[dns-operations] DNS filtering in the UK

Paul Vixie paul at redbarn.org
Thu Sep 15 05:07:44 UTC 2016

Viktor Dukhovni wrote:
> On Wed, Sep 14, 2016 at 08:57:43PM -0700, Paul Vixie wrote:
>>> When you just want to stop people getting to a site does it matter
>>> if it is SERVFAIL, NXDOMAIN or a redirect address?  When you target
>>> the<service name,type>   there is little collateral damage except
>>> to the service you are targeting.
>> the collateral damage is the dnssec-aware applications which will never be
>> developed, because they wouldn't be able to tell the difference between
>> criminal and government interference in their dns data path.
> Why do applications need to care about the purported motivation of
> the interference.  When destination is made unreachable, the technical
> details are hardly relevant.
> I don't see how this derails DNSSEC.  What DNSSEC does is make the
> interferecent visible, is there anything wrong with that?

there's homework for this class.

start here:


P Vixie

More information about the dns-operations mailing list