Blocking specific sites within certain countries.

• Previous message (by thread): Blocking specific sites within certain countries.
• Next message (by thread): compuserve proxy ips
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> This all strikes me as incorrect. The function of the domain name system is
> primarily to translate an IP number into a domain name, vice versa. If a
> user wishes to browse to <http://64.236.16.20>  he/she will arrive also at
> <www.cnn.com>. 

Remember some servers won't work with IP address, typically if
they host multiple sites on one IP address.

A topical example might be;

http://www.ehj-navarre.org/

versus

http://206.168.174.6/

Where users recursive DNS servers are allocated by the ISP's
DHCP service this stops the uninitiated, but is trivial for
those who know how to work around it.

The technical issues are probably well understood by most of
NANOG's readership, the issue is 'is it sufficient to satisfy
the courts'. My guess is yes, but it is one for the ISPs legal
advisers.

In most cases I think ISPs would be well advised to oppose being
made into censors of the Internet, as it is a model that doesn't
scale well. Aside from moral, political and technical
objections, it is bad business being the unpaid guardians of
everyone elses morality.

The key technical objection is of course it undermines the DNS
stability, there is no way apriori to establish if a domain
contains DNS servers for other domains. Although where it is
just one IP address, you could check for a DNS server at the
time of censor, but even that could change. Reminds me of the
paper on complexity we had posted a few days back, small changes
to the universal DNS view usually have a small impact, but
sometimes the impact may be amplified.

• Previous message (by thread): Blocking specific sites within certain countries.
• Next message (by thread): compuserve proxy ips
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]