Bind and blacklist IP file
sthaug at nethelp.no
sthaug at nethelp.no
Mon Oct 11 17:38:54 UTC 2010
> > Thanks Dave, yes i know about OpenDNS, I'm trying to imlement somehting
> > kind of similar to that in a small scale.
> > So i was wondering about Bind dns capabilities and may be third party
> > stuffs that could integrate with bind dns in addition to the ip/website
> > list.
>
> This is NOT something BIND (or any DNS server) should do. Blocking web sites
> is business for web proxies, firewalls etc. Doing this stuff at DNS level
> could lead to many surprises.
Unfortunately, in some countries you may be required to do so. The
example I know best is, naturally, Norway.
In Norway we have what is basically a government requirement for ISPs
to block child porn domains, using a list supplied by the police. A
decent description of the system, for those of you with a reading
knowledge of Norwegian, is here:
http://no.wikipedia.org/wiki/Kripos'_barnepornofilter
This blocking is *in theory* voluntary - however, the government has
made it quite clear that unless a "sufficiently high" number of the
bigger ISPs agree to such blocking, the government will introduce laws
which *require* the ISPs to do it. So much for voluntary.
Of course, all this will do is prevent accidental surfing to domains
on the list. Anybody who *wants* this content can simply run his own
name server - and escape the blocking. So much for effectiveness.
Oh yeah, there are also the usual problems of collateral damage, no
well defined process around the maintenance of the list, etc. The four
criteria proposed in this article:
http://www.theregister.co.uk/2009/01/13/internet_regulation/
have clearly not been in the minds of the police / politicians that
introduced the system.
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the bind-users
mailing list