Blocking specific sites within certain countries.

hostmaster hostmaster at nso.org
Thu Nov 14 23:45:45 UTC 2002


At 05:28 PM 11/14/2002, Patrick W. Gilmore most definitely admitted:
>-- On Thursday, November 14, 2002 8:52 PM +0100
>-- hostmaster <hostmaster at nso.org> supposedly wrote:
>>This all strikes me as incorrect. The function of the domain name system
>>is primarily to translate an IP number into a domain name, vice versa. If
>>a user wishes to browse to <http://64.236.16.20>  he/she will arrive also
>>at <www.cnn.com>. The domain name is propagated and subsequently
>>refreshed throughout the World. A browser request and reply may take each
>>time hundreds of different routes through the Internet from end-to-end.
>>If Spain would want to deploy blocking of the domain CNN.com (or in fact
>>any other domain) it would have to factually block individual IP's at the
>>telco 'in and out of Spain routes' to accomplish that.  This, by the way
>>is currently e.g. done in the Peoples Republic of China, be it not really
>>successful :)  It is also so easy to set up secondary dns's anywhere else
>>on the globe with a ptr to some other IP no., that a dns block sec would
>>never be a successful action. Blocking a /24 in Spain may be effective,
>>but if the Spanish site would be hosted elsewhere, or would have a mirror
>>hosted elsewhere, the elsewhere legislation would be the regulations the
>>telco's are confronted with, and looking at.
>
>Suppose they just make it a law that each ISP has to block "domain.com" in 
>their caching name servers?
Who is 'they', Patrick ? Suppose Spain introduces that law. Fine, but that 
doesn't mean that other countries have to (or will ever) abide by that. 
Certainly in the U.S. you won't find that many who would support even the idea.
>Sure, the user could telnet somewhere and find the IP address themselves, 
>but it would stop 99.99% of the lusers out there.
Thousands of non-Spanish dns servers (not under the Spanish restriction) 
would have cached the propagated terror.com url from Akamai. Any Spanish 
user really wanting to see terror.com will get it.  To make it a more 
permanent experience the Spanish conquistador should install his own winooz 
95 dns service (I believe it's free), and peg it to a secondary dns outside 
his beautiful country.

Bert Fortrie








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20021115/89a78d25/attachment.html>


More information about the NANOG mailing list