[dns-operations] DNS filtering in the UK

sthaug at nethelp.no sthaug at nethelp.no
Wed Sep 14 16:35:12 UTC 2016

> This is not very clear. Does it mean the british government will
> publish a RPZ zone (or a similar technology) and "kindly encourage"
> the ISP to slave it and therefore to automatically implement DNS lying
> on their resolvers?

Such a move would not be completely without precedent, unfortunately.

In Norway the national police maintains a list of child porn domains
(CSAADF) and "encourages" ISPs to use this list to block traffic to
these domains/web sites (I'm deliberately not differentiating here,
because both DNS lies and DPI/web redirection are seen as acceptable
ways of implementing this).

The use is *in theory* completely voluntary - but the minister of
Justice at the time (Knut Storberget, 2008) made it quite clear that
if ISPs didn't "voluntarily" use such filtering, he wouldn't hesitate
to introduce legislation which forced the ISPs to do this.

The result is that basically *all* the biggest ISPs in Norway perform
such filtering. Most use DNS-based filtering (simplest/cheapest), and
as we know this is very easy to avoid (point your laptop at Google or
OpenDNS, etc) and doesn't really catch the dedicated child porn users.

This doesn't matter to the politicians, because the *appearance* of
doing something about child porn is much more important than actually
doing something...

Steinar Haug, AS2116

More information about the dns-operations mailing list