Blocking International DNS

Joe Sniderman joseph.sniderman at thoroquel.org
Mon Nov 22 19:48:31 CST 2010


On 11/22/2010 07:47 PM, Wil Schultz wrote:
> The more I think about this COICA deal the more I can't even fathom
> how it could be implemented.
> 
> If an upstream server won't resolve, what's to stop a network admin
> from using an offshored DNS server, or even the root servers?

The way I read it its specifically aimed at whoever is running the
resolver, ISP or otherwise.  Querying recursively starting at the root
would be a violation then. (hence my comment earlier about taking my
recursor from my cold dead hands.) So, short of actually searching out
and confiscating or destroying uncensored resolvers (like the ones, 5th
amendment notwithstanding, that will continue to run each of my
notebooks, even if just for spite if the law passes.), or raiding ICANN
guns drawn and ordering removal of "non compliant" ccTLDs from the root,
IMHO enforcement would be pretty much impossible.

> Unless we're talking about keeping DNS traffic confined to the ISP's
> network.

tunneled connections.  unless all IP traffic is kept to a specific ISP,
in which case the "I" would become a misnomer, and would be easier said
done.

> Then what's to stop a global HOSTS.TXT from circulating via
> torrent?

Hey as long is its not a DNS server. :P

> It's shortsighted and problematic, which is usually what happens when
> technical discussions are dictated by politics.

Yup.

-- 
Joe Sniderman <joseph.sniderman at thoroquel.org>




More information about the NANOG mailing list