Fw: [NCSG-Discuss] beyond take down

Milton L Mueller mueller at SYR.EDU
Mon Nov 21 02:07:33 CET 2011 


-----Original message-----
From: Timothe Litt <litt at acm.org>
To: Milton L Mueller <mueller at syr.edu>
Sent: Sun, Nov 20, 2011 17:37:39 GMT+00:00
Subject: RE: [NCSG-Discuss] beyond take down

Does anyone on this list know more about the way BIND is being amended to allow the “rewriting” of DNS answers? Jorge? Timothe?


Yes.  Recent versions of BIND (starting I think with 9.8) have a feature called RPZ = Response Policy Zone.  It is rather controversial.

The intent was to make it possible for enterprise customers to block websites (and other protocols relying on DNS) according to some policy - typically known malware and/or non-work sites.  It doesn't work with DNSSEC.  It has some potential for abuse by ISPs.  As ISC tells the story, this was implemented because of (bind) customer demand, not because ISC thinks it's a good idea.

Here are some references:

http://www.isc.org/community/blog/201007/taking-back-dns-0

http://www.isc.org/files/TakingBackTheDNSrpz2.pdf

http://www.isc.org/community/blog/201103/blocking-dns


I will refrain from editorial comment - except to note that DNS is not a particularly good place to implement a blocking policy.


Timothe Litt
ACM Distinguished Engineer
---------------------------------------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.

________________________________
From: NCSG-Discuss [mailto:NCSG-DISCUSS at LISTSERV.SYR.EDU] On Behalf Of Milton L Mueller
Sent: Sunday, November 20, 2011 12:10
To: NCSG-DISCUSS at LISTSERV.SYR.EDU
Subject: Re: [NCSG-Discuss] beyond take down

Does anyone on this list know more about the way BIND is being amended to allow the “rewriting” of DNS answers? Jorge? Timothe?
From: NCSG-Discuss [mailto:NCSG-DISCUSS at LISTSERV.SYR.EDU] On Behalf Of William Drake
Sent: Sunday, November 20, 2011 10:22 AM
To: NCSG-DISCUSS at LISTSERV.SYR.EDU
Subject: [NCSG-Discuss] beyond take down
Hi
As discussed on our call the other night, some of the key developments from a global public interest standpoint go beyond GNSO & ICANN policies but we might still consider whether there's grounds for useful NC engagement…
& BTW Monika quotes Wendy in the below...

http://www.ip-watch.org/weblog/2011/11/20/filtering-and-blocking-closer-to-the-core-of-the-internet/print/

Filtering and Blocking Closer To The Core Of The Internet?
By Monika Ermert for Intellectual Property Watch on 20/11/2011 @ 1:00 pm

With protests against draft US legislation like the Stop Online Piracy Act (SOPA) and the Protect IP Act ongoing and the European Parliament voting o
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20111121/5ec2020c/attachment.html>

More information about the Ncuc-discuss mailing list