[dns-operations] DNS filtering in the UK

Viktor Dukhovni ietf-dane at dukhovni.org
Thu Sep 15 04:43:40 UTC 2016

On Wed, Sep 14, 2016 at 08:57:43PM -0700, Paul Vixie wrote:

> >When you just want to stop people getting to a site does it matter
> >if it is SERVFAIL, NXDOMAIN or a redirect address?  When you target
> >the<service name,type>  there is little collateral damage except
> >to the service you are targeting.
> the collateral damage is the dnssec-aware applications which will never be
> developed, because they wouldn't be able to tell the difference between
> criminal and government interference in their dns data path.

Why do applications need to care about the purported motivation of
the interference.  When destination is made unreachable, the technical
details are hardly relevant.

I don't see how this derails DNSSEC.  What DNSSEC does is make the
interferecent visible, is there anything wrong with that?


More information about the dns-operations mailing list