[dns-operations] DNS filtering in the UK
Paul Vixie
paul at redbarn.org
Thu Sep 15 05:07:44 UTC 2016
Viktor Dukhovni wrote:
> On Wed, Sep 14, 2016 at 08:57:43PM -0700, Paul Vixie wrote:
>
>>> When you just want to stop people getting to a site does it matter
>>> if it is SERVFAIL, NXDOMAIN or a redirect address? When you target
>>> the<service name,type> there is little collateral damage except
>>> to the service you are targeting.
>> the collateral damage is the dnssec-aware applications which will never be
>> developed, because they wouldn't be able to tell the difference between
>> criminal and government interference in their dns data path.
>
> Why do applications need to care about the purported motivation of
> the interference. When destination is made unreachable, the technical
> details are hardly relevant.
>
> I don't see how this derails DNSSEC. What DNSSEC does is make the
> interferecent visible, is there anything wrong with that?
there's homework for this class.
start here:
http://www.redbarn.org/node/6
--
P Vixie
More information about the dns-operations
mailing list