On 3 Jan 2017, at 2:30, ox wrote:
When it becomes a "STANDARD" (ACCEPTABLE) and nefarious behavior is
suddenly "the way things work" - then this is of serious concern.
You seem to be assigning intent to a tool. A hammer in the hands of an
artist can produce a beautiful form of art while the same hammer can be
used to hurt someone. It's not the hammer's fault. Besides, RPZ is not a
requirement to implement the "walled gardens" you're describing. The
same thing can be achieved by other, simpler means.
My objections are easy: Defining a clear standard on how DNS tells
lies
to users, and different lies to different users, depending on which
user is doing the asking, and then hiding the truth of your lies from
your users, is EVIL!
If you find the "lying" unacceptable, then this is what should be
targeted, not the tools that are being used -- which BTW have positive
uses that IMO far outweighs the abuse you're describing. Consider this
use case: RPZ can be used to prevent a set of known DNS names from
resolving, stopping the spread of computer malware. Moreover, it can
also be used to alert operators of infected machines that their
computers have been compromised.
I'm at least hesitant to describe any of those as lies. It's just a
protocol exchange -- my machine asked for a name-to-IP map and received
a suitable response, even one that actually fitted better with my
current situation.
Granted, this is not the only use case. I dislike walled gardens, which
is why I take measures to avoid them -- yet I won't attack the
underlying technology because as I said, has far more positive uses.
Best regards
-lem
Luis Muñoz
Director, Registry Operations
____________________________
http://www.uniregistry.link/
2161 San Joaquin Hills Road
Newport Beach, CA 92660
Office +1 949 706 2300 x 4242
l...@uniregistry.link