<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html; charset=ISO-8859-1"
 http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 10/11/2010 2:44 PM, Nuno Paquete wrote:
<blockquote cite="mid:91EBA9B2-EFD7-428D-902E-3FCAFE203627@lusocargo.pt"
 type="cite"><br>
Ok, but you can always browse by IP address and in this case there is
no DNS server than can stop you from browsing what you want.
  <br>
If you want to block IP address access you have to use firewall, or if
you are talking about http traffic and have a proxy, maybe you have to
block there. That's why I completly agree this should not be blocked at
DNS level.
  <br>
  <br>
</blockquote>
<br>
To nitpick: address-block-based filtering*could* be implemented in DNS.
The same mechanisms that are used to prevent "rebinding" attacks --
e.g. BIND's <span><strong class="command">deny-answer-addresses</strong></span>
-- could theoretically be repurposed to strip addresses in certain
"banned" ranges from DNS responses. Arguably this is a misuse/abuse of
the feature.<br>
<br>
                                                                       
                                                                       
                                                                       
    - Kevin<br>
<br>
</body>
</html>