Blocking specific sites within certain countries.

• Previous message (by thread): Blocking specific sites within certain countries.
• Next message (by thread): Blocking specific sites within certain countries.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This all strikes me as incorrect. The function of the domain name system is 
primarily to translate an IP number into a domain name, vice versa. If a 
user wishes to browse to <http://64.236.16.20>  he/she will arrive also at 
<www.cnn.com>. The domain name is propagated and subsequently refreshed 
throughout the World. A browser request and reply may take each time 
hundreds of different routes through the Internet from end-to-end. If Spain 
would want to deploy blocking of the domain CNN.com (or in fact any other 
domain) it would have to factually block individual IP's at the telco 'in 
and out of Spain routes' to accomplish that.  This, by the way is currently 
e.g. done in the Peoples Republic of China, be it not really successful 
:)  It is also so easy to set up secondary dns's anywhere else on the globe 
with a ptr to some other IP no., that a dns block sec would never be a 
successful action. Blocking a /24 in Spain may be effective, but if the 
Spanish site would be hosted elsewhere, or would have a mirror hosted 
elsewhere, the elsewhere legislation would be the regulations the telco's 
are confronted with, and looking at.

Ola !

Bert Fortrie


At 12:27 PM 11/14/2002, you wrote:

>-- On Thursday, November 14, 2002 12:11 PM -0500
>-- Jim Deleskie <jdeleski at rci.rogers.com> supposedly wrote:
>
>>Its my understanding that since Akamai is based on DNS resolves if you
>>where to use the method of blocking it within the DNS system it would
>>make no difference. Although I'm no Akamai expert.
>
>The issue is really not Akamai or Digital Island or any other service 
>someone might buy.  The end user is completely unaware of the machinations 
>behind the scene, they are just going to type "www.terrorist.com" into 
>their browser.
>
>If "terroris.com" is a Bad Domain and ISPs refuse to resolve anything in 
>that domain, then nothing else can happen.  The first step is the end 
>user's machine going to the ISP's name server asking for the IP address of 
>"www.terrorist.com".  It does not matter if that hostname is CNAME'd to 
>another company / host / whatever, the resolution will stop immediately 
>and the user will be unable to see the web page.
>
>Or they can just use a publicly available web proxy, in which case it will 
>not matter if the domain is Akamaized or not. =)
>
>>-Jim
>
>--
>TTFN,
>patrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20021114/bb0d2f1f/attachment.html>

• Previous message (by thread): Blocking specific sites within certain countries.
• Next message (by thread): Blocking specific sites within certain countries.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]