Internet Fences, is IIS "ProvincialNET" a bug or feature?
By bnitz on Jul 19, 2007
"Before I built a wall I'd ask to know
What I was walling in or walling out,
And to whom I was like to give offence.
Something there is that doesn't love a wall,
That wants it down.' I could say 'Elves' to him,
But it's not elves exactly..."
From "Mending Wall" by Robert Frost.
In applying for my residency permit and dealing with other Irish government issues, I've noticed that some important Irish citizen and resident information websites are unavailable. Browsing to most government websites results in connection timeouts and other failures which indicate either overuse, undersizing or configuration issues with the servers. I've since found that the problem appears to be that the websites are unavailable outside of a few local ".ie" domains. Here are some examples:
- The Garda National Immigration Bureau (GNIB) Netcraft indicates that this (18.104.22.168) is running Microsoft-IIS/5.0 on Windows 2000
- The Department of Justice, Equality and Law Reform Netcraft indicates that this (22.214.171.124) is running a mixture of Lotus Domino/5.06-5.09 on Windows NT4/Windows 98, Windows 2000 and Windows Server 2003.
- The Transport ministry Netcraft indicates that this (126.96.36.199) is running Microsoft-IIS/5.0 on Windows 2000
- The Department of Foreign Affairs Netcraft indicates that this (193.178.x.x) is running Microsoft-IIS/5.0 on Windows 2000 and Microsoft-IIS/6.0 on Windows Server 2003
- An Taoiseach is running Microsoft-IIS/5.0 on Windows 2000
It may be no coincidence that as of today, the only Irish government offices which are easily accessible across the Internet are running open source software:
- The Department of Health and Children Netcraft indicates that this (188.8.131.52) is running Apache 2.0.52-2.0.54 on FreeBSD and Debian Linux.
- The Department of Agriculture Which is running Oracle Application Server Containers for J2EE 10g 10.1.2.0.2 on Linux.
My first thought was that perhaps some of these government department webmasters didn't want their webservers to be overwhelmed with requests from outside Ireland. However, Ireland is full of corporations whose home office and proxy servers are in the U.S., U.K., Germany or elsewhere. High property prices and resulting sprawl are forcing people to commute from Northern Ireland where the toplevel domain may be ".co.uk." Also, some organizations within Ireland chose ".eu.org", or ".com" because ".ie" is relatively expensive and difficult to acquire. So poor access to public webservers may be a common experience for other Irish residents. Websites targetted to a given set of top level domains are certainly not unique to Ireland. During the last U.S. presidential campaign, John Kerry was running an open source webserver and George W. Bush was running a proprietary Microsoft Windows webserver. Towards the end of the campaign, George W. Bush's (IIS?) campaign webservers were configured to disallow requests from outside the U.S., thus ignoring the estimated 8 million Americans living abroad and the U.S. troops stationed in Afghanistan and Iraq. Is the fact that Windows webservers are often configured to deny requests based on top level domain a bug or a feature? If its a feature, why do similarly configured apache, cherokee and other open source webservers have no problem serving pages to the entire internet? Should the internet erect walls and enforce restrictions on viewing web pages outside of certain locales, or should the internet be the Internet? Maybe Ireland can teach us a lesson. When a garden plot is divided and subdivided and when high walls are erected between neighbors, brothers and sisters... eventually there comes a time when the shadows of these walls prevent daylight from reaching one's own garden. And this garden can no longer thrive.