[dns-operations] charter, sitefinder, opendns (slashdot today)

David Ulevitch davidu at everydns.net
Fri Feb 16 07:45:32 UTC 2007



Paul Vixie wrote:

>> This is not true.  ISPs are actively considering blocking 53 and no 
>> rationale for that exists.
> 
> i think they have a rationale.  maybe they want to make money fast.  or
> maybe they want the dns transactions to go through a bothunting IDS.

Your first example says they should modify their customers resolvers.
Your second example says they should passively tap their customers 
resolvers.

Neither says they should restrict port 53.  There's only one example 
that could justify blocking port 53 and it's not a very good one because 
the bad guys will just switch ports.

>> Historically, and not for better, but for worse, irrational actions 
>> generate irrational responses.
>>
>> Let's not let that happen.
> 
> i've been standing in the water up to my waist trying to hold back that tide.
> so, i'm not sure what you mean by "not let".

We could start by putting together some policy or BCPs that explain why 
blocking 53 doesn't solve any issues but creates more complexity, arms 
races, and overall brokenness in the Internet.

-david


> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations




More information about the dns-operations mailing list