On 08/31/2012 04:20 PM, Kevin Darcy wrote:
On 8/31/2012 10:42 AM, Oscar Ricardo Silva wrote:
On 08/31/2012 08:22 AM, Kevin Darcy wrote:
On 8/31/2012 2:50 AM, sth...@nethelp.no wrote:
Again, it's not about how effective the block is or can be. Unless
Italy
becomes like China or even worse (but the US had the chance end up
almost in the same situation very recently, so this is NOT an
Italian-only problem), there is no way to inhibit users from
reaching a
given resource on the Internet: if the user is motivated enough he/she
will circumvent whatever you do, eventually assisted by the
counterpart
he/she is trying to reach...
We are in much the same situation in Norway. All the biggest ISPs use
a list of child porn domains to be blocked, specified by the central
police authorities. *In principle* implementing this is voluntary for
the ISPs. In practice there is significant pressure to do so.
Both the police and the ISPs are fully aware that blocking this at the
DNS level (the ISP recursive resolvers) won't prevent somebody who is
determined. But the police (and the government) still want this done.
I sometimes suspect their view is of the type "We must do something.
This is something, therefore we must do it."
Nothing is better than paradise.
A ham sandwich is better than nothing.
Therefore, a ham sandwich is better than paradise.
And you won't be able to afford that ham sandwich if you've been
terminated from your job because you didn't follow the law. We all
have things in our jobs that we don't want to do but we do them
anyway. All the ridiculous suggestions and snarky comments aren't
helping the original poster who mentioned these sites were considered
illegal and is looking for other ways to do this.
Doesn't the Eurozone have bigger problems right now, than worrying about
a few people looking at dirty pictures?
In any case, what does the OP expect us to say here? "Yeah, here's a
nifty way to violate the spirit of the whole DNS protocol"? It's one
thing to acknowledge casually that DNS software can be abused by
unscrupulous administrators as form of social control, it's quite
another to ask technical experts to actually give details on how that
abuse can be carried out; giving aid and comfort to the enemy, as it
were. The OP should report to his boss that the technical community
provides absolutely *NO*HELP* in this travesty, and therefore any
"modifications" to the DNS to try and implement this "blocking" will be
incredibly time-consuming and prone to breakage in unforeseen ways.
- Kevin
I'm not suggesting this should be implemented and actually agree with
many of the arguments against it. Overall it would just be a game of
whack-a-mole. Even so, to paraphrase your own response, the reply could
have been:
*******************
the technical community provides absolutely *NO*HELP* in this situation,
and therefore any "modifications" to the DNS to try and implement this
"blocking" will be incredibly time-consuming and prone to breakage in
unforeseen ways.
*******************
I would also have mentioned something along the lines of: unless you
can guarantee that your hosts will use your name servers and ONLY your
name servers then any solution you implement will be doomed to fail.
Oscar
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
