[132434] in North American Network Operators' Group
Re: Blocking International DNS
daemon@ATHENA.MIT.EDU (Wil Schultz)
Mon Nov 22 19:47:41 2010
From: Wil Schultz <wschultz@bsdboy.com>
In-Reply-To: <FF7F038F-33C4-4543-89D6-E965DD4265F5@arbor.net>
Date: Mon, 22 Nov 2010 16:47:24 -0800
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
The more I think about this COICA deal the more I can't even fathom how =
it could be implemented.
If an upstream server won't resolve, what's to stop a network admin from =
using an offshored DNS server, or even the root servers?=20
Unless we're talking about keeping DNS traffic confined to the ISP's =
network. Then what's to stop a global HOSTS.TXT from circulating via =
torrent?
It's shortsighted and problematic, which is usually what happens when =
technical discussions are dictated by politics.
-wil=20
On Nov 22, 2010, at 4:21 PM, Dobbins, Roland wrote:
>=20
> On Nov 22, 2010, at 10:48 PM, Joe Abley wrote:
>=20
>> I guess if the manner of the interception was to send back SERVFAIL =
to DNS clients whose queries were (in some sense) objectionable, the =
result would be that the clients were not able to resolve the (in some =
sense) bad names.=20
>=20
> Quantifying the negative performance impact of SERVFAIL on various =
stub resolvers might provide some useful data points in any 'official' =
discussions which arise on this topic.
>=20
> =
-----------------------------------------------------------------------
> Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
>=20
> Sell your computer and buy a guitar.
>=20
>=20
>=20
>=20
>=20
