This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/cooperation-wg@ripe.net/
[cooperation-wg] DNS-based filtering
- Previous message (by thread): [cooperation-wg] DNS-based filtering
- Next message (by thread): [cooperation-wg] DNS-based filtering
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Roland Perry
roland at internetpolicyagency.com
Tue Jan 28 13:25:58 CET 2014
In message <52E699B3.9050807 at gmail.com>, at 18:38:59 on Mon, 27 Jan 2014, Pier Carlo Chiodi <pc.chiodi at gmail.com> writes >>> my intention was not to use the example.com "technical background" >>> such as the real NSs operated by IANA. >> >> Except your diagrams quote "a.iana-servers.net" as the NS, which is >> where the potential for great confusion kicks in. > >That's right, the diagram on page 6 uses the real authoritative >nameservers for example.com, because there I show how really >example.com >works. I'm reminded of the confusion between "root servers" and "route servers" which has beleaguered many a debate about Internet governance (and has reared its ugly head on '1net' in only the last few days). The issue of USA control over IANA, and the potential implication of a single point of failure, means I am extremely concerned about giving even the slightest [mistaken] impression that anyone's NS are located at IANA [other than a handful of I* community sites of course]. >In the rest of the document I used the example.com in other scenarios >too, many of them fictitious (blog.example.com, criminal.example.com), >just for the purpose of describing the specific situation. > >> I think a suitably-chosen example would be much less difficult for the >> non-experts (they won't go away with the impression that IANA runs >> everyone's NS). > >Would not this just move the problem toward the new domain's registry >and NSs? If the impression that the document gives is this, maybe >something else should be changed too. One solution would be using an obviously fictional set of domains for the name servers. I'm not sure how many readers will be reaching for their DNS-tools to see if they got "real" results. Perhaps we could use something like example-network-A.com, example-network-B.com, example-network-C.com as the Name Server host networks. ps And on another topic, might it be useful to include some indication of how practical some of the circumvention methods you describe might be on a tablet/smartphone (rather than a desktop PC)? I realise that if users of *some* legacy systems can employ circumvention it's still a problem, but the migration to mobile platforms is rapid and significant, and they are much less susceptible to user customisation. On my Android phone, for example, I can't even see a way to change it from DHCP (which I assume it's using) to a fixed DNS server of *my* choice. I imagine an iPhone or iPad is the same. -- Roland Perry
- Previous message (by thread): [cooperation-wg] DNS-based filtering
- Next message (by thread): [cooperation-wg] DNS-based filtering
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]