Blocking specific sites within certain countries.
Patrick W. Gilmore
patrick at ianai.net
Thu Nov 14 22:28:29 UTC 2002
-- On Thursday, November 14, 2002 8:52 PM +0100
-- hostmaster <hostmaster at nso.org> supposedly wrote:
> This all strikes me as incorrect. The function of the domain name system
> is primarily to translate an IP number into a domain name, vice versa. If
> a user wishes to browse to <http://64.236.16.20> he/she will arrive also
> at <www.cnn.com>. The domain name is propagated and subsequently
> refreshed throughout the World. A browser request and reply may take each
> time hundreds of different routes through the Internet from end-to-end.
> If Spain would want to deploy blocking of the domain CNN.com (or in fact
> any other domain) it would have to factually block individual IP's at the
> telco 'in and out of Spain routes' to accomplish that. This, by the way
> is currently e.g. done in the Peoples Republic of China, be it not really
> successful :) It is also so easy to set up secondary dns's anywhere else
> on the globe with a ptr to some other IP no., that a dns block sec would
> never be a successful action. Blocking a /24 in Spain may be effective,
> but if the Spanish site would be hosted elsewhere, or would have a mirror
> hosted elsewhere, the elsewhere legislation would be the regulations the
> telco's are confronted with, and looking at.
Suppose they just make it a law that each ISP has to block "domain.com" in
their caching name servers?
Sure, the user could telnet somewhere and find the IP address themselves,
but it would stop 99.99% of the lusers out there.
--
TTFN,
patrick
More information about the NANOG
mailing list