[Chapter-delegates] Seeking Views: DNS Filtering

[Ang Peng Hwa (Prof)]

Dear Christian,

Thank you. I spoke to several people about DNS filtering. My basic devil’s advocate question was: what is so bad about filtering .xxx? And many could not give me the kind of detailed downside risks you have delineated.

Just to be clear, we are talking blocking Domain Names, right? Not IP addresses in themselves. In other words, the IP addresses are filtered/blocked only if they belong to a domain name.

As you can probably guess, I am not a techie so my questions are probably basic to a number of you.

Regards,
Peng Hwa ANG
[cid:image001.png at 01CC6D90.6836ECD0]ANG Peng Hwa (Professor) | Director, Singapore Internet Research Centre | Wee Kim Wee School of Communication and Information | Nanyang Technological University | WKWSCI 02-17, 31 Nanyang Link, Singapore 639798
Tel: (65) 67906109 GMT+8h | Fax: (65) 6792-7526 | Web: www.ntu.edu.sg/sci/sirc<http://www.ntu.edu.sg/sci/sirc>

From: cdel.firsthand.net [mailto:cdel at firsthand.net]
Sent: Wednesday, 7 September, 2011 4:57 PM
To: Ang Peng Hwa (Prof)
Cc: Sally Wentworth; Chapter Delegates
Subject: Re: [Chapter-delegates] Seeking Views: DNS Filtering

It adds more than just cost and delays! IP filters make the instability consequences greater and can be circumvented. It can also lead to a new type of denial of service.



Filtering IP Addresses is not fine grained to problem content or people. Many hosts using virtual machine partitions run multiple domains each with different owners, domains, applications such as web, email, whatever. So filtering IP does not match directly to problem content.

Many users sit behind NAT with static single IP address. Many more are behind dynamic IP address allocating ISPs and dynamic DNS. This complicates confidence in drawing direct relationship between IP address and content.

Just because an IP address is mentioned in a DNS it does not mean that the owner controller of that DNS domain delegation also owns controls the service or content at that IP address.

Let's say some drug lord is fed up with Interpol. Just set up a series of websites with terror , drug, paedo, materials andvpoint to them. Then add another link to Interpol services. Call ICE or IWF and say look at this domain it is a disgrace. Seize it and filter all the IPs you find. How are they to know that one record for snuff.movie.bad.domain.com points to an unregistered IP for an Interpol gateway router?




On what responsible or legal basis do you implement an IP filter? The RIR registered holder? iSP? The unregistered user? That user's customer?  Why would a US based domain seizure lead to an IP filter in Moscow?


Christian



Christian






Christian de Larrinaga


On 7 Sep 2011, at 07:07, "Ang Peng Hwa (Prof)" <TPHANG at ntu.edu.sg<mailto:TPHANG at ntu.edu.sg>> wrote:
Dear Sally,

Minor technical point in the first row of the table:
Easily
Circumvented: Users who wish to download filtered content can simply use IP addresses instead of DNS names.

To prevent the user from using the IP address, a mechanism must be installed so that the IP address is looked up and then blocked. But this adds to cost and delays the response time.

Regards,
Peng Hwa ANG
<image001.png>ANG Peng Hwa (Professor) | Director, Singapore Internet Research Centre | Wee Kim Wee School of Communication and Information | Nanyang Technological University | WKWSCI 02-17, 31 Nanyang Link, Singapore 639798
Tel: (65) 67906109 GMT+8h | Fax: (65) 6792-7526 | Web: www.ntu.edu.sg/sci/sirc<http://www.ntu.edu.sg/sci/sirc>

From: chapter-delegates-bounces at elists.isoc.org<mailto:chapter-delegates-bounces at elists.isoc.org> [mailto:chapter-delegates-bounces at elists.isoc.org] On Behalf Of Sally Wentworth
Sent: Wednesday, 31 August, 2011 9:33 PM
To: Chapter Delegates
Subject: [Chapter-delegates] Seeking Views: DNS Filtering

Dear ISOC Chapter Colleagues,

As you may be aware, efforts to address illegal online activities using DNS filtering techniques have been cropping up all over the globe.  Attached is a DRAFT ISOC paper that outlines the issue and offers ISOC's concerns with this approach.  This paper is aimed at a non-technical audience.

We want to share this draft paper with you and seek your views on its content.  Because this paper will help inform an IGF Workshop in September, we would appreciate if you could send us any comments as soon as possible but not later than FRIDAY, 09 SEPTEMBER.  This way, we will have time to consider all the views as we put together a final version.

Thanks in advance!

Sally Wentworth
Andrei Robachevsky




________________________________
CONFIDENTIALITY: This email is intended solely for the person(s) named and may be confidential and/or privileged. If you are not the intended recipient, please delete it, notify us and do not copy, use, or disclose its content. Thank you.

Towards A Sustainable Earth: Print Only When Necessary
_______________________________________________
Chapter-delegates mailing list
Chapter-delegates at elists.isoc.org<mailto:Chapter-delegates at elists.isoc.org>
https://elists.isoc.org/mailman/listinfo/chapter-delegates
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20110907/5224c3bb/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 11944 bytes
Desc: image001.png
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20110907/5224c3bb/attachment.png>