Censorship at ISP-Level / DNS-Tampering Paper

Maximillian Dornseif md at hudora.de
Wed Jun 4 16:31:55 UTC 2003

[link for this:  

Dear (swinog | siug | nanog),

I recently asked for input on using proxies and DNS for blocking Web  
After some great input from listsmembers and the work of dedicated  
reviewers I have put an preprint online: "Government mandated blocking  
of foreign Web content" can be found at  
http://md.hudora.de/publications/#blocking or directly at  
blocking.pdf It tries to give an technical overview about censorship at  
ISP level.

The relevance for network management are mainly the empirical results  
on DNS tampering which are summarized at  
http://md.hudora.de/blog/guids/53/53/5261415523775104.html . Basically  
providers using DNS to block Web content don't get it right and break  
all kinds of stuff.

Besides the technical challanges - BIND's coarse granularity allowing  
basically only manipulations at zone level - I think we face serious  
policy challenges: When once starting with DNS tampering why not use it  
for commercial purposes. E.g. redirect people trying to access your  
competitors domains to your own stuff? Possibly government mandated  
blocking manages to finish off, what the ICANN-wars where not able to  
archive: destroy DNS as an unified namespace.

Thanks again for all the input.


Max Dornseif

Maximillian Dornseif - http://md.hudora.de/
Dipl. Jur., University of Bonn, Germany - ars longa, vita brevis!

More information about the NANOG mailing list