[119092] in North American Network Operators' Group
Re: Congress may require ISPs to block fraud sites H.R.3817
daemon@ATHENA.MIT.EDU (sthaug@nethelp.no)
Fri Nov 6 11:07:59 2009
Date: Fri, 06 Nov 2009 17:07:11 +0100 (CET)
To: morrowc.lists@gmail.com
From: sthaug@nethelp.no
In-Reply-To: <75cb24520911060756j6139ea40r3a24f6e8e6d26b78@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> > Don't get hung up on the wording. A DNS blackhole list will do the
> > trick as well. I don't think border ACLs on routers will be necessary.
>
> do you use your ISP's dns servers? does your corporate vpn?
A DNS blackhole list makes it *appear* as if the government/police
is doing something.
"We must do something. This is something, therefore we must do it."
This way of thinking is alive and well in the form of DNS based child
porn blackhole lists in Norway and several other countries. The fact
that anybody who is *really interested* can easily evade these lists,
for instance by using his own DNS server, does not seem to concern
politicians or police...
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
