[AusNOG] Conroy announcement on filtering

Glen Turner gdt at gdt.id.au
Wed Dec 23 12:36:58 EST 2009


On 18/12/09 17:26, Jay Mitchell wrote:

> That seriously falls under the realms of WTF. I sincerely hope that no
> other ISP is considering this.

Preventing end-user DNS requests beyond an ISP's network may be needed in
the long run in any case, to limit the effectiveness of DNS-based DDoS.
Since the ISP's users would suffer greatly from rate-limiting of DNS/UDP
traffic, it's the lesser of the two evils should those attacks regain
popularity.

ISPs are not required to prevent circumvention of the filter (not that
we've seen the legislation yet, but that would be a new leap in wacko-ness).
Given that, Telstra are overreaching. They direct people to their DNS
server in their DHCP response. If people "hack" their systems to ignore
that, then it's not Telstra's problem. Just as if users use HTTPS or run
a VPN or type in IP addresses rather than use DNS or ....

The issue with a DNS-based approach is one of public policy and user
satisfaction. If one article at Wikipedia is banned do you want to
stop all access to en.wikipedia.org?

There's bound to be at least one case where the result will suck so
badly it will lead to safety of life issues (such as banning pages
referring to the use of drugs for euthanasia in a medical drug
compendium also used in emergency rooms for poisons information.
Sure the book in on the shelf, but the Internet is what is used
in practice, and it pulls a member of the team away from the
business at hand to find the book and look up the information).

-- 
  Glen Turner



More information about the AusNOG mailing list