[dns-operations] charter, sitefinder, opendns (slashdot today)

Paul Vixie paul at vix.com
Fri Feb 16 08:54:09 UTC 2007

> > i think they have a rationale.  maybe they want to make money fast.  or
> > maybe they want the dns transactions to go through a bothunting IDS.
> Your first example says they should modify their customers resolvers.


> Your second example says they should passively tap their customers
> resolvers.


> Neither says they should restrict port 53.  There's only one example that
> could justify blocking port 53 and it's not a very good one because the bad
> guys will just switch ports.

also no.

> > so, i'm not sure what you mean by "not let".
> We could start by putting together some policy or BCPs that explain why
> blocking 53 doesn't solve any issues but creates more complexity, arms
> races, and overall brokenness in the Internet.

none of which will change charter's revenue prospects from doing what was
called "isp-level sitefinder".  therefore none of which will change what
charter's doing.  and other isp's, seeing this revenue-success, will follow
suit.  we can write whatever we want.  the IAB wrote that tld wildcards were
bad and it had no effect on those who saw+wanted the revenue from it.  ICANN
SSAC wrote a report saying that masking NXDOMAIN was bad for a long list of
reasons and it had a similar lack of effect.

again i'll say:

> > i've been standing in the water up to my waist trying to hold back that
> > tide.
> > 
> > so, i'm not sure what you mean by "not let".

it's not up to just us what happens on this score.  we have to add elements
if we want to affect the mix, because it's not in our power to subtract.

More information about the dns-operations mailing list