[NCSG-Discuss] beyond take down

Avri Doria avri at ACM.ORG
Wed Nov 23 16:39:37 CET 2011


Hi Timothe,

What I have not been able to determine, with my cursory following of the IETF dnsext Wg is whether there are any IDs on this and if so what sort of track is it on.

I looked at the ISC technical note <ftp://ftp.isc.org/isc/dnsrpz/isc-tn-2010-1.txt> referred to in one of the slides, which while it looks like an ID, but saw no indication there either.  The only related ID I see is : <http://tools.ietf.org/html/draft-vixie-dnsext-resimprove-00>

Is this intended by ISC to be a defacto standard, separate from the IETF standards making process? Or am I missing ongoing work somewhere.

avri


On 20 Nov 2011, at 20:07, Milton L Mueller wrote:

> 
> 
> -----Original message-----
> From: Timothe Litt <litt at acm.org>
> To: Milton L Mueller <mueller at syr.edu>
> Sent: Sun, Nov 20, 2011 17:37:39 GMT+00:00
> Subject: RE: [NCSG-Discuss] beyond take down
> 
> Does anyone on this list know more about the way BIND is being amended to allow the “rewriting” of DNS answers? Jorge? Timothe?
>  
>  
> Yes.  Recent versions of BIND (starting I think with 9.8) have a feature called RPZ = Response Policy Zone.  It is rather controversial.
>  
> The intent was to make it possible for enterprise customers to block websites (and other protocols relying on DNS) according to some policy - typically known malware and/or non-work sites.  It doesn't work with DNSSEC.  It has some potential for abuse by ISPs.  As ISC tells the story, this was implemented because of (bind) customer demand, not because ISC thinks it's a good idea. 
>  
> Here are some references:
>  
> http://www.isc.org/community/blog/201007/taking-back-dns-0
>  
> http://www.isc.org/files/TakingBackTheDNSrpz2.pdf
>  
> http://www.isc.org/community/blog/201103/blocking-dns
>  
>  
> I will refrain from editorial comment - except to note that DNS is not a particularly good place to implement a blocking policy. 
> 
> 
> Timothe Litt
> ACM Distinguished Engineer
> ---------------------------------------------------------
> This communication may not represent the ACM or my employer's views,
> if any, on the matters discussed.
> 
> From: NCSG-Discuss [mailto:NCSG-DISCUSS at LISTSERV.SYR.EDU] On Behalf Of Milton L Mueller
> Sent: Sunday, November 20, 2011 12:10
> To: NCSG-DISCUSS at LISTSERV.SYR.EDU
> Subject: Re: [NCSG-Discuss] beyond take down
> 
> Does anyone on this list know more about the way BIND is being amended to allow the “rewriting” of DNS answers? Jorge? Timothe?
> From: NCSG-Discuss [mailto:NCSG-DISCUSS at LISTSERV.SYR.EDU] On Behalf Of William Drake
> Sent: Sunday, November 20, 2011 10:22 AM
> To: NCSG-DISCUSS at LISTSERV.SYR.EDU
> Subject: [NCSG-Discuss] beyond take down
> Hi
> 
> As discussed on our call the other night, some of the key developments from a global public interest standpoint go beyond GNSO & ICANN policies but we might still consider whether there's grounds for useful NC engagement…
> 
> & BTW Monika quotes Wendy in the below...
> 
> http://www.ip-watch.org/weblog/2011/11/20/filtering-and-blocking-closer-to-the-core-of-the-internet/print/
> 
> Filtering and Blocking Closer To The Core Of The Internet?
> By Monika Ermert for Intellectual Property Watch on 20/11/2011 @ 1:00 pm
> 
> 
> With protests against draft US legislation like the Stop Online Piracy Act (SOPA) and the Protect IP Act ongoing and the European Parliament voting o
> 


More information about the Ncuc-discuss mailing list