Survey on the impact of software regulation on DNS systems

Michael De Roover isc at nixmagic.com
Thu Jan 30 01:43:26 UTC 2025 

On Wednesday, 29 January 2025 16:43:23 CET Marcus Kool wrote:
> I participated in the survey and think it is good to also have a public
> discussion.
> 
> Users of Open Source projects are responsible themselves for what they use. 
> You want to use a free image editor? fine, go ahead!
> 
> I use FOSS and also produce a FOSS package.
> What I find reasonable for a FOSS package is:
> - clear instructions on how to build the software
> - use or provide a stable software repository
> - respond to serious software issues; response may be fix, workaround, or
> statement of "will not fix" but must respond within 5 business days. -
> clearly communicate what functionality the software offers and what
> level(s) of support a user is given. Privacy etc. is already regulated so
> does not need attention here.
> 
> Of course we can add a long list of wishes and nice to haves but IMHO this
> list should not be regulated since it has a high potential to kill open
> source projects.
> 
> There might be persons who consider Linux/bind/project-XYZ "critical" and
> therefore think these projects must be regulated or else bad things
> happen... If a government wants to impose rules for special/critical
> software that cost time or money for these open source projects, then the
> government must be as restrictive as possible with regulation, must pay for
> all costs to comply to these rules to the open source projects, and must
> have patience for implementation of compliance.  Note that the government
> does not have to regulate open source projects; it may also allocate a
> budget to develop an alternative for the open source software without
> impacting existing open source software.
> 
> Marcus

Wholeheartedly agreed, public discussion is the norm for open source.

Currently I do not have a company to my name (legal reasons), but I do intend 
to create a distribution that includes BIND for business customers here in 
Belgium. The current status quo is an incredibly high reliance on proprietary 
solutions, mainly from Microsoft (Exchange, SharePoint, Office 365, etc). 
Wanting to disrupt that, will be my inherent bias here.

What this meant for me with BIND and ISC DHCP, is to streamline things like 
their zone/config files -- specifically building JSON interfaces for them. That 
way, values only have to be specified once (otherwise e.g. IP address needs to 
be defined thrice for A, PTR, and DHCP, domain twice in A and PTR). Stick a 
nice interface on top of that JSON file, and perhaps it starts resembling a 
registrar's interface.. kinda.

Either way, it is my work to do. It is not something I can just go demand from 
everyone else to do for me, certainly not for free. For the same reason, I 
don't consider national governments authoritative to do this for anyone but 
themselves and their own contractors either.

Wanting to market myself to the non-IT business customer, does mean that I am 
attempting to bridge the gap between open source and commerce. And there is 
most certainly a gap. There are three segments I could think of here.

The first would be the likes of ISC, Linux Foundation, Canonical, Red Hat etc. 
They use the properties of open source to offer a business-class value service. 
It appears that URLfilterDB B.V. could be one of them too?

The second would be the commercial providers, the likes of Microsoft, Google, 
Cisco, VMware, ... IT service providers that have only a passing interest in 
open source at best.

And lastly, there is the government contractors. Would I be mistaken to 
consider tesla.net one of these? Otherwise, I could think of Belnet for 
another here in Belgium.

The reason why I bring this up, is that these corporate structures all work 
under very different foundations. The purpose of a government contractor is to 
deal with whatever red tape the government throws at them, in a well-defined 
task package. Whether that means technically well-defined however, is an 
exercise left for the reader. That is not something that open source has the 
resources for (no matter if it's incorporated or not), and it isn't something 
that the commercial players are going to pass the opportunity for a surcharge 
on either. As a government, you can either take it or leave it. Just like 
commercial providers can also take or leave it with legal compliance (e.g. RPZ 
filtering). If that is an undesirable status quo, then perhaps the matter of 
actual collaboration is what deserves foreground attention.

For a long time, I've considered the IETF's standards in particular, to be the 
"laws of the internet". Perhaps it wouldn't be a bad idea to actually consider 
them as such. Same same, only different.

-- 
Met vriendelijke groet,
Michael De Roover

Mail: isc at nixmagic.com
Web: michael.de.roover.eu.org

More information about the bind-users mailing list