NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Avri Doria <[log in to unmask]>
Reply To:
Avri Doria <[log in to unmask]>
Date:
Wed, 23 Nov 2011 10:39:37 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (71 lines)
Hi Timothe,

What I have not been able to determine, with my cursory following of the IETF dnsext Wg is whether there are any IDs on this and if so what sort of track is it on.

I looked at the ISC technical note <ftp://ftp.isc.org/isc/dnsrpz/isc-tn-2010-1.txt> referred to in one of the slides, which while it looks like an ID, but saw no indication there either.  The only related ID I see is : <http://tools.ietf.org/html/draft-vixie-dnsext-resimprove-00>

Is this intended by ISC to be a defacto standard, separate from the IETF standards making process? Or am I missing ongoing work somewhere.

avri


On 20 Nov 2011, at 20:07, Milton L Mueller wrote:

> 
> 
> -----Original message-----
> From: Timothe Litt <[log in to unmask]>
> To: Milton L Mueller <[log in to unmask]>
> Sent: Sun, Nov 20, 2011 17:37:39 GMT+00:00
> Subject: RE: [NCSG-Discuss] beyond take down
> 
> Does anyone on this list know more about the way BIND is being amended to allow the “rewriting” of DNS answers? Jorge? Timothe?
>  
>  
> Yes.  Recent versions of BIND (starting I think with 9.8) have a feature called RPZ = Response Policy Zone.  It is rather controversial.
>  
> The intent was to make it possible for enterprise customers to block websites (and other protocols relying on DNS) according to some policy - typically known malware and/or non-work sites.  It doesn't work with DNSSEC.  It has some potential for abuse by ISPs.  As ISC tells the story, this was implemented because of (bind) customer demand, not because ISC thinks it's a good idea. 
>  
> Here are some references:
>  
> http://www.isc.org/community/blog/201007/taking-back-dns-0
>  
> http://www.isc.org/files/TakingBackTheDNSrpz2.pdf
>  
> http://www.isc.org/community/blog/201103/blocking-dns
>  
>  
> I will refrain from editorial comment - except to note that DNS is not a particularly good place to implement a blocking policy. 
> 
> 
> Timothe Litt
> ACM Distinguished Engineer
> ---------------------------------------------------------
> This communication may not represent the ACM or my employer's views,
> if any, on the matters discussed.
> 
> From: NCSG-Discuss [mailto:[log in to unmask]] On Behalf Of Milton L Mueller
> Sent: Sunday, November 20, 2011 12:10
> To: [log in to unmask]
> Subject: Re: [NCSG-Discuss] beyond take down
> 
> Does anyone on this list know more about the way BIND is being amended to allow the “rewriting” of DNS answers? Jorge? Timothe?
> From: NCSG-Discuss [mailto:[log in to unmask]] On Behalf Of William Drake
> Sent: Sunday, November 20, 2011 10:22 AM
> To: [log in to unmask]
> Subject: [NCSG-Discuss] beyond take down
> Hi
> 
> As discussed on our call the other night, some of the key developments from a global public interest standpoint go beyond GNSO & ICANN policies but we might still consider whether there's grounds for useful NC engagement…
> 
> & BTW Monika quotes Wendy in the below...
> 
> http://www.ip-watch.org/weblog/2011/11/20/filtering-and-blocking-closer-to-the-core-of-the-internet/print/
> 
> Filtering and Blocking Closer To The Core Of The Internet?
> By Monika Ermert for Intellectual Property Watch on 20/11/2011 @ 1:00 pm
> 
> 
> With protests against draft US legislation like the Stop Online Piracy Act (SOPA) and the Protect IP Act ongoing and the European Parliament voting o
> 

ATOM RSS1 RSS2