nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Charter DNS servers returning malware filtered IP addresses

From: Tom Beecher <beecher () beecher cc>
Date: Sun, 29 Oct 2023 13:13:47 -0400

DNS isn’t the right place to attack this, IMHO.


...


I’ve seen plenty of situations where the filters were just plain wrong and
if the end user didn’t actively choose that filtration, the target site may
be victimized without anyone knowing where to go to complain.



Not much different from IP Geolocation. Probably not the right solution to
many things, but people do it anyways., often causing problems that people
don't know where to go to complain.


On Fri, Oct 27, 2023 at 10:14 PM Owen DeLong via NANOG <nanog () nanog org>
wrote:


DNS isn’t the right place to attack this, IMHO.


Why not (apart from a purity argument), and where should it happen

instead? As others pointed out, network operators have a vested interest in
protecting their customers from becoming victims to malware.


Takedowns of the hostile target sites.

You dismiss the purity argument, but IMHO, there’s merit to the purity
argument.

Any such DNS filtration, if provided, should be provided on an opt-in
basis, not as a default.

I’ve seen plenty of situations where the filters were just plain wrong and
if the end user didn’t actively choose that filtration, the target site may
be victimized without anyone knowing where to go to complain.

Owen
Previous By Date Next
Previous By Thread Next

Current thread: