Bind and blacklist IP file

David Miller dmiller at tiggee.com
Mon Oct 11 22:38:24 UTC 2010


  On 10/11/2010 3:26 PM, Andrey G. Sergeev (AKA Andris) wrote:
> Hello Alans,
>
>
> Mon, 11 Oct 2010 20:07:40 +0300 Alans wrote:
>
>> Why not? OpenDNS is a good example i think.
> Good example? Was it a joke? Do the traceroute on IP addresses of the
> two OpenDNS resolvers and you'll find that they both are behind the
> same router. Do you still trust the OpenDNS people who advertise their
> service as reliable?

You are kidding right?  ...or was this post a joke?

OpenDNS is Anycast - http://en.wikipedia.org/wiki/Anycast

Here is an DNS Stuff Vector Trace for 208.67.222.222 (one of OpenDNS' 
resolvers):
   
http://www.dnsstuff.com/tools/vectortrace?ip=208.67.222.222&token=26314c5ba0c8ae4e2c32430c19d55018

Note that end points are very local to the widely spread start points.

 From any one location an IP Anycast service will appear to be very 
local.  That is the point.

> P.S. Please don't top-post - this breaks the logic of the discussion
> thread. Thank you.
>
>> regards,
>> Alans
>>
>> On 10/11/2010 07:37 PM, Matus UHLAR - fantomas wrote:
>>> On 11.10.10 14:16, Alans wrote:
>>>> Thanks Dave, yes i know about OpenDNS, I'm trying to imlement
>>>> somehting kind of similar to that in a small scale.
>>>> So i was wondering about Bind dns capabilities and may be third
>>>> party stuffs that could integrate with bind dns in addition to the
>>>> ip/website list.
>>> This is NOT something BIND (or any DNS server) should do. Blocking
>>> web sites is business for web proxies, firewalls etc. Doing this
>>> stuff at DNS level could lead to many surprises.


-- 
-___________________________________
David Miller
Tiggee LLC
dmiller at tiggee.com




More information about the bind-users mailing list