nanog mailing list archives

Re: DNS Amplification Attacks


From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 22 Mar 2006 20:33:55 +0100


* Peter Dambier:

In germany censoring is commonplace. You have to use foraign resolvers
to escape it. There is a lot collateral dammage too - governement has
provided the tools.

This is not true.  There has been some questionable advice by a
regulatory body, though.  Most damage is done by ISPs which simply do
not adjust the filters to the moving target and run them as-is since
2001 or so.  Null routes tend to filter a different customer after
such a long time.

How about alternative roots? ICANN does censor "XN--55QX5D.", "XN--FIQS8S."
and "XN--IO0A7I." already. You must use alternative roots to exchange emails
with people living in those domains.

Unfortunately, they also censor "ENYO.".


Current thread: