[53452] in North American Network Operators' Group
RE: Blocking specific sites within certain countries.
daemon@ATHENA.MIT.EDU (hostmaster)
Thu Nov 14 18:48:44 2002
Date: Fri, 15 Nov 2002 00:45:45 +0100
To: nanog@merit.edu
From: hostmaster <hostmaster@nso.org>
In-Reply-To: <31878789.1037294909@[172.30.118.247]>
Errors-To: owner-nanog-outgoing@merit.edu
--=====================_26673594==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 05:28 PM 11/14/2002, Patrick W. Gilmore most definitely admitted:
>-- On Thursday, November 14, 2002 8:52 PM +0100
>-- hostmaster <hostmaster@nso.org> supposedly wrote:
>>This all strikes me as incorrect. The function of the domain name system
>>is primarily to translate an IP number into a domain name, vice versa. If
>>a user wishes to browse to <http://64.236.16.20> he/she will arrive also
>>at <www.cnn.com>. The domain name is propagated and subsequently
>>refreshed throughout the World. A browser request and reply may take each
>>time hundreds of different routes through the Internet from end-to-end.
>>If Spain would want to deploy blocking of the domain CNN.com (or in fact
>>any other domain) it would have to factually block individual IP's at the
>>telco 'in and out of Spain routes' to accomplish that. This, by the way
>>is currently e.g. done in the Peoples Republic of China, be it not really
>>successful :) It is also so easy to set up secondary dns's anywhere else
>>on the globe with a ptr to some other IP no., that a dns block sec would
>>never be a successful action. Blocking a /24 in Spain may be effective,
>>but if the Spanish site would be hosted elsewhere, or would have a mirror
>>hosted elsewhere, the elsewhere legislation would be the regulations the
>>telco's are confronted with, and looking at.
>
>Suppose they just make it a law that each ISP has to block "domain.com" in
>their caching name servers?
Who is 'they', Patrick ? Suppose Spain introduces that law. Fine, but that
doesn't mean that other countries have to (or will ever) abide by that.
Certainly in the U.S. you won't find that many who would support even the idea.
>Sure, the user could telnet somewhere and find the IP address themselves,
>but it would stop 99.99% of the lusers out there.
Thousands of non-Spanish dns servers (not under the Spanish restriction)
would have cached the propagated terror.com url from Akamai. Any Spanish
user really wanting to see terror.com will get it. To make it a more
permanent experience the Spanish conquistador should install his own winooz
95 dns service (I believe it's free), and peg it to a secondary dns outside
his beautiful country.
Bert Fortrie
--=====================_26673594==_.ALT
Content-Type: text/html; charset="us-ascii"
<html>
<font size=3>At 05:28 PM 11/14/2002, Patrick W. Gilmore most definitely
admitted:<br>
<blockquote type=cite cite>-- On Thursday, November 14, 2002 8:52 PM
+0100<br>
-- hostmaster <hostmaster@nso.org> supposedly wrote:<br>
<blockquote type=cite cite>This all strikes me as incorrect. The function
of the domain name system<br>
is primarily to translate an IP number into a domain name, vice versa.
If<br>
a user wishes to browse to
<<a href="http://64.236.16.20/" eudora="autourl">http://64.236.16.20</a>>
he/she will arrive also<br>
at
<<a href="http://www.cnn.com/" eudora="autourl">www.cnn.com</a>>.
The domain name is propagated and subsequently<br>
refreshed throughout the World. A browser request and reply may take
each<br>
time hundreds of different routes through the Internet from
end-to-end.<br>
If Spain would want to deploy blocking of the domain CNN.com (or in
fact<br>
any other domain) it would have to factually block individual IP's at
the<br>
telco 'in and out of Spain routes' to accomplish that. This, by the
way<br>
is currently e.g. done in the Peoples Republic of China, be it not
really<br>
successful :) It is also so easy to set up secondary dns's anywhere
else<br>
on the globe with a ptr to some other IP no., that a dns block sec
would<br>
never be a successful action. Blocking a /24 in Spain may be
effective,<br>
but if the Spanish site would be hosted elsewhere, or would have a
mirror<br>
hosted elsewhere, the elsewhere legislation would be the regulations
the<br>
telco's are confronted with, and looking at.</blockquote><br>
Suppose they just make it a law that each ISP has to block
"domain.com" in their caching name servers?</blockquote>Who is
'they', Patrick ? Suppose Spain introduces that law. Fine, but that
doesn't mean that other countries have to (or will ever) abide by that.
Certainly in the U.S. you won't find that many who would support even the
idea.<br>
<blockquote type=cite cite>Sure, the user could telnet somewhere and find
the IP address themselves, but it would stop 99.99% of the lusers out
there.</blockquote>Thousands of non-Spanish dns servers (not under the
Spanish restriction) would have cached the propagated terror.com url from
Akamai. Any Spanish user really wanting to see terror.com will get
it. To make it a more permanent experience the Spanish conquistador
should install his own winooz 95 dns service (I believe it's free), and
peg it to a secondary dns outside his beautiful country. <br>
<br>
Bert Fortrie<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</font></html>
--=====================_26673594==_.ALT--
