[dns-operations] shunning malware-hosting registrars

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Jan 28 15:51:35 UTC 2014


On Tue, Jan 28, 2014 at 10:43:21AM -0500,
 Daniel Sterling <sterling.daniel at gmail.com> wrote 
 a message of 31 lines which said:

> Would it be possible for the larger DNS community to blacklist and
> stop serving domains from registrars that are known to be friendly
> to malware authors? For example, the recent FileZilla malware [1]
> uses domains hosted by Naunet.ru. The Avast staff say that registrar
> "ignores requests to suspend illegal domains."

This goes on a very slippery slope. First, "illegal" does not mean the
same thing in different countries (showing a female bare breast may be
illegal in Saudi Arabia but not in Sweden). Second, evaluating if
something is actually illegal can be tricky, even for a trained
judge. Third, once you start doing this, you can bet a lot of money
that many people will request it from you: the entertainment industry,
the State, the local police, the local cult, etc.

> Browsers such as Chrome and Firefox use a blacklist to discourage
> users from visiting malware sites, so there is at least some
> precedent.

Doing action X in the end points is normal: the user can always choose
what he wants to see or not. Doing it in the infrastructure (the DNS)
is a gross violation of network neutrality and a danger for the
Internet (for instance, it will encourage users to move to
"alternative" resolvers or systems, which may be actually more
dangerous).

But if you want to promote Namecoin, this is a great idea :-)
 



More information about the dns-operations mailing list