Blocking certain terrorism/porn sites and DNS

Florian Weimer fw at deneb.enyo.de
Thu Aug 18 15:24:00 UTC 2005


* Abhishek Verma:

> There was news that terror groups like Al Qaida, etc. are using
> internet to promote their terror links and these web sites provide
> online training on how one could assemble bombs, etc.

If I were interested in instructions for assembling bombs, I'd look
for U.S. militia sites, which happen to be protected by the First
Amendment.

> The community as a whole wants to close all such web sites.  I dont
> think there is any ambiguity there.

Some U.S. Americans value their free speech rights, so the agreement
is certainly not universal.

If I'm not mistaken, the U.S. are quite lenient on their own lunatic
fringe, especially if they wave the proper flags.

> As far as i understand if there is a website with the name of
> www.abc.com then it needs to register itself with the whois database
> (from network solutions) 

The central WHOIS database for .COM and .NET is NOT run by Network
Solutions.  Verisign (or the U.S. government) can only exercise
control over most ccTLDs in a very disruptive way, which is unlikely
to have a long-lasting effect if the ccTLD in question has any
commercial value (unlike .iq, for example).

> so that all the queries to this website can be forwarded to the
> corresponding nameserver.

I think you are interested in DNS, not WHOIS.  WHOIS is mostly
irrelevant in this discussion (except if you want to shut down sites
quickly, see the recent thread on this list).

> Now, if we want to block abc.com permanently then cant we simply
> remove this URL entry from the whois database?

The WHOIS database does not store URLs in the way you think it does.

The U.S. administration cannot police the entire DNS name space.  For
example, I can add new domain names under enyo.de, and no one will
know or can do anything about it (except maybe my brother and some
people who have access to a special WHOIS server).

Another example: There are many alleged child porn sites with host
names ending in .ru.  The U.S. government could ask IANA/Verisign to
remove the delegation of .ru from the root name servers, but it's
likely that those who have must access Russian sites (or whose
customers request it) simply resurrect the delegation locally, or use
some altenative set of DNS root servers.  (Direct action against .RU
sites is often infeasible, I'm told.)



More information about the NANOG mailing list