[dns-operations] Trend/ISC DNS Changer takedown.

Peter Koch pk at DENIC.DE
Fri Nov 11 09:58:58 UTC 2011


On Thu, Nov 10, 2011 at 10:12:28AM -0800, Jothan Frakes wrote:

> I've been asserting to folks in the political community that
> nameservers like these will get a big boost in audience from bills
> like the protect-IP in the US where ISPs are compelled to mute certain
> domains for p2p or counterfeiting.  'Consumers' of the muted sites
> will seek workarounds and will likely install some plugin or enter in
> replacement nameservers that they're provided on IRC or other means.

so, you're suggesting that some of those generous offers of alternative
name resolution will be malicious?  Well, in that case DNSSEC, were
it deployed, would indeed be able to help mitigate.

But there is a more likely scenario that involves another layer of bricks
in the walled garden formerly known as the Internet: since promiscuous
use of outbound port 53 is dangerous (malware, see above) or illegal
(cf your reference), wouldn't it be of great help if everybody just
protected their customers/users from falling victim to this evil by
applying the appropriate access lists?

-Peter



More information about the dns-operations mailing list