This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[cooperation-wg] DNS-based filtering

Previous message (by thread): [cooperation-wg] DNS-based filtering
Next message (by thread): [cooperation-wg] DNS-based filtering

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Roland Perry roland at internetpolicyagency.com
Tue Jan 28 13:25:58 CET 2014

In message <52E699B3.9050807 at gmail.com>, at 18:38:59 on Mon, 27 Jan 
2014, Pier Carlo Chiodi <pc.chiodi at gmail.com> writes
>>> my intention was not to use the example.com "technical background"
>>> such as the real NSs operated by IANA.
>>
>> Except your diagrams quote "a.iana-servers.net" as the NS, which is
>> where the potential for great confusion kicks in.
>
>That's right, the diagram on page 6 uses the real authoritative
>nameservers for example.com, because there I show how really 
>example.com
>works.

I'm reminded of the confusion between "root servers" and "route servers" 
which has beleaguered many a debate about Internet governance (and has 
reared its ugly head on '1net' in only the last few days). The issue of 
USA control over IANA, and the potential implication of a single point 
of failure, means I am extremely concerned about giving even the 
slightest [mistaken] impression that anyone's NS are located at IANA 
[other than a handful of I* community sites of course].

>In the rest of the document I used the example.com in other scenarios
>too, many of them fictitious (blog.example.com, criminal.example.com),
>just for the purpose of describing the specific situation.
>
>> I think a suitably-chosen example would be much less difficult for the
>> non-experts (they won't go away with the impression that IANA runs
>> everyone's NS).
>
>Would not this just move the problem toward the new domain's registry
>and NSs? If the impression that the document gives is this, maybe
>something else should be changed too.

One solution would be using an obviously fictional set of domains for 
the name servers. I'm not sure how many readers will be reaching for 
their DNS-tools to see if they got "real" results.

Perhaps we could use something like example-network-A.com, 
example-network-B.com, example-network-C.com as the Name Server host 
networks.

ps And on another topic, might it be useful to include some indication 
of how practical some of the circumvention methods you describe might be 
on a tablet/smartphone (rather than a desktop PC)?

I realise that if users of *some* legacy systems can employ 
circumvention it's still a problem, but the migration to mobile 
platforms is rapid and significant, and they are much less susceptible 
to user customisation.

On my Android phone, for example, I can't even see a way to change it 
from DHCP (which I assume it's using) to a fixed DNS server of *my* 
choice. I imagine an iPhone or iPad is the same.
-- 
Roland Perry

Previous message (by thread): [cooperation-wg] DNS-based filtering
Next message (by thread): [cooperation-wg] DNS-based filtering

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ cooperation-wg Archives ]