What DNS Is Not

Andrew Cox andrew at accessplus.com.au
Mon Nov 9 17:53:52 CST 2009


David Ulevitch wrote:
> On 11/9/09 6:06 PM, Alex Balashov wrote:
>
>> Anything else is COMPLETELY UNACCEPTABLE. I don't understand how or why
>> this could possibly be controversial.
>
> Because some people want the ability and choice to block DNS responses 
> they don't like; just as they have the ability and choice to reject 
> email they don't want to accept.
>
> When the conficker worms phones home to one of the 50,000 potential 
> domains names it computes each day, there are a lot of IT folks out 
> there that wish their local resolver would simply reject those DNS 
> requests so that infected machines in their network fail to phone home.
Dealing with 10k~ uni students who like to spread new viruses faster 
than STD's I often make light of the fact that we can use OpenDNS to a) 
keep tabs on who's infected at what sites and b) prevent them from 
possibly doing more damage by phoning home with info or to collect 
instructions.
>
> To use your language, I don't understand how or why this could 
> possibly be controversial.  --  Apparently it is.
>
> -David
>
It's as David says, there are a lot of us who would rather have the 
choice than not have it.
If that's not acceptable to some then that's their decision however as a 
part of our network this DNS 'tomfoolery' is something that both we and 
the end user see benefits from so I don't see it going away anytime soon.

Regards,
Andrew Cox
AccessPlus HNA




More information about the NANOG mailing list