DNS IP resolvers should be neutral. There's nothing to stop a service provider from adding "features" to their DNS resolver, but expecting DNS providers to be the Internet police is a slippery slope https://lnkd.in/eQPFQhvK
Paul Vixie
7mo
mandated neutrality is a slippery slope. when we developed the DNS RPZ (DNS Firewall) a lot of people came out of the woodwork to demand that _all_ recursive DNS servers answer truthfully -- no local policy permitted. i'm in no mood to let outsiders tell me what policy i must have or must not have. and this is what i would have said to Belgium had i been running a DNS server for their public's use. of course, Belgium's sovereignty matters, and they are well within their rights to require that Internet operations occurring within their economy follow national policy. if it's the wrong policy their voters will tell them -- not the Internet technical community. so to me Belgium and OpenDNS both did exactly what they had to do in this situation, and OpenDNS's exit was unavoidable.
Tim Adams
7mo
Wouldn't it make more sense to go after the registry operators? Someone should tell these politicians that nothing prevents end users from changing the DNS resolvers they use... Or even resolving directly without recursive services. They are only making the end users in their countries less safe. But lawyers and politicians, it might be asking too much for them to think.
John Curran
7mo
public DNS resolvers should be neutral - 100% agreed. Of course, we provided governments no mechanism to exercise what they viewed as their public policy imperative... so of course outcomes like this are the result. Some mutual constructive engagement on the underlying requirements that they perceive and possible solutions might go a lot further than just responding with circumventation – routing around governments just encourages deeper intervention.
System Engineer at Norsk Helsenett SF, Linux server and network administration
7moAs in every other case where neutrality and/or free speech is in question, the really difficult part is where you draw the line. I fully support DNS blocks (RPZ) where criminal activity is involved - clearly malicious websites (malware droppers), child pornography, scam webshops and such. But on the other hand, piracy has nothing to do here, for starters it's only economical and in many cases actually self-inflicted - as Gabe Newell (of Steam fame) said some years ago, if a pirate can provide a service that you will not provide, or only provide with increased difficulty, the pirate's service is more valuable. Do we really want to go and check each and every address that is looked up for these difficult ethical parameters? And are we, as DNS administrators, the right people to do that? Or are we, as I see it, just providing part of the infrastructure for the internet? Besides, if you have a static IP to such a service, DNS is not needed. And if your DNS *name* gets blocked, a new one will pop up anyway. Maybe policing (and policing by the Police, not us IT people) should rather go by the physical network and server providers, not DNS.