[119229] in North American Network Operators' Group
Re: What DNS Is Not
daemon@ATHENA.MIT.EDU (sthaug@nethelp.no)
Tue Nov 10 08:31:24 2009
Date: Tue, 10 Nov 2009 14:30:45 +0100 (CET)
To: nanog@nanog.org, john-nanog@johnpeach.com
From: sthaug@nethelp.no
In-Reply-To: <20091110080539.35005525@jpeach-desktop.1425mad.mountsinai.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> > When the conficker worms phones home to one of the 50,000 potential
> > domains names it computes each day, there are a lot of IT folks out
> > there that wish their local resolver would simply reject those DNS
> > requests so that infected machines in their network fail to phone
> > home.
> >
> > To use your language, I don't understand how or why this could
> > possibly be controversial. -- Apparently it is.
>
> In which case, make your own nameserver authoritative for those
> domains; do not foist your own wishes on other people.
Since people need to *explicitly* choose using the OpenDNS servers, I
can hardly see how anybody's wishes are foisted on these people.
If you don't like the answers you get from this (free) service, you
can of course choose to use a different service - for instance your
ISP's name servers.
(I may or may not agree with what OpenDNS does - that is completely
irrelevant in this case.)
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
