[dns-operations] DNS filtering in the UK
Paul Vixie
paul at redbarn.org
Thu Sep 15 03:57:43 UTC 2016
Mark Andrews wrote:
> In message<57D9FCE3.6030409 at redbarn.org>, Paul Vixie writes:
>> so, what i hear from the losers in the SOPA wars now is, we weren't
>> lying, DNS filtering at scale does not break the internet, just look at
>> what they're doing in europe. and i don't have a single DNSSEC-aware
>> application to point at, that breaks due to DNS filtering.
>
> When you just want to stop people getting to a site does it matter
> if it is SERVFAIL, NXDOMAIN or a redirect address? When you target
> the<service name,type> there is little collateral damage except
> to the service you are targeting.
the collateral damage is the dnssec-aware applications which will never
be developed, because they wouldn't be able to tell the difference
between criminal and government interference in their dns data path.
i for one would not have made my personal or various corporate
investments in dnssec if the only result was to secure the cache.
rather, it was the promise of new applications could not have been or
would never be developed until authenticity was a feature dns had, that
motivated me.
if governments in most of the free world decide that dns blocking is the
only way to be seen doing something about online sex crimes against
children, then we (this community) just wasted about 5000 man years on
dnssec, because it cannot coexist with this brand of do-something-ism.
>> for all i know TPP will bring it all back around again. bad ideas never
>> die, they just go into submarine mode for a while and then pop up
>> someplace else.
>>
>> vixie
--
P Vixie
More information about the dns-operations
mailing list