DNS isn’t the right place to attack this, IMHO.
...
I’ve seen plenty of situations where the filters were just plain wrong and if the end user didn’t actively choose that filtration, the target site may be victimized without anyone knowing where to go to complain.
Not much different from IP Geolocation. Probably not the right solution to many things, but people do it anyways., often causing problems that people don't know where to go to complain. On Fri, Oct 27, 2023 at 10:14 PM Owen DeLong via NANOG <nanog@nanog.org> wrote:
DNS isn’t the right place to attack this, IMHO.
Why not (apart from a purity argument), and where should it happen instead? As others pointed out, network operators have a vested interest in protecting their customers from becoming victims to malware.
Takedowns of the hostile target sites.
You dismiss the purity argument, but IMHO, there’s merit to the purity argument.
Any such DNS filtration, if provided, should be provided on an opt-in basis, not as a default.
I’ve seen plenty of situations where the filters were just plain wrong and if the end user didn’t actively choose that filtration, the target site may be victimized without anyone knowing where to go to complain.
Owen