[191401] in North American Network Operators' Group
Re: Lawsuits for falsyfying DNS responses ?
daemon@ATHENA.MIT.EDU (Stephane Bortzmeyer)
Tue Sep 13 04:30:59 2016
X-Original-To: Nanog@nanog.org
Date: Tue, 13 Sep 2016 10:30:24 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: =?utf-8?B?SsOBS8OTIEFuZHLDoXM=?= <jako.andras@eik.bme.hu>
In-Reply-To: <20160913051258.GA563@eik.bme.hu>
Cc: "Nanog@nanog.org" <Nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Tue, Sep 13, 2016 at 07:12:59AM +0200,
JÁKÓ András <jako.andras@eik.bme.hu> wrote
a message of 18 lines which said:
> Blocking for that purpose usually means redirecting in
> practive. You'll redirect to a page that explains why the original
> site is not available.
It has practical consequences for the user: in France, DNS lies in
ISP's resolvers for "terrorist" sites redirect you to a Web site of
the police, which will get your source IP address and the site you
wanted (thanks to the Host: HTTP field). Clear blocking (DNS lie
returning localhost or NXDOMAIN) is a bit better for privacy. (But
less transparent about the censorship.)
