Blocking International DNS

Wil Schultz wschultz at bsdboy.com
Tue Nov 23 00:47:24 UTC 2010


The more I think about this COICA deal the more I can't even fathom how it could be implemented.

If an upstream server won't resolve, what's to stop a network admin from using an offshored DNS server, or even the root servers? 

Unless we're talking about keeping DNS traffic confined to the ISP's network. Then what's to stop a global HOSTS.TXT from circulating via torrent?

It's shortsighted and problematic, which is usually what happens when technical discussions are dictated by politics.

-wil 


On Nov 22, 2010, at 4:21 PM, Dobbins, Roland wrote:

> 
> On Nov 22, 2010, at 10:48 PM, Joe Abley wrote:
> 
>> I guess if the manner of the interception was to send back SERVFAIL to DNS clients whose queries were (in some sense) objectionable, the result would be that the clients were not able to resolve the (in some sense) bad names. 
> 
> Quantifying the negative performance impact of SERVFAIL on various stub resolvers might provide some useful data points in any 'official' discussions which arise on this topic.
> 
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
> 
> 	       Sell your computer and buy a guitar.
> 
> 
> 
> 
> 





More information about the NANOG mailing list