Welcome to the on-going privatization of government services, and the plan to have all of .gov outsourced and privately hosted, and with the registration processing services having been bid out and presently hosted by Cyberdyne Systems domain registration services.
As part of this, Cyberdyne Systems will be running .gov-wide grid services in the background on the .gov hosts, so please ignore the skynetd daemon that will now be running on your servers.
But seriously, this is how outsourcing and privatization works. It's how Xe Services is an extension of the military, how Corrections Corporation of America runs private prisons, the Kelo case in Connecticut, the 1% claims settlement between BofA and Fannie Mae, and other cases of privatization.
The government does what the population and the corporations ask of it, and the private entities then provide the rest of the services on behalf of the government; it's how government itself gets outsourced.
And yes, government-outsourcing makes following the accounting and the budgets far more difficult. You just don't easily know how big a military effort might be without finding those other line items in those other budgets, for instance. Or when some private entity effectively holds the keys to some large tract of government services or security.
Update: Derek McUmber pointed out a good point that IANA actually glues the records of a.usadotgov.net in the root zone via http://www.iana.org/domains/root/tld-change-template.txt so it doesn’t look like as bad of things can happen if in fact the root-servers give out the name servers ips
So basically he just took back everything he wrote before that update.
Derek and I had a good talk on the phone and some things I brought up are that if the domain usadotgov.net does get hijacked and the person does fiddle with things it could cause some issues if you are using a non-verifying DNSSEC resolver (not only this but .net domains can’t be signed at the registry yet) but the question becomes does the resolver go to the root or the .net for the information for a.usadotgov.net and do all resolvers work the same. What he was trying to convey is that since the records are signed and the government uses verfying resolvers there should be no issues.
I also brought up the fact that a country could send back spoofed records from the root servers as has happened before. If I can spoof a.usadotgov.net and look like I’m answering from l.root-servers.net then what happens. Hopefully this will all go away as DNSSEC is more widely deployed.
Update 3
I asked Paul Vixie the question below as I didn’t want to keep going back and forth on the issue.
“I guess my question is what happens to .org is usadotgov.net is hijacked, what damage can truly be done.”
His reply:
Such a hijacker could make any .gov name say anything they wanted it to say, as long as the software looking up the bad data wasn’t dnssec-aware.
Verisign already has de facto control over huge tracts of network security by virtue of having their root certs embedded in various browsers and other PKE-related tools.
Incidentally it's a similar setup for .edu, which is run through the edu-servers.net domain (registered via dotster to a real person), which is subject to the standard TLD glue that should make changes a little harder than regular domain hijacking.
Incidentally mod.uk has a nameserver pointing to ns1.cs.ucl.ac.uk. I wonder if there are many other domains that use academic resources.
UCL's CS dept were in at the start of the internet - they used to manage the old x500 network and the .gb domain and invented a bunch of the domain management stuff.
I would probably trust them to get it right more than whatever nominet are calling themselves today
the old .ie TLD used to be run by UCD (a college here in Dublin) and indeed the ie nameservers, even now, list a variety of nameservers of 3rd parties, including Esat (a company acquired by BT) and netsource (which was acquired by Magnet in 2006) as well as a dec.com domain.
Up until about 2004, domains here in Ireland were being sold for extortionate amounts of money compared to other TLD's (100 euros a pop from the registry). There was some scandal regarding the body running the registry and the head of the body Michael Fagan was essentially forced to resign circa 2002
As part of this, Cyberdyne Systems will be running .gov-wide grid services in the background on the .gov hosts, so please ignore the skynetd daemon that will now be running on your servers.
But seriously, this is how outsourcing and privatization works. It's how Xe Services is an extension of the military, how Corrections Corporation of America runs private prisons, the Kelo case in Connecticut, the 1% claims settlement between BofA and Fannie Mae, and other cases of privatization.
The government does what the population and the corporations ask of it, and the private entities then provide the rest of the services on behalf of the government; it's how government itself gets outsourced.
And yes, government-outsourcing makes following the accounting and the budgets far more difficult. You just don't easily know how big a military effort might be without finding those other line items in those other budgets, for instance. Or when some private entity effectively holds the keys to some large tract of government services or security.