[dns-operations] Embedding MAC address in DNS requests for selective filtering

Robert Kisteleki robert at ripe.net
Tue Jan 26 08:36:56 UTC 2016

>>> Alternately this could be implemented by having the DHCP server give
>>> the clients a different DNS server (possibly even in a different
>>> subnet, if you wanted to do actual isolation instead of DNS filtering
>>> theater).  
>> Hi, Shane:
>> If I understand correctly, this would only really work with a very
>> limited number of filtering options, say "filtered" and "unfiltered".
>> But the DNS filtering vendors give you a lot more flexibility than that.
>> E.g., this is OpenDNS's "Web Content Filtering" configuration panel:
>>     https://i.imgur.com/wGwNHl7.png
> Fair enough. Bert's description of filtering the kids' iPads but being
> able to still see the unfiltered network made me think of simple
> rule-sets.

Since there are fifty-something categories listed there, plus a few generic
options, one can encode all this in the host part of the v6 address of the
DNS resolver given to the client. That's way more than a boolean for
filtered/unfiltered. So your idea scales well! :-)

> I clearly don't have the proper mindset for censorship. :(

Don't worry, that's a feature!


> Cheers,
> --
> Shane
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

More information about the dns-operations mailing list