Home page logo

nanog logo nanog mailing list archives

Censorship at ISP-Level / DNS-Tampering Paper
From: Maximillian Dornseif <md () hudora de>
Date: Wed, 4 Jun 2003 18:31:55 +0200

[link for this: http://md.hudora.de/blog/guids/53/53/5261415523775104.html]

Dear (swinog | siug | nanog),

I recently asked for input on using proxies and DNS for blocking Web content. After some great input from listsmembers and the work of dedicated reviewers I have put an preprint online: "Government mandated blocking of foreign Web content" can be found at http://md.hudora.de/publications/#blocking or directly at http://md.hudora.de/publications/200306-gi-blocking/200306-gi- blocking.pdf It tries to give an technical overview about censorship at ISP level.

The relevance for network management are mainly the empirical results on DNS tampering which are summarized at http://md.hudora.de/blog/guids/53/53/5261415523775104.html . Basically providers using DNS to block Web content don't get it right and break all kinds of stuff.

Besides the technical challanges - BIND's coarse granularity allowing basically only manipulations at zone level - I think we face serious policy challenges: When once starting with DNS tampering why not use it for commercial purposes. E.g. redirect people trying to access your competitors domains to your own stuff? Possibly government mandated blocking manages to finish off, what the ICANN-wars where not able to archive: destroy DNS as an unified namespace.

Thanks again for all the input.


Max Dornseif

Maximillian Dornseif - http://md.hudora.de/
Dipl. Jur., University of Bonn, Germany - ars longa, vita brevis!

  By Date           By Thread  

Current thread:
  • Censorship at ISP-Level / DNS-Tampering Paper Maximillian Dornseif (Jun 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]