials at the Afghan central bank had to explain to a group of Talibs that the country’s $9bn in foreign reserves was unavailable because it is held with the Federal Reserve Bank in New York and had been frozen by the US government. Similarly, key aspects of the Afghan Internet are outside of the Taliban’s direct control and may change through cooperation and negotiation or adapt to route around them.