[dns-operations] DNS-based site blocking in the UK
Emanuele Balla (aka Skull)
skull at bofhland.org
Wed Aug 10 09:08:52 UTC 2011
On 8/9/11 5:39 PM, Jim Reid wrote:
> Wes, I fear you've over-reacted. Yes, governments could pass laws to
> affect port 53 traffic. I doubt they are that stupid. [Though seeing the
> sorts of silliness coming out of legislators all over the world, there
> are valid grounds to debate that.] There will (or should be) a
> recognition that any legislation shouldn't mention specific
> countermeasures because the bad guys will just route around them faster
> than the law could be updated.
> My understanding of the UK situation is that parliament wants to curtail
> copyright violation. How that gets done is implementation detail for the
> experts to sort out. A solution which was disruptive and destabilising
> to the DNS is unlikely to get serious attention, especially when there
> are other, less intrusive ways of blocking illegal downloads:
> address-based blacklisting, traffic shaping, etc. The Ofcom report
> pretty much says this, though the language is more subtle than what I've
> just typed.
FWIW, this is already happening here in Italy for years now...
ISPs are currently forced to inhibit DNS resolution for several domains,
like those listed by "CNCPO" (something like "national contrast center
against online pedo-pornography") and several online casino considered
illegal in Italy.
Also, from time to time some district attorney/prosecutor faxes ISPs
ordering them to ban a given domain or also to nullroute traffic for
some specific host.
This happened recently for BTjunkie, exactly for copyright violation:
Obviously, this is not going to stop users from doing what they really
want to do: BTJunkie is reachable through proxy services...
... and pedophiles just need to switch to gDNS (or any other open
resolver) to route around such a silly block...
Nobody stepped up with something like blocking port 25 traffic from
users not going to ISPs' DNS, but probably it's just because they did
not think about the chance yet.
So, at least in Italy, governments ARE stupid enough...
Paranoia is a disease unto itself. And may I add: the person standing
next to you may not be who they appear to be, so take precaution.
More information about the dns-operations